PhD Studentship in Automatic Exploit Generation

4-5 years

The Systems Security Research Lab, led by Dr Lorenzo Cavallaro within the Information Security Group (ISG) at Royal Holloway, University of London, is seeking to appoint 1 PhD Studentship to carry out research on program analysis for security with a particular emphasis on the development of systems to automatically generate exploits for specific classes of software vulnerabilities. The successful candidate will be co-supervised by Dr Lorenzo Cavallaro and Dr Johannes Kinder.

Vulnerabilities in software are a major security concern; when they are reported, they usually require immediate and expensive action by the affected software vendor. However, many vulnerabilities are not disclosed to the vendor but instead collected and traded by government agencies and cyber criminals alike. Even where developers may have seen warnings or bug reports by testing or static analysis, they may lack the specialised knowledge to determine whether a suspicious line of code is an exploitable vulnerability. The idea of automated exploit generation (AEG) systems promises to democratise the art of exploit writing. An AEG system can demonstrate the severity of a bug by generating a working targeted exploit, which takes control of the program and executes a payload, such as spawning a shell. While automated exploit generation tools are still in their infancy, their potential value is confirmed by the DARPA Cyber Grand Challenge, where US-based teams competed to build an automated offensive and defensive system.

As part of their research, the student will work on both the theory and the system for automated exploit generation. Thus, the project will require a well rounded computer scientist who is at equally at home in formal methods and in low-level systems engineering. We will be able to build on existing work in the Systems Security Research Lab on automated exploit generation for heap-based vulnerabilities, and in particular on our experience with the S2E system for symbolic execution of virtual machines.

The successful applicant will be hosted at the Information Security Group (ISG) and Department of Computer Science of Royal Holloway, University of London. Both departments are leading research centres in their respective areas. As a result, the student will benefit from a thriving and dynamic research environment and may collaborate with PhD students and researchers with interest in the field.

The student will be enrolled in the Centre for Doctoral Training at ISG, which includes a taught course element in Information security. More information is available on the ISG's CDT web pages. In addition, the research will be carried out in collaboration with L3 TRL.


Applicants should have or be expecting to obtain a first class honours degree or a masters degree in Computer Science or similar subject. In addition, applicants should be very confident about their programming skills and their background in logic and algorithms. Practical experience in systems security is a plus.

To qualify for the doctoral training centre, applicants need to satisfy EPSRC's eligibility requirements.

How to Apply

Applications will be reviewed on a rolling basis as they are received. For informal inquiries about the position, please contact Lorenzo Cavallaro. To apply, please use the Royal Holloway online application system.