Software is everywhere, from mission critical systems such as industrial power stations, pacemakers and even common household appliances we are surrounded by software with potentially exploitable vulnerabilities. The growing complexity of software, the rise in IoT devices coupled with our dependence on technology has made program analysis more specifically binary analysis an important area of research in computer science. Moreover these needs and dependencies have made it a necessity to explore building automated analysis systems that can operate at scale, speed and efficacy all while performing with the skill of a human expert. Though great progress has been made in this area of research, there remains limitations and open challenges to be addressed. Recognizing this need, DARAP sponsored the Cyber Grand Challenge (CGC), a competition to showcase the current state of the art in systems that perform; automated vulnerability detection, exploit generation and software patching. This paper is a survey of the vulnerability detection and exploit generation techniques, underlying technologies and related works of two of the winning systems Mayhem and Mechanical Phish.
View on arXiv