File systems are too large to be bug free. Although handwritten test suites have been widely
used to stress file systems, they can hardly keep up with the rapid increase in file system …

Software vendors usually prioritize their bug remediation based on ease of their exploitation.
However, accurately determining exploitability typically takes tremendous hours and …

A lack of temporal safety in low-level languages has led to an epidemic of use-after-free
exploits. These have surpassed in number and severity even the infamous buffer-overflow …

Nowadays, dynamic testing tools have significantly expedited the discovery of bugs in the
Linux kernel. When unveiling kernel bugs, they automatically generate reports, specifying …

The monolithic nature of modern OS kernels leads to a constant stream of bugs being
discovered. It is often unclear which of these bugs are worth fixing, as only a subset of them …

During system call execution, it is common for operating system kernels to read userspace
memory multiple times (multi-reads). A critical bug may exist if the fetched userspace …

To determine the exploitability for a kernel vulnerability, a secu-rity analyst usually has to
manipulate slab and thus demonstrate the capability of obtaining the control over a program …

Operating system kernels are appealing attack targets: compromising the kernel usually
allows attackers to bypass all deployed security mechanisms and take control over the entire …

The dynamic of the Linux kernel heap layout significantly impacts the reliability of kernel
heap exploits, making exploitability assessment challenging. Though techniques have been …

Automatic exploit generation is a challenging problem. A challenging part of the task is to
connect an identified exploitable state (exploit primitive) to triggering execution of code …