Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

deny icon
Deny
allow icon
Accept
All Posts

ForAllSecure Founders Win IEEE Test-of-Time Award

Robert Vamosi
May 25, 2022
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

The Institute of Electrical and Electronics Engineers (IEEE) recently honored the founders of ForAllSecure with its prestigious Test-of-Time award for a paper first published in May 2012 by ForAllSecure founders David Brumley, Thanassis Avgerinos, and Alex Rebert, along with San Kil Cha. The award was presented the 43th Annual IEEE Security & Privacy Symposium on May 20 in San Francisco, CA.

The paper, Unleashing Mayhem on Binary Code, which the abstract says is "a new system for automatically finding exploitable bugs in binary (i.e., executable) programs." The abstract continues, "Every bug reported by Mayhem is accompanied by a working shell-spawning exploit. The working exploits ensure soundness and that each bug report is security-critical and actionable. Mayhem works on raw binary code without debugging information. To make exploit generation possible at the binary-level, Mayhem addresses two major technical challenges: actively managing execution paths without exhausting memory, and reasoning about symbolic memory indices, where a load or a store address depends on user input." 

The paper proposes two unique techniques for accomplishing this. The first uses hybrid symbolic execution to combine online and offline (concolic) execution, maximizing the benefits of both techniques. The second technique is the introduction of index-based memory modeling, a technique that allows Mayhem to efficiently reason about symbolic memory at the binary level. This technology is used in the commercial product, Mayhem, available for free today.

undefined

The IEEE Security & Privacy symposium initiated the Test-of-Time Award last year to recognize papers that have made a lasting impact on the fields of security. IEEE Test-of-Time award.  To qualify for this award, a paper must have been published at the IEEE Symposium on Security and Privacy between 10 and 12 years prior. Each year, the awards selection committee is charged to select one or more winners from among the eligible set using their own experience and knowledge. 

Share this post
Blog

Recent Blogs

View All
Mayhem Makers

Introducing Mayhem’s Dynamic SBOM Generation and SCA Validation Feature

We’re excited to announce the release of our latest feature: Mayhem’s Dynamic SBOM Generation and SCA Validation feature.
Read More
Mayhem Tips

Crafting POCs for Fun and Profit using Mayhem

In this five minute tutorial, we'll use Mayhem to generate a Proof-of-Concept (POC) exploit for a buffer overflow using a tiny C program as our running example.
Read More
Mayhem Makers

Mayhem Makers: Josh Thorngren, VP Marketing and Product

“Mayhem Makers” is a Q&A series dedicated to our growing company. For this month’s profile, we talked with Josh Thorngren, VP Marketing and Product at Mayhem.
Read More
View all

Fancy some inbox Mayhem?

Subscribe to our monthly newsletter for expert insights and news on DevSecOps topics, plus Mayhem tips and tutorials.

By subscribing, you're agreeing to our website terms and privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Add Mayhem to Your DevSecOps for Free.

Get a full-featured 30 day free trial.

Company
AboutCareersPressEvents
Support
Docs & TutorialsContact
Connect with us
© 2024 ForAllSecure
Privacy PolicyTerms of UseCookies Settings
Mayhem Makers

Complete API Security in 5 Minutes

Get started with Mayhem today for fast, comprehensive, API security. 

Get Mayhem

Maximize Code Coverage in Minutes

Mayhem is an award-winning AI that autonomously finds new exploitable bugs and improves your test suites.

Get Mayhem