Overview
Syllabus
Intro
Background (cont.)
Crafting an Exploit for Kernel Use-After-Free
Needs Intensive Manual Efforts
Needs Extensive Expertise in Kernel
Needs Security Expertise
Some Past Research Potentially Tackling the Challenges
A Real World Example (CVE-2017-15649)
No Primitive Needed for Exploitation
Roadmap
FUZE - Extracting Critical Info.
FUZE - Performing Kernel Fuzzing
FUZE - Performing Symbolic Execution
Useful primitive identification
Case Study (cont)
Discussion on Failure Cases
Conclusion
Questions
THE ADVANCED COMPUTING SYSTEMS ASSOCIATION
Taught by
USENIX