利用錯誤定位與自動修補技術達成自動化防禦

Abstract

Cyber Grand Challenge(CGC)是由美國國防部高等研究計畫署(DARPA)舉辦的全自動化電腦攻防競賽。本論文參考競賽規則，結合模糊測試、錯誤定位、與修補三樣技術，建造一個全自動化的Cyber Reasoning System(CRS)。我們實驗室在自動化攻擊方面已有成果，因此希望結合錯誤定位技術，進一步發展成自動化修補技術，形成一個全自動化的攻防系統。除了競賽題目外，我們嘗試將系統應用在真實程式的漏洞，希望以自動化的方式改善資訊安全，彌補人力無暇顧及的部分。

The department of defense (DOD) in the US has called for the contest in automatic attack and defense. The contest is a big challenge on the security development and called Cyber Grand Challenge (CGC). We consult to the competition rules and develop an automatic cyber reasoning system (CRS) to fulfill the goals. Our CRS combines with the techniques of fuzz testing, fault localization, and binary patch to build an automatic defense system. With the former efforts developed in the SQLab for automatic attack, we further integrate into a CRS for automatic attack and defense. Other than the sample problems in the CGC, we evaluate our systems in the binary patch capability on real programs. This work will be a preliminary study for potential participations on the future CGC.