; --------------------------------------------------------------------- ; To submit, log into grace.umd.edu and use the following command: ; /submit 2015 fall 0101 23 exploit_generation.bib ; --------------------------------------------------------------------- ; Required Readings @INPROCEEDINGS{ Brumley08, title = {Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications}, author = {David Brumley and Pongsin Poosankam and Dawn Xiaodong Song and Jiang Zheng}, booktitle = {IEEE Symposium on Security and Privacy}, abstract = {The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P, automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P. In this paper, we propose techniques for automatic patch-based exploit generation, and show that our techniques can automatically generate exploits for 5 Microsoft programs based upon patches provided via Windows Update. Although our techniques may not work in all cases, a fundamental tenant of security is to conservatively estimate the capabilities of attackers. Thus, our results indicate that automatic patch-based exploit generation should be considered practical. One important security implication of our results is that current patch distribution schemes which stagger patch distribution over long time periods, such as Windows Update, may allow attackers who receive the patch first to compromise the significant fraction of vulnerable hosts who have not yet received the patch.}, year = {2008}, pages = {143-157}, crossref = {DBLP:conf/sp/2008}, studentfirstname ={}, studentlastname ={}, summary = {}, contribution1 ={}, contribution2 ={}, contribution3 ={}, contribution4 ={}, contribution5 ={}, weakness1 = {}, weakness2 = {}, weakness3 = {}, weakness4 = {}, weakness5 = {}, interesting = {high/med/low}, opinions = {}, } @INPROCEEDINGS{ Song07, title = {On the infeasibility of modeling polymorphic shellcode}, author = {Yingbo Song and Michael E. Locasto and Angelos Stavrou and Angelos D. Keromytis and Salvatore J. Stolfo}, booktitle = {Proceedings of the 2007 {ACM} Conference on Computer and Communications Security, {CCS} 2007, Alexandria, Virginia, USA, October 28-31, 2007}, bdsk-url-2 = {http://dx.doi.org/10.1145/1315245.1315312}, url = {http://doi.acm.org/10.1145/1315245.1315312}, doi = {10.1145/1315245.1315312}, crossref = {DBLP:conf/ccs/2007}, abstract = {Polymorphic malcode remains a troubling threat. The ability formal code to automatically transform into semantically equivalent variants frustrates attempts to rapidly construct a single, simple, easily verifiable representation. We present a quantitative analysis of the strengths and limitations of shellcode polymorphism and consider its impact on current intrusion detection practice. We focus on the nature of shellcode decoding routines. The empirical evidence we gather helps show that modeling the class of self-modifying code is likely intractable by known methods, including both statistical constructs and string signatures. In addition, we develop and present measures that provide insight into the capabilities, strengths, and weaknesses of polymorphic engines. In order to explore countermeasures to future polymorphic threats, we show how to improve polymorphic techniques and create a proof-of-concept engine expressing these improvements. Our results indicate that the class of polymorphic behavior is too greatly spread and varied to model effectively. Our analysis also supplies a novel way to understand the limitations of current signature-based techniques. We conclude that modeling normal content is ultimately a more promising defense mechanism than modeling malicious or abnormal content.}, year = {2007}, pages = {541--551}, studentfirstname ={}, studentlastname ={}, summary = {}, contribution1 ={}, contribution2 ={}, contribution3 ={}, contribution4 ={}, contribution5 ={}, weakness1 = {}, weakness2 = {}, weakness3 = {}, weakness4 = {}, weakness5 = {}, interesting = {high/med/low}, opinions = {}, } ; BibTex cross-references (don't add anything here) @PROCEEDINGS{ DBLP:conf/ccs/2007, title = {Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, October 28-31, 2007}, booktitle = {ACM Conference on Computer and Communications Security}, editor = {Peng Ning and Sabrina De Capitani di Vimercati and Paul F. Syverson}, isbn = {978-1-59593-703-2}, publisher = {ACM}, year = {2007}, } @PROCEEDINGS{ DBLP:conf/sp/2008, title = {2008 IEEE Symposium on Security and Privacy (S{\&}P 2008), 18-21 May 2008, Oakland, California, USA}, booktitle = {IEEE Symposium on Security and Privacy}, publisher = {IEEE Computer Society}, year = {2008}, }