Dailydave mailing list archives
Re: Automatic Exploitation Paper Peer Review
From: "Fergie" <rkferguson () verizon net>
Date: Sat, 11 Dec 2010 16:22:56 -0500
Something I used to tell my troops when I was in the Army ... Don't sit back in your area and bitch about something. Anyone can bitch. If you bring a problem to light, bring a potential solution as well... I don't mean that as harsh as it sounds when I read it back. I just mean to say that all of you smart folks who identify these problems can surely posit a solution to them.... Ferg -----Original Message----- From: dailydave-bounces () lists immunityinc com [mailto:dailydave-bounces () lists immunityinc com] On Behalf Of Marius Sent: Saturday, December 11, 2010 12:48 PM To: dailydave () lists immunityinc com Subject: Re: [Dailydave] Automatic Exploitation Paper Peer Review Hey fellows,
I have always found it worrying that there appears to be a quality gap between academics working on tough problems (e.g. Eros/Coyote and secure operating systems, processor hacking, crypto, etc.) and those working on what we face on a daily basis. Why?
before this gets too far: - It's rather arrogant to criticize (all) academics for lacking abilities even only very few and select individuals throughout security industry have. And btw. no curriculum I ever saw includes security skills, that matter. I don't think it's the job of academia though. Too few companies cooperate with universities. Too few of them really could. """ Our future work focuses on scaling to larger and more programs, to more types of exploits, and to other relevant problem settings. There is plenty still to do. """ (http://security.ece.cmu.edu/aeg/) Taken from Sean's thesis (http://seanhn.files.wordpress.com/2009/09/thesis1.pdf) a while ago: "To build a completely automated and general tool for exploit generation is not, in our opinion, a realistic goal." [...] "There are many tasks that are common to almost all exploits that make research into the field both necessary and valuable. In terms of tool development though a system that is a hybrid of automated analysis techniques with human intuition and judgement would seem to be an attractive option." (page 74) I'd like to mention that they seem (no implementation given jet) utilize KLEE. Therefore they will have source-access. Sean focused on DBI. Reading between the lines of course, I assume people mixed that up a little. Thanks for reading, -- Marius crazylazy.info _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Automatic Exploitation Paper Peer Review dave (Dec 10)
- Re: Automatic Exploitation Paper Peer Review Charles Miller (Dec 10)
- Re: Automatic Exploitation Paper Peer Review Arrigo Triulzi (Dec 11)
- Re: Automatic Exploitation Paper Peer Review Jeffrey Walton (Dec 11)
- Re: Automatic Exploitation Paper Peer Review Arrigo Triulzi (Dec 11)
- Re: Automatic Exploitation Paper Peer Review William Arbaugh (Dec 11)
- Re: Automatic Exploitation Paper Peer Review Marius (Dec 11)
- Re: Automatic Exploitation Paper Peer Review Arrigo Triulzi (Dec 11)
- Re: Automatic Exploitation Paper Peer Review Fergie (Dec 11)
- Re: Automatic Exploitation Paper Peer Review Chris Eagle (Dec 12)
- Re: Automatic Exploitation Paper Peer Review Julien Vanegue (Dec 12)
- Re: Automatic Exploitation Paper Peer Review Miles Fidelman (Dec 12)
- Re: Automatic Exploitation Paper Peer Review Arrigo Triulzi (Dec 11)
- Re: Automatic Exploitation Paper Peer Review Charles Miller (Dec 10)
- Re: Automatic Exploitation Paper Peer Review Jon Solworth (Dec 11)
- Re: Automatic Exploitation Paper Peer Review Arrigo Triulzi (Dec 11)
- Message not available
- Re: Automatic Exploitation Paper Peer Review Konrads Smelkovs (Dec 13)
- Re: {Spam?} Re: Automatic Exploitation Paper Peer Review Michael Gilhespy (Dec 13)
- Re: Automatic Exploitation Paper Peer Review Martin Žember (Dec 13)
- <Possible follow-ups>
- Re: Automatic Exploitation Paper Peer Review jmsc12 (Dec 14)
- Re: Automatic Exploitation Paper Peer Review Kristian Erik Hermansen (Dec 14)