Software vulnerabilities are bugs in a program that an attacker can exploit to make the program deviate from its specification. An attacker exploits a vulnerability by crafting input that causes the program to behave incorrectly. Such an input is called an exploit. This article deals with diagnosing exploits, i.e., given an exploit, the task is to return the vulnerability that allowed it. We show that existing software diagnosis algorithms are ill-suited for this problem, and introduce two novel techniques for adapting them to this problem. This includes manipulating an automated testing tool to generate additional inputs that are similar to the given exploit, and tracing below the desired granularity level to improve diagnostic accuracy. Experimental evaluation on real exploits from four open-source projects shows that our algorithm significantly reduces diagnostic efforts.

中文翻译：

---

诊断软件系统漏洞

软件漏洞是程序中的错误，攻击者可以利用这些错误使程序偏离其规范。攻击者通过制作导致程序行为不正确的输入来利用漏洞。这种输入称为漏洞利用。本文涉及诊断漏洞利用，即给定漏洞利用，任务是返回允许漏洞利用。我们表明现有的软件诊断算法不适合这个问题，并介绍了两种新技术来使它们适应这个问题。这包括操纵自动化测试工具以生成与给定漏洞类似的其他输入，并在所需粒度级别以下进行跟踪以提高诊断准确性。