Re: Automatic Exploitation Paper Peer Review

[Marius <wishinet () googlemail com>]

Hey fellows,

> > I have always found it worrying that there appears to be a quality gap
> > between academics working on tough problems (e.g. Eros/Coyote and secure
> > operating systems, processor hacking, crypto, etc.) and those working on
> > what we face on a daily basis. Why?

before this gets too far:
- It's rather arrogant to criticize (all) academics for lacking
abilities even only very few and select individuals throughout security
industry have.
And btw. no curriculum I ever saw includes security skills, that matter.
I don't think it's the job of academia though. Too few companies
cooperate with universities. Too few of them really could.

"""
Our future work focuses on scaling to larger and more programs, to more
types of exploits, and to other relevant problem settings. There is
plenty still to do.
"""
(http://security.ece.cmu.edu/aeg/)

Taken from Sean's thesis
(http://seanhn.files.wordpress.com/2009/09/thesis1.pdf) a while ago:
"To build a completely automated and general tool for exploit generation
is not, in our opinion, a realistic goal." [...]

"There are many tasks that are common to almost all exploits that make
research into the field both necessary and valuable. In terms of tool
development though a system that is a hybrid of automated analysis
techniques with human intuition and judgement would seem to be an
attractive option." (page 74)

I'd like to mention that they seem (no implementation given jet) utilize
KLEE. Therefore they will have source-access. Sean focused on DBI.
Reading between the lines of course, I assume people mixed that up a little.

Thanks for reading,
-- 
Marius
crazylazy.info

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave