Uninformed: Informative Information for the Uninformed

Vol 9» 2008.Jan

Future Work

While this paper has defined exploitation properties and described a handful of concrete examples, it has not attempted to formally define the correlation between exploitation properties and the exploitation techniques they are associated with. Future research will attempt to concretely define this relationship as it should lead to a better understanding of the variables that permit the use of various exploitation techniques. Using more formal definitions of exploitation properties, a larger scale case study can be completed which collects data about the effect of using exploitation properties to improve program understanding for a variety of purposes. The author views exploitation properties as being one component in a larger model. This larger model could be used to join major areas of study within computer security including attack surface analysis, vulnerability analysis, and exploitation analysis to form a more complete understanding of the true risks associated with a system.