file.pdf (214.89 kB)
Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications
journal contribution
posted on 2008-05-01, 00:00 authored by David Brumley, Pongsin Poosankam, Dawn Song, Jiang ZhengThe automatic patch-based exploit generation problem is: given a program P and a patched version of the program P′, automatically generate an exploit for the potentially unknown vulnerability present in P but fixed
in P′. In this paper, we propose techniques for automatic patch-based exploit generation, and show that our
techniques can automatically generate exploits for 5 Microsoft programs based upon patches provided via Windows Update. Although our techniques may not work
in all cases, a fundamental tenet of security is to conservatively estimate the capabilities of attackers. Thus,
our results indicate that automatic patch-based exploit
generation should be considered practical. One important security implication of our results is that current
patch distribution schemes which stagger patch distribution over long time periods, such as Windows Update,
may allow attackers who receive the patch first to compromise the significant fraction of vulnerable hosts who
have not yet received the patch.