BASS research group

The BASS group (Binary Analysis and Systems Security) is part of the Networking and Cybersecurity division of University of Southern California's Information Sciences Institute. We are located off-campus in Marina Del Rey (Los Angeles area).

Our research focuses on binary program analysis for automated and semi-automated reverse engineering and vulnerability discovery, as well as other aspects of systems security, including hardware and embedded systems security. We also leverage machine learning where appropriate (through collaboration with our colleagues from the Artificial Intelligence division).

More specifically, our research includes:

  • New approaches to bridge the gap between static and dynamic program analysis.

  • Automated verification of low-level firmware code, including IoT and UAV platforms.

  • Automated verification of boot firmware such as BIOS and UEFI.

  • Generalizing static program analysis models with machine learning to improve the scalability of current state-of-the-art vulnerability discovery approaches.

  • FPGA security, in particular, automated reverse engineering to reason about security properties in the context of mixed bitstream/bare-metal code interactions and FPGA-accelerated environments.

news

Jun 28, 2022 Our paper Harm-Dos was accepted for publication at RAID’22.
May 10, 2022 Our paper Arbiter was accepted for publication at USENIX security ‘22.
May 13, 2021 Our workshop CheckMATE will be collocated with ACM CCS 2021 in Seoul, South Korea! Please check out our CFP.
Apr 10, 2021 Our paper Bin2Vec was accepted for publication in Springer’s Cybersecurity journal.

Recent publications

  1. RAID
    Harm-DoS: Hash Algorithm Replacement for Mitigating Denial-of-Service Vulnerabilities in Binary Executables
    Nicolaas Weideman, Haoda Wang, Tyler Kann, Spencer Zahabizadeh, Wei-Cheng Wu, Rajat Tandon, Jelena Mirkovic, Christophe Hauser,
    2022
  2. S&P Workshops
    AutoCPS: Control Software Dataset Generation for Semantic Reverse Engineering
    Wang, Haoda, Hauser, Christophe, and Garcia, Luis
    In 2022 IEEE Security and Privacy Workshops (SPW) 2022
  3. CCS Workshops
    PERFUME: Programmatic Extraction and Refinement for Usability of Mathematical Expression
    Weideman, Nicolaas, Felkner, Virginia K., Wu, Wei-Cheng, May, Jonathan, Hauser, Christophe, and Garcia, Luis
    In Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks 2021
  4. IoTDI
    SecDeep: Secure and Performant On-device Deep Learning Inference Framework for Mobile and IoT Devices
    Liue, Renju, Garcia, Luis, Liu, Zaoxing, Ou, Botong, and Srivastava, Mani
    In Proceedings of the International Conference on Internet of Things Design and Implementation 2021
  5. USENIX
    Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs
    Jayakrishna Menon Vadayath, Moritz Eckert, Kyle Zeng, Yanick Fratantonio, Davide Balzarotti, Adam Doupé, Ruoyu Wang, Tiffany Bao, Christophe Hauser, Yan Shoshitaishvili,
    USENIX Security Symposium, 2021
  6. Cybersecurity
    Bin2vec: Learning Representations of Binary Executable Programs for Security Tasks
    Shushan Arakelyan, Sima Arasteh, Christophe Hauser, Erik Kline, Aram Galstyan,
    Springer Cybersecurity Journal, 2021
  7. USENIX
    I Always Feel Like Somebody’s Sensing Me! A Framework to Detect, Identify, and Localize Clandestine Wireless Sensors
    Singh, Akash Deep, Garcia, Luis, Noor, Joseph, and Srivastava, Mani
    In USENIX Security Symposium 2021
  8. ACSAC
    Sleak: Automating Address Space Layout Derandomization
    Christophe Hauser,Jayakrishna Menon, Yan Shoshitaishvili, Ruoyu Wang, Giovanni Vigna and Christopher Kruegel,
    35th Annual Computer Security Applications Conference (ACSAC) 2019
  9. CODASPY
    BootKeeper: Validating Software Integrity Properties on Boot Firmware Images
    Ronny Chevalier, Stefano Cristalli, Christophe Hauser, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, Danilo Bruschi and Andrea Lanzi,
    ACM CODASPY 2019
  10. LangSec
    A binary analysis approach to retrofit security in input parsing routines
    Jayakrishna Menon, Christophe Hauser, Yan Shoshitaishvili and Stephen Schwab,
    IEEE Security and Privacy Workshops (SPW) 2018