Re: Automatic Exploitation Paper Peer Review

["Fergie" <rkferguson () verizon net>]

Something I used to tell my troops when I was in the Army ...  Don't sit
back in your area and bitch about something.  Anyone can bitch.  If you
bring a problem to light, bring a potential solution as well...

I don't mean that as harsh as it sounds when I read it back.  I just mean to
say that all of you smart folks who identify these problems can surely posit
a solution to them....

Ferg

-----Original Message-----
From: dailydave-bounces () lists immunityinc com
[mailto:dailydave-bounces () lists immunityinc com] On Behalf Of Marius
Sent: Saturday, December 11, 2010 12:48 PM
To: dailydave () lists immunityinc com
Subject: Re: [Dailydave] Automatic Exploitation Paper Peer Review

Hey fellows,

> > I have always found it worrying that there appears to be a quality 
> > gap between academics working on tough problems (e.g. Eros/Coyote and 
> > secure operating systems, processor hacking, crypto, etc.) and those 
> > working on what we face on a daily basis. Why?

before this gets too far:
- It's rather arrogant to criticize (all) academics for lacking abilities
even only very few and select individuals throughout security industry have.
And btw. no curriculum I ever saw includes security skills, that matter.
I don't think it's the job of academia though. Too few companies cooperate
with universities. Too few of them really could.

"""
Our future work focuses on scaling to larger and more programs, to more
types of exploits, and to other relevant problem settings. There is plenty
still to do.
"""
(http://security.ece.cmu.edu/aeg/)

Taken from Sean's thesis
(http://seanhn.files.wordpress.com/2009/09/thesis1.pdf) a while ago:
"To build a completely automated and general tool for exploit generation is
not, in our opinion, a realistic goal." [...]

"There are many tasks that are common to almost all exploits that make
research into the field both necessary and valuable. In terms of tool
development though a system that is a hybrid of automated analysis
techniques with human intuition and judgement would seem to be an attractive
option." (page 74)

I'd like to mention that they seem (no implementation given jet) utilize
KLEE. Therefore they will have source-access. Sean focused on DBI.
Reading between the lines of course, I assume people mixed that up a little.

Thanks for reading,
--
Marius
crazylazy.info


_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave