Summaries - Office of Research & Innovation
Research Summaries
Back Development Time of Zero-Day Cyber Exploits in Support of Offensive Cyber Operations
Fiscal Year | 2020 |
Division | Research & Sponsored Programs |
Department | NPS Naval Research Program |
Investigator(s) |
Shaffer, Alan B.
Singh, Gurminder |
Sponsor | NPS Naval Research Program (Navy) |
Summary | Zero-day vulnerabilities are vulnerabilities that have not previously been identified, and thus are in their “zero’th day” of existence. These vulnerabilities are the most potentially damaging from a cyber defense perspective, because defenders have no idea they exist and cannot implement measures to directly mitigate them or defend against threats that might exploit them. For much the same reason, zero-day vulnerabilities represent a valuable class of vulnerabilities from an offensive cyber operations standpoint, because they may be highly exploitable before a defender can discover and patch them. Zero-day exploits are, however, more difficult to develop and require more skill from the attacker. We propose to study previous and current research in this area to analyze the time taken to exploit zero-day vulnerabilities on computer systems. We will also examine the impact of overall target system security on zero-day vulnerability detection and exploit development. We will focus on target operating systems for commercial-off-the-shelf (COTS) systems, looking specifically at the time to exploit both well-configured, patched systems and poorly-configured, patched systems. |
Keywords | |
Publications | Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal |
Data | Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal |