Research Summaries

Back Development Time of Zero-Day Cyber Exploits in Support of Offensive Cyber Operations

Fiscal Year 2020
Division Research & Sponsored Programs
Department NPS Naval Research Program
Investigator(s) Shaffer, Alan B.
Singh, Gurminder
Sponsor NPS Naval Research Program (Navy)
Summary Zero-day vulnerabilities are vulnerabilities that have not previously been identified, and thus are in their “zero’th day” of existence. These vulnerabilities are the most potentially damaging from a cyber defense perspective, because defenders have no idea they exist and cannot implement measures to directly mitigate them or defend against threats that might exploit them. For much the same reason, zero-day vulnerabilities represent a valuable class of vulnerabilities from an offensive cyber operations standpoint, because they may be highly exploitable before a defender can discover and patch them. Zero-day exploits are, however, more difficult to develop and require more skill from the attacker. We propose to study previous and current research in this area to analyze the time taken to exploit zero-day vulnerabilities on computer systems. We will also examine the impact of overall target system security on zero-day vulnerability detection and exploit development. We will focus on target operating systems for commercial-off-the-shelf (COTS) systems, looking specifically at the time to exploit both well-configured, patched systems and poorly-configured, patched systems.
Keywords
Publications Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal
Data Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal