Automated Synthesis of Software Exploits
OVERVIEW
Many modern applications whether developed in Java, Python, PHP or other languages rely on object oriented design principles, where the basic system components are objects and classes. The encapsulations provided by object structure, the concept of classes, and inheritance has increased programs reusability and extensiblity; Polymorphism has enabled separation of the client class from implementation code, and allows the object to decide which form of the function to implement at compile-time (overloading) as well as run-time (overriding). In object oriented design, objects are the basic system components. Many o-o architectures directly operate on objects, they share objects with other processes, store them in disk/files for future retrieval or transport them over network to other systems. While communication of objects provides significant flexibilities for software developers, it opens new sophisticated attack vector that can be abused by adversaries. This project leverages hybrid static and dynamic program analysis approach to carefully craft tampered objects capable of exploiting and identifying any potential weakness in a system. We automatically synthesize exploits that can reach any possible sensitive points in an application and detect
object injection vulnerabilities. Furthermore, in this project we provide automation to fix such vulnerabilities.
object injection vulnerabilities. Furthermore, in this project we provide automation to fix such vulnerabilities.