Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore this 23-minute conference talk that systematizes knowledge on automating kernel vulnerability discovery and exploit generation. Learn how operating system kernels, despite being central to security across computers, smartphones, and cloud servers, present significant challenges for automated vulnerability analysis due to their inherent complexity and broad attack surface. Discover why distinguishing exploitable vulnerabilities from benign bugs typically requires manual exploit development, and understand the evolution of automated exploit generation (AEG) techniques over the past three decades. Examine the main obstacles preventing effective automation of exploit generation in OS kernels, including the challenges of applying program analysis techniques like symbolic execution to large, complex systems. Gain insights into categorized attack types beyond memory corruption, relevant threat models, and existing tools in the field. Understand the gaps in current research areas and the reproducibility challenges across different kernel versions due to large code bases and changing APIs. Review the authors' recommendations for advancing future research in automated kernel security analysis, presented by researchers from IBM Research Europe and armasuisse Cyber-Defence Campus at the USENIX Workshop on Offensive Technologies (WOOT '25).
