Paper Info
Title
End-to-End Automated Exploit Generation for Validating the Security of Processor Designs.
Abstract
This paper presents Coppelia, an end-to-end tool that, given a processor design and a set of security-critical invariants, automatically generates complete, replayable exploit programs to help designers find, contextualize, and assess the security threat of hardware vulnerabilities. In Coppelia, we develop a hardware-oriented backward symbolic execution engine with a new cycle stitching method and fast validation technique, along with several optimizations for exploit generation. We then add program stubs to complete the exploit. We evaluate Coppelia on three CPUs of different architectures. Coppelia is able to find and generate exploits for 29 of 31 known vulnerabilities in these CPUs, including 11 vulnerabilities that commercial and academic model checking tools can not find. All of the generated exploits are successfully replayable on an FPGA board. Moreover, Coppelia finds 4 new vulnerabilities along with exploits in these CPUs. We also use Coppelia to verify whether a security patch indeed fixed a vulnerability, and to refine a set of assertions.
Year
DOI
Venue
2018
10.1109/MICRO.2018.00071
MICRO
Keywords
Field
DocType
exploit generation, processor security, symbolic execution
Image stitching,Model checking,Computer science,End-to-end principle,Parallel computing,Field-programmable gate array,Exploit,Processor design,Symbolic execution,Invariant (mathematics),Embedded system
Conference
ISBN
Citations 
PageRank 
978-1-5386-6241-0
0
0.34
References 
Authors
0
4
Name
Order
Citations
PageRank
Rui Zhang138186.83
Calvin Deutschbein201.35
Peng Huang330917.16
Cynthia Sturton4858.56