New Perspectives on Automated Vulnerability Discovery

pdf

Presented as part of the 2016 HCSS conference.

ABSTRACT
Automated vulnerability discovery systems are effective, but rarely used because they are complex and difficult to maintain and extend. Small and well-tested tools such as fuzzers are fundamentally limited in their capability, but widely deployed to secure production code. In this talk I will discuss a new model for automated vulnerability discovery that intelligently combines simple, existing tools to achieve effectiveness comparable to large integrated vulnerability discovery systems. This approach to vulnerability discovery is extendable by design and simple to parallelize and distribute.

BIO
Artem Dinaburg was the Principal Investigator for Trail of Bits™ DARPA Cyber Grand Challenge team. He was responsible for the architecture, design, and development of the Trail of Bits™ automated vulnerability discovery system. Mr. Dinaburg has extensive software engineering experience working in application software development, low-level software development, vulnerability research, reverse engineering, malicious software analysis, and program analysis.

Tags:

analysis boosting

automated bug finding

automated vulnerability discovery

Trail of Bits

Presentation

HCSS 2016

License: CC-BY-NC-3.0

Submitted by Katie Dey on Tue, 02/16/2016 - 14:53