Understanding and Protecting Closed-Source Systems using Dynamic Analysis

Speaker:  Brendan Dolan-Gavitt;  Columbia University

We are constantly surrounded by computing systems, including cars, coffee makers, phones, and of course traditional desktops and laptops.

The internal details of such systems are often tenuously understood, even by their creators. In order to fully evaluate their security, these details are of vital importance; however, for systems where source and documentation are not available, gaining the requisite understanding requires time-consuming and expensive manual reverse engineering. In this talk, I will discuss how dynamic program analyses can be used to uncover undocumented assumptions and operating principles of real-world, closed-source systems. In particular, I will describe and evaluate novel dynamic analyses to identify enforced kernel data structure invariants, perform whole-system subprogram extraction for virtual machine introspection, and locate interesting hook points in an OS and its applications. Finally, I will outline a research program whose goal is to enable rapid understanding of large and complex computing systems, and consider what can be done to make such internal workings transparent by design.

Brendan Dolan-Gavitt is a postdoctoral researcher at Columbia University in the IDS Lab, developing techniques to automate the understanding of large, real-world systems in order to improve their security. Prior to joining Columbia, he obtained his PhD from Georgia Tech. His primary research interests are in systems security, and in particular in virtual machine introspection, reverse engineering, and program analysis.

For more information, please contact Prof. Nasir Memon.