Computer systems get compromised because humans are imperfect. Human developers inevitably make mistakes in their code. Some of those mistakes (aka bugs) can be triggered in such a way that instead of crashing the program, they leave the program in a state that an attacker can exploit. Unfortunately, vulnerabilities are fairly common, and attackers have devised very clever and effective ways of exploiting them. Sometimes, it seems like a new major vulnerability is discovered every few months, and the pace seems to be accelerating.
Since developers will always make mistakes this research thrust is concerned with detecting and mitigating vulnerabilities. Detecting vulnerabilities would allow developers to fix them before an attacker can exploit them. Mitigating vulnerabilities (or even patching them) would prevent an attacker from exploiting them. We have made some significant advances in this area. Our system, Talos is capable of creating workarounds that neutralize vulnerabilities, while Senx generates source code patches that are competitive with human-generated patches. LMP is a system we built that uses recent Intel hardware to efficiently stop modern memory corruption attacks. Finally, our Consistency Oracle Work and work on Caelus work towards detecting vulnerabilities and attacks in distributed systems. There is still a lot to do, computer systems still need to be significantly safer from vulnerabilities than they are today!