Upcoming Events
SCS Recruiting Seminar: Fish Wang
TITLE: Enhancing the Discovery and Mitigation of Vulnerabilities in Binary
Programs
ABSTRACT:
In the computing landscape of the modern world, our devices and systems, including PCs, servers, industrial control systems, and smart/embedded devices, are increasingly relying on programs for which the source code is unavailable to end users, security analysts, and even manufacturers — termed “binary programs.” Oftentimes, binary programs are not fully secure, and through these devices and systems, vulnerabilities in binaries may have a broad impact on society. Because of the intrinsic complexity of programs, the discovery and mitigation of vulnerabilities in binaries is generally viewed as a difficult task. It is only more difficult due to the loss of information, especially semantics, through compilation and optimization.
In this talk, I will present my research on improving the discovery and mitigation of vulnerabilities in binaries without requiring source code. I approach this goal from different angles. I will first discuss improvements on traditional vulnerability discovery techniques, such as fuzz testing, by complementing them with assistance from either symbolic execution engines or intelligence from non-expert humans. I will then showcase a novel technique for static binary rewriting with extremely low overhead, which greatly reduces the performance impact of vulnerability mitigation and program hardening on binaries. These techniques are built upon the angr binary analysis platform, which I co-founded and maintain to help foster the future of binary analysis.
BIO:
Ruoyu (Fish) Wang is a Ph.D. candidate in the SecLab of the Department of Computer Science at the University of California, Santa Barbara, being advised by Professors Giovanni Vigna and Christopher Kruegel. His research focuses on system security, especially on automated binary program analysis and reverse engineering of software. He is the co-founder and a core developer of the binary analysis platform angr. He is a core member of the CTF team Shellphish and the CGC team Shellphish CGC, with whom he won the third place in the Final Event of the DARPA Cyber Grand Challenge in 2016.
Event Details
Media Contact
Tess Malone, Communications Officer
EVENTS BY SCHOOL & CENTER
School of Computational Science and Engineering
School of Interactive Computing
School of Cybersecurity and Privacy
Algorithms and Randomness Center (ARC)
Center for 21st Century Universities (C21U)
Center for Deliberate Innovation (CDI)
Center for Experimental Research in Computer Systems (CERCS)
Center for Research into Novel Computing Hierarchies (CRNCH)
Constellations Center for Equity in Computing
Institute for People and Technology (IPAT)
Institute for Robotics and Intelligent Machines (IRIM)