SCS Undergraduate Thesis Topics

Brent Lim David Brumley Automatic Heap Exploit Generation

The automatic exploit generation (AEG) challenge is, given a program, automatically find vulnerabilities and generate exploits for them. Avgerinos et al showed that, given the source code of the program, AEG was possible for certain stack smashing and format string exploits. In Automatic Heap Exploit Generation (AHEG), we do away with the need for source code and we extend AEG to automatically find heap bugs and generate heap exploits on applications running on Windows XP SP3. In this semester, we developed the techniques and tools for automatically discovering heap bugs. Next semester, we will automate exploit generation.

Close this window