Software Security through Binary Analysis
| Sponsor | Fonds zur Foerderung der wissenschaftlichen Forschung (FWF) - No. P18157 |
| Duration | 08/2004 - 08/2006 |
| Position | Principal Investigator (together with Engin Kirda) |
The project aims to advance the state-of-the-art in binary
analysis to improve software security. Binary analysis is the
analysis of the machine code representation of an executable
software program with the aim of understanding its design,
functionality, and operations. The task of binary analysis is
to identify and extract certain properties of interest. Based
on these properties, it is possible to make statements about
the program's run-time behavior.
Binary analysis is an approach with a wide range of
security-relevant applications. Application areas include the
detection of malware (i.e., malicious programs such as viruses
and worms), rootkits (i.e., tools used by an intruder to hide
from the system administrator) and Trojan horses. In addition,
binary analysis can be used to analyze more general security
properties such as the presence of buffer overflow or race
condition vulnerabilities. An important advantage of binary
analysis is that it can be used transparently on executable
code. Thus, no access to source code is required. This allows
one to perform analysis in cases where source code is not
available or where the vulnerability is not visible in source
code. However, working on machine code presents major research
challenges. These challenges include the design of a robust
disassembler in case of variable length machine instructions, a
mix of code instructions with data elements, obfuscation and
binary encryption. In addition, the lack of type information
and higher-level semantic structures (e.g., loops) complicates
the analysis.
In this project, we develop a solid theoretical foundation to
formalize the semantics of machine code. Based on this semantic
specification, we will develop techniques and algorithms to
reliably disassemble hostile binaries, and to semantically
analyze machine instructions. The theoretical concepts will be
implemented and verified in a tool that is based on a virtual
execution environment. This virtual environment enables us to
combine static and dynamic analysis.
Solaris and Linux Baseline Security
| Sponsor | Austrian Central Bank (OeNB) |
| Duration | 12/2004 - 04/2005 |
| Position | Principal Investigator (together with Engin
Kirda) |
The task of this project is to implement an automated system
that can check and modify common security settings of the Solaris and
Linux operating systems.
HiDRA (High-Speed, wide-area network Detection, Response, and Analysis)
| Sponsor | US Army Research Office - No. DAAD 19-01-1-0484 |
| Duration | 01/2000 - 12/2004 |
| Position | Senior Scientist |
The aim of HiDRA is a network surveillance, analysis, and
response system for high-speed, wide area networks. The system
is designed to overcome limitations of traditional approaches
that cannot monitor networks at high-speed and that do not
provide a large-scale control and coordination
infrastructure. The model proposed in HiDRA facilitates local
surveillance and global control. It is based on highly
configurable sensors that can operate on high-speed links and a
knowledge base that takes into account the network
infrastructure.
Sparta (Security Policy Adaptation Reinforced Through Agents)
| Sponsor | European Union Information Societies Technology Program (IST) - No. 12637 |
| Duration | 01/2000 - 05/2002 |
| Position | Senior Scientist and Member of Technical Board |
The aim of Sparta is to develop a mobile-agent-based security
platform. The task of this platform is the support of generic
security policies. This allows the system to be used for a
variety of intrusion detection and network monitoring tasks. An
important feature of Sparta is the security of the mobile agent
platform itself. It was realized that a security system could be
misused as an avenue for intrusions. Thus, all agents are
encrypted when sent between hosts, authenticated on arrival at a
host, and subject to rigorous access control.
Opelix (The Open e-Commerce Platform)
| Sponsor | Fonds zur Foerderung der wissenschaftlichen Forschung (FWF) - No. P13731 |
| Duration | 05/2000 - 02/2002 |
| Position | Scientist |
The Opelix project aims at the design and development of an open
e-commerce platform. The main objective is to support more
flexible business models than currently possible. To this end,
the project focuses on the flexible modelling of business models
for information commerce and their mapping to an XML-based
business offer description language. Further components within
the Opelix system are the support for agents that provide search and
negotiation facilities to the customers, payment systems
allowing micropayments, and push systems for the delivery of
information products.
