Towards the exploitability escalation for software vulnerabilities

Project: Research project

Project Details


The development of static and dynamic analysis tools significantly improves security analysts' capability in finding software bugs. However, security analysts lack effective, efficient methods to determine the exploitability for the identified bugs. Today, security analysts heavily rely upon their own expertise and experience in exploitability assessment. As a result, the bugs not yet demonstrated exploitability may not result from their unexploitability. Our past research indicates that determining exploitability requires tackling three critical technical challenges – (1) tracking down useful exploitation primitives, (2) bypassing exploit mitigation and protection commonly deployed, (3) preventing unexpected program termination. To this end, I propose a series of technical approaches to ease the development of working exploits and escalate the capability of a security analyst in assessing exploitability for vulnerabilities. To be more specific, I conduct this research from three aspects. First, I developed automated techniques to explore the primitives needed for exploitation. Using the primitives identified, I further designed and developed technical solutions to facilitate the ability of a security analyst to bypass security mitigation and thus explore the possibility of performing exploitation. Looking ahead, I will explore practical approaches to preventing unexpected termination in vulnerability exploitation. In the past 2 years, my research endeavor has primarily focused on useful primitive identification and mitigation circumvention. Until submitting this updated proposal, my students and I have built two open-sourced systems – ELOISE and GREBE, and the corresponding research results have been published at top-tier security conferences (IEEE S&P and CCS). As is mentioned above, this proposal will focus on the last stage of the research. That is to explore solutions to stabilize exploitation and thus prevent unexpected termination in an exploitation process. Intellectual Merit. This project will make key innovations in software vulnerability analysis and exploitability assessment. If successful, the research outcome will provide a series of novel technical solutions that will help security analysts to (1) track down primitives needed for exploitation, (2) evaluate the capability of a vulnerability in circumventing widely deployed security mitigation and (3) prevent unexpected termination in exploitability assessment. Not only will this work enrich the arsenal of computer security, but also contribute to the field of software engineering that focuses on automated vulnerability analysis and exploit development. The proposed research will apply empirical methods from computer systems and software engineering to tackle conventional but unsolved security problems. Broader Impact. This research project has the potential to significantly reduce the cycle of exploitability assessment for vulnerabilities and thus shorten the time that a software system remains vulnerable. The proposed research will make key progress towards securing the current cyberspace and enhancing the national security. The technical solutions will not only help to build a more effective and efficient bug triaging system for industrial practitioners, but also augment their ability to perform more comprehensive and thorough penetration test in their regular cyber operations. The PI will continue sharing the research results with existing industrial partners and collaborate on prototype testing.
Effective start/end date1/7/221/6/24


  • Office of Naval Research (N00014-22-1-2158/P00001)


Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.