{"title":"自动化漏洞分析的历史和未来","authors":"Adam Doupé","doi":"10.1145/3322431.3326331","DOIUrl":null,"url":null,"abstract":"The software upon which our modern society operates is riddled with security vulnerabilities. These vulnerabilities allow hackers access to our sensitive data and make our system insecure. To identify vulnerabilities in software, human experts, or vulnerability researchers, are employed. These human experts are quite expensive. And, more fundamentally, human experts cannot analyze every change made to every piece of software (any of which could introduce a security vulnerability). Therefore, automated vulnerability analysis techniques were developed to automatically perform the process of identifying security vulnerabilities in software systems. These tools attempt to democratize the vulnerability analysis process: allowing any developer to identify vulnerabilities in their software automatically, thus finding such vulnerabilities before a malicious hacker. In this keynote, I will discuss the history of automated vulnerability analysis, from both the binary and the web perspective. Binary fuzzing and black-box web application vulnerability analysis have many aspects in common, yet are often thought of separately. From this, I will discuss the future of automated vulnerability analysis, and how we can achieve the effectiveness of a human vulnerability researcher.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"88 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"History and Future of Automated Vulnerability Analysis\",\"authors\":\"Adam Doupé\",\"doi\":\"10.1145/3322431.3326331\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The software upon which our modern society operates is riddled with security vulnerabilities. These vulnerabilities allow hackers access to our sensitive data and make our system insecure. To identify vulnerabilities in software, human experts, or vulnerability researchers, are employed. These human experts are quite expensive. And, more fundamentally, human experts cannot analyze every change made to every piece of software (any of which could introduce a security vulnerability). Therefore, automated vulnerability analysis techniques were developed to automatically perform the process of identifying security vulnerabilities in software systems. These tools attempt to democratize the vulnerability analysis process: allowing any developer to identify vulnerabilities in their software automatically, thus finding such vulnerabilities before a malicious hacker. In this keynote, I will discuss the history of automated vulnerability analysis, from both the binary and the web perspective. Binary fuzzing and black-box web application vulnerability analysis have many aspects in common, yet are often thought of separately. From this, I will discuss the future of automated vulnerability analysis, and how we can achieve the effectiveness of a human vulnerability researcher.\",\"PeriodicalId\":435953,\"journal\":{\"name\":\"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies\",\"volume\":\"88 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-05-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3322431.3326331\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3322431.3326331","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
History and Future of Automated Vulnerability Analysis
The software upon which our modern society operates is riddled with security vulnerabilities. These vulnerabilities allow hackers access to our sensitive data and make our system insecure. To identify vulnerabilities in software, human experts, or vulnerability researchers, are employed. These human experts are quite expensive. And, more fundamentally, human experts cannot analyze every change made to every piece of software (any of which could introduce a security vulnerability). Therefore, automated vulnerability analysis techniques were developed to automatically perform the process of identifying security vulnerabilities in software systems. These tools attempt to democratize the vulnerability analysis process: allowing any developer to identify vulnerabilities in their software automatically, thus finding such vulnerabilities before a malicious hacker. In this keynote, I will discuss the history of automated vulnerability analysis, from both the binary and the web perspective. Binary fuzzing and black-box web application vulnerability analysis have many aspects in common, yet are often thought of separately. From this, I will discuss the future of automated vulnerability analysis, and how we can achieve the effectiveness of a human vulnerability researcher.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
