The ability to automatically discover security vulnerabilities has been coveted since Martin Bishop's team found the black box in the 1992 film "Sneakers." Automatic exploitation generation research coming out of academia demonstrates that we're getting close and DARPA's Cyber Grand Challenge announcement indicates that we want it bad. Behind the facade of automatic program analysis is a lot of arduous computer theory and discrete math. But automatic analysis is supposed to make vulnerability research easier not harder!
This talk will begin with a brief history of program analysis; how manual analysis techniques slowly turned into automatic ones and how we started automatically discovering vulnerabilities and reasoning about code. Next, I'll demonstrate the current landscape of program analysis; how you can use existing program analysis tools and techniques to automatically find vulnerabilities in almost anything. Finally, I'll discuss the state-of-the-art of program analysis; how minor changes to existing projects and how small scripts (less than 100 lines) for existing libraries can yield world-class vulnerabilities. The talk will include several practical code examples and demos and will be accompanied by online reference material.