BASS research group

The BASS group (Binary Analysis and Systems Security) is part of the Networking and Cybersecurity division of University of Southern California's Information Sciences Institute. We are located off-campus in Marina Del Rey (Los Angeles area).

Our research focuses on binary program analysis for automated and semi-automated reverse engineering and vulnerability discovery, as well as other aspects of systems security, including hardware and embedded systems security. We also leverage machine learning where appropriate (through collaboration with our colleagues from the Artificial Intelligence division).

More specifically, our research includes:

  • New approaches to bridge the gap between static and dynamic program analysis.

  • Automated verification of low-level firmware code, including IoT and UAV platforms.

  • Automated verification of boot firmware such as BIOS and UEFI.

  • Generalizing static program analysis models with machine learning to improve the scalability of current state-of-the-art vulnerability discovery approaches.

  • FPGA security, in particular, automated reverse engineering to reason about security properties in the context of mixed bitstream/bare-metal code interactions and FPGA-accelerated environments.

news

May 13, 2021 Our workshop CheckMATE will be collocated with ACM CCS 2021 in Seoul, South Korea! Please check out our CFP.
Apr 10, 2021 Our paper Bin2Vec was accepted for publication in Springer’s Cybersecurity journal.

Recent publications

  1. IoTDI
    SecDeep: Secure and Performant On-device Deep Learning Inference Framework for Mobile and IoT Devices
    Liue, Renju, Garcia, Luis, Liu, Zaoxing, Ou, Botong, and Srivastava, Mani
    In Proceedings of the International Conference on Internet of Things Design and Implementation 2021
  2. Cybersecurity
    Bin2vec: Learning Representations of Binary Executable Programs for Security Tasks
    Shushan Arakelyan, Sima Arasteh, Christophe Hauser, Erik Kline, Aram Galstyan,
    Springer Cybersecurity Journal, 2021
  3. USENIX
    I Always Feel Like Somebody’s Sensing Me! A Framework to Detect, Identify, and Localize Clandestine Wireless Sensors
    Singh, Akash Deep, Garcia, Luis, Noor, Joseph, and Srivastava, Mani
    In USENIX Security Symposium 2021
  4. ACSAC
    Sleak: Automating Address Space Layout Derandomization
    Christophe Hauser,Jayakrishna Menon, Yan Shoshitaishvili, Ruoyu Wang, Giovanni Vigna and Christopher Kruegel,
    35th Annual Computer Security Applications Conference (ACSAC) 2019
  5. CODASPY
    BootKeeper: Validating Software Integrity Properties on Boot Firmware Images
    Ronny Chevalier, Stefano Cristalli, Christophe Hauser, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, Danilo Bruschi and Andrea Lanzi,
    ACM CODASPY 2019
  6. LangSec
    A binary analysis approach to retrofit security in input parsing routines
    Jayakrishna Menon, Christophe Hauser, Yan Shoshitaishvili and Stephen Schwab,
    IEEE Security and Privacy Workshops (SPW) 2018