CHESS
GAMEPLAY: Graph Analysis for Mechanized Exploit generation and Patching Leveraging human Assistance for improved Yield
The GAMEPLAY project aims to improve the processes software vulnerabilities detection, exploit generation, and patching. Gameplay is part of the CHESS DARPA program (Computers and Humans Exploring Software Security) whose goal is to "research the effectiveness of enabling computers and humans to collaboratively reason over software artifacts, such as source code and compiled binaries". In GAMEPLAY, we are building tools and methods to discover vulnerabilities and generate exploits for PHP, Javascript, and C/C binaries.
Participating Institutions: Heading link
Prinicipal Investigators: Heading link
- V.N. Venkatakrishnan (UIC)
- Rigel Gjomemo (UIC)
- Kevin Hamlen (UTD)
- Yinzhi Cao (JHU)
Sponsor: Heading link
DARPA
Results Heading link
Found Vulnerabilities:
- OsTicket (CVE-2020-24917)
- Collabtive (CVE-2020-13655)
- CePhoenix (CVE-2020-12058)
- ZoneMinder (CVE-2020-25729)
- ECommerce CodeIgniter (CVE-2020-25086)
- ECommerce CodeIgniter (CVE-2020-25087)
- ECommerce CodeIgniter (CVE-2020-25088)
- ECommerce CodeIgniter (CVE-2020-25089)
- ECommerce CodeIgniter (CVE-2020-25090)
- ECommerce CodeIgniter (CVE-2020-25091)
- ECommerce CodeIgniter (CVE-2020-25092)
- ECommerce CodeIgniter (CVE-2020-25093)