The worldwide integration of electrical and autonomous cars brings a new potential for attackers to find and exploit new vulnerabilities on the larger scale. One potential solution is to perform symbolic execution, fuzzing, and dynamic analysis to identify vulnerabilities at the early stages of the car production. In this talk, I will discuss Mayhem platform developed as a part of IEEE paper recognized by the Test-of-Time award during the 43rd IEEE Security & Privacy Symposium, which became a production system widely used by tier-1 industry players in automotive, aerospace, and high tech. The first part of the talk, I will use car hacking as a lens to show and explain how Mayhem’s approach finds recent zero-day vulnerabilities used to win a Tesla car in pwn2own. We’ll delve into the contemporary automotive attack surface and discuss how Mayhem and dynamic analysis is applied at each level, from Internet-connected infotainment to CAN-bus connected RTOS. We’ll also explore how hackers weaponize the exploits and what are the challenges of multi-vulnerability attack chain analysis. In the second part of the talk, I’ll describe the adventure of bringing research technology into the industry. To evolve Mayhem into the industry product, we had to move beyond a single research analysis type (e.g., symbolic execution or fuzzing) to the end-to-end suite of analyses that address each phase of building, checking, and releasing software over its lifetime. I’ll also discuss fun and interesting challenges of the tech transition: from bringing vocabulary differences (i.e., “verification” is not a proof in industry), to showing the business value (real adoption cost trumps theoretic problem costs), to helping the users getting to a solution (finding a vulnerability is not enough).

David Brumley is the CEO of ForAllSecure and a full professor at Carnegie Mellon University. Before that he served as the director of CyLab, the CMU Security and Privacy Institute. David’s research has focused on the novel program analysis and verification techniques that identify and prove the presence of bugs and vulnerabilities in cyber systems. He has published numerous academic papers recognized by prestigious awards including IEEE Test-of-Time, 2003 and 2007 USENIX Security Best Paper Award, and ICSA Distinguished Paper Award; and recognized by achievements awards such as 2010 NSF Career Award, 2010 US Presidential Early Career Award for Scientists and Engineers, and 2013 Sloan Foundation Award. He also competed and won the DARPA Cyber Grand Challenge. As a CEO of ForAllSecure, David led the team to transition the initial tech idea onto a much bigger, richer platform called Mayhem. Mayhem is marked as the cutting-edge developer-first security solution that solves enterprise code, API, and SBOM problems. https://www.cylab.cmu.edu/directory/bios/brumley-david.html