Our research focuses on binary program analysis for automated and semi-automated reverse engineering and vulnerability discovery, as well as other aspects of systems security, including hardware and embedded systems security. We also leverage machine learning where appropriate (through collaboration with our colleagues from the Artificial Intelligence division).
More specifically, our research includes:
New approaches to bridge the gap between static and dynamic program analysis.
Automated verification of low-level firmware code, including IoT and UAV platforms.
Automated verification of boot firmware such as BIOS and UEFI.
Generalizing static program analysis models with machine learning to improve the scalability of current state-of-the-art vulnerability discovery approaches.
FPGA security, in particular, automated reverse engineering to reason about security properties in the context of mixed bitstream/bare-metal code interactions and FPGA-accelerated environments.
- USENIXArbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary ProgramsUSENIX Security Symposium, 2022
- S&P WorkshopsAutoCPS: Control Software Dataset Generation for Semantic Reverse EngineeringIn 2022 IEEE Security and Privacy Workshops (SPW) 2022
- CCS WorkshopsPERFUME: Programmatic Extraction and Refinement for Usability of Mathematical ExpressionIn Proceedings of the 2021 Research on Offensive and Defensive Techniques in the Context of Man At The End (MATE) Attacks 2021
- IoTDISecDeep: Secure and Performant On-device Deep Learning Inference Framework for Mobile and IoT DevicesIn Proceedings of the International Conference on Internet of Things Design and Implementation 2021
- CybersecurityBin2vec: Learning Representations of Binary Executable Programs for Security TasksSpringer Cybersecurity Journal, 2021
- USENIXI Always Feel Like Somebody’s Sensing Me! A Framework to Detect, Identify, and Localize Clandestine Wireless SensorsIn USENIX Security Symposium 2021
- ACSACSleak: Automating Address Space Layout Derandomization35th Annual Computer Security Applications Conference (ACSAC) 2019
- CODASPYBootKeeper: Validating Software Integrity Properties on Boot Firmware ImagesACM CODASPY 2019
- LangSecA binary analysis approach to retrofit security in input parsing routinesIEEE Security and Privacy Workshops (SPW) 2018