Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications

The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P', automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P'. In this paper, the authors propose techniques for automatic patch-based exploit generation, and show that the techniques can automatically generate exploits for 5 Microsoft programs based upon patches provided via Windows Update. Although the techniques may not work in all cases, a fundamental tenant of security is to conservatively estimate the capabilities of attackers.