A research team from Professor V.N. Venkatakrishnan’s Systems & Internet Security Lab (SISL) including PhD student Abeer Alhuzali, Rigel Gjomemo, PhD, and Birhanu Eshete, PhD, were honored with a Distinguished Paper award at the 27th USENIX Security Symposium held in Baltimore, MD from August 15-17th. Their paper was one of five receiving the honor.
“USENIX Security is the most prestigious venue in security for practical systems work, and this award is quite prestigious in the security community,” said Venkatakrishnan.
“NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications”
Abeer Alhuzali, Rigel Gjomemo, Birhanu Eshete, and V.N. Venkatakrishnan
– ABSTRACT –
Modern multi-tier web applications are composed of several dynamic features, which make their vulnerability analysis challenging from a purely static analysis perspective. We describe an approach that overcomes the challenges posed by the dynamic nature of web applications. Our approach combines dynamic analysis that is guided by static analysis techniques in order to automatically identify vulnerabilities and build working exploits. Our approach is implemented and evaluated in NAVEX, a tool that can scale the process of automatic vulnerability analysis and exploit generation to large applications and to multiple classes of vulnerabilities. In our experiments, we were able to use NAVEX over a codebase of 3.2 million lines of PHP code, and construct 204 exploits in the code that was analyzed.
Creating an online buzz . . .