BASS research group
The BASS group (Binary Analysis and Systems Security) is part of the Networking and Cybersecurity division of University of Southern California's Information Sciences Institute. We are located off-campus in Marina Del Rey (Los Angeles area).
Our research focuses on binary program analysis for automated and semi-automated reverse engineering and vulnerability discovery, as well as other aspects of systems security, including hardware and embedded systems security. We also leverage machine learning where appropriate (through collaboration with our colleagues from the Artificial Intelligence division).
More specifically, our research includes:
-
New approaches to bridge the gap between static and dynamic program analysis.
-
Automated verification of low-level firmware code, including IoT and UAV platforms.
-
Automated verification of boot firmware such as BIOS and UEFI.
-
Generalizing static program analysis models with machine learning to improve the scalability of current state-of-the-art vulnerability discovery approaches.
-
FPGA security, in particular, automated reverse engineering to reason about security properties in the context of mixed bitstream/bare-metal code interactions and FPGA-accelerated environments.
news
Jun 28, 2022 |
Our paper Harm-Dos was accepted for publication at RAID’22.
|
---|---|
May 10, 2022 |
Our paper Arbiter was accepted for publication at USENIX security ‘22.
|
May 13, 2021 | Our workshop CheckMATE will be collocated with ACM CCS 2021 in Seoul, South Korea! Please check out our CFP. |
Apr 10, 2021 |
Our paper Bin2Vec was accepted for publication in Springer’s Cybersecurity
journal.
|
Recent publications
- RAIDHarm-DoS: Hash Algorithm Replacement for Mitigating Denial-of-Service Vulnerabilities in Binary Executables2022
- S&P WorkshopsAutoCPS: Control Software Dataset Generation for Semantic Reverse EngineeringIn 2022 IEEE Security and Privacy Workshops (SPW) 2022
- CCS WorkshopsPERFUME: Programmatic Extraction and Refinement for Usability of Mathematical ExpressionIn Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks 2021
- IoTDISecDeep: Secure and Performant On-device Deep Learning Inference Framework for Mobile and IoT DevicesIn Proceedings of the International Conference on Internet of Things Design and Implementation 2021
- USENIXArbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary ProgramsUSENIX Security Symposium, 2021
- CybersecurityBin2vec: Learning Representations of Binary Executable Programs for Security TasksSpringer Cybersecurity Journal, 2021
- USENIXI Always Feel Like Somebody’s Sensing Me! A Framework to Detect, Identify, and Localize Clandestine Wireless SensorsIn USENIX Security Symposium 2021