Software Security through Binary Analysis

SponsorFonds zur Foerderung der wissenschaftlichen Forschung (FWF) - No. P18157
Duration08/2004 - 08/2006
PositionPrincipal Investigator (together with Engin Kirda)

The project aims to advance the state-of-the-art in binary analysis to improve software security. Binary analysis is the analysis of the machine code representation of an executable software program with the aim of understanding its design, functionality, and operations. The task of binary analysis is to identify and extract certain properties of interest. Based on these properties, it is possible to make statements about the program's run-time behavior.

Binary analysis is an approach with a wide range of security-relevant applications. Application areas include the detection of malware (i.e., malicious programs such as viruses and worms), rootkits (i.e., tools used by an intruder to hide from the system administrator) and Trojan horses. In addition, binary analysis can be used to analyze more general security properties such as the presence of buffer overflow or race condition vulnerabilities. An important advantage of binary analysis is that it can be used transparently on executable code. Thus, no access to source code is required. This allows one to perform analysis in cases where source code is not available or where the vulnerability is not visible in source code. However, working on machine code presents major research challenges. These challenges include the design of a robust disassembler in case of variable length machine instructions, a mix of code instructions with data elements, obfuscation and binary encryption. In addition, the lack of type information and higher-level semantic structures (e.g., loops) complicates the analysis.

In this project, we develop a solid theoretical foundation to formalize the semantics of machine code. Based on this semantic specification, we will develop techniques and algorithms to reliably disassemble hostile binaries, and to semantically analyze machine instructions. The theoretical concepts will be implemented and verified in a tool that is based on a virtual execution environment. This virtual environment enables us to combine static and dynamic analysis.

Solaris and Linux Baseline Security

SponsorAustrian Central Bank (OeNB)
Duration12/2004 - 04/2005
PositionPrincipal Investigator (together with Engin Kirda)

The task of this project is to implement an automated system that can check and modify common security settings of the Solaris and Linux operating systems.

HiDRA (High-Speed, wide-area network Detection, Response, and Analysis)

SponsorUS Army Research Office - No. DAAD 19-01-1-0484
Duration01/2000 - 12/2004
PositionSenior Scientist

The aim of HiDRA is a network surveillance, analysis, and response system for high-speed, wide area networks. The system is designed to overcome limitations of traditional approaches that cannot monitor networks at high-speed and that do not provide a large-scale control and coordination infrastructure. The model proposed in HiDRA facilitates local surveillance and global control. It is based on highly configurable sensors that can operate on high-speed links and a knowledge base that takes into account the network infrastructure.

Sparta (Security Policy Adaptation Reinforced Through Agents)

SponsorEuropean Union Information Societies Technology Program (IST) - No. 12637
Duration01/2000 - 05/2002
PositionSenior Scientist and Member of Technical Board

The aim of Sparta is to develop a mobile-agent-based security platform. The task of this platform is the support of generic security policies. This allows the system to be used for a variety of intrusion detection and network monitoring tasks. An important feature of Sparta is the security of the mobile agent platform itself. It was realized that a security system could be misused as an avenue for intrusions. Thus, all agents are encrypted when sent between hosts, authenticated on arrival at a host, and subject to rigorous access control.

Opelix (The Open e-Commerce Platform)

SponsorFonds zur Foerderung der wissenschaftlichen Forschung (FWF) - No. P13731
Duration05/2000 - 02/2002

The Opelix project aims at the design and development of an open e-commerce platform. The main objective is to support more flexible business models than currently possible. To this end, the project focuses on the flexible modelling of business models for information commerce and their mapping to an XML-based business offer description language. Further components within the Opelix system are the support for agents that provide search and negotiation facilities to the customers, payment systems allowing micropayments, and push systems for the delivery of information products.