Date of Award

Spring 2020

Project Type


Program or Major

Computer Science

Degree Name

Master of Science

First Advisor

Wheeler Ruml

Second Advisor

Laura Dietz


Return oriented programming (ROP) attacks have been studied for many years, but they are

usually still constructed manually. The existing tools to synthesize ROP exploits automatically,

such as ROPGadget and angrop, are very limited by their ad-hoc design: they rely on matching

fixed patterns and assembling gadgets in fixed ways. We propose a new method, PEACE, that

uses symbolic execution and partial-order planning to assemble gadgets more flexibly. Our method

incrementally selects gadgets to address a need in the partially-constructed exploit, and infers

ordering constraints over those gadgets based on their effects. This approach enables PEACE to

create exploits for many more binaries than existing tools. By creating a more flexible and powerful

ROP attack generation tool, we hope to raise awareness of how much code is vulnerable