BAP is a publicly available infrastructure for performing program verification and analysis tasks on binary (i.e., executable) code. In this paper, we describe BAP as well as lessons learned from previous in-carnations of binary analysis platforms. BAP explicitly represents all side effects of instructions in an intermediate language (IL), making… (More)
Prior work has shown that return oriented programming (ROP) can be used to bypass W⊕X, a software defense that stops shellcode, by reusing instructions from large libraries such as libc. Modern operating systems have since enabled address randomization (ASLR), which ran-domizes the location of libc, making these techniques unusable in practice. However,… (More)
There are many security tools and techniques for analyzing software, but many of them require access to source code. We propose leveraging decompilation, the study of recovering abstractions from compiled code, to apply existing source-based tools and techniques to compiled programs. A decompiler should focus on two properties to be used for security.… (More)
Most simulation models for data communication networks encompass hundreds of parameters that can each take on millions of values. Such models are difficult to understand, parameterize and investigate. This paper explains how to model a modern data communication network concisely, using only 20 parameters. Further, the paper demonstrates how this concise… (More)
The idea is to identify security-critical software bugs so they can be fixed first.
We propose, develop, and implement techniques for achieving contractual anonymity. In contractual anonymity , a user and service provider enter into an anonymity contract. The user is guaranteed anonymity and message unlinkability from the contractual anonymity system unless she breaks the contract. The service provider is guaranteed that it can identify… (More)
We propose and develop techniques for achieving contractual anonymity. In contractual anonymity , a user and service provider enter into an anonymity contract. The user is guaranteed anonymity and unlinkability from the contractual anonymity system unless they break the contract. Service providers are guaranteed that they can identify users who break the… (More)
Software vulnerabilities originating from design decisions are hard to find early and time consuming to fix later. We investigated whether the problematic design decisions themselves might be relatively easier to find, based on the concept of " technical debt, " i.e., design or implementation constructs that are expedient in the short term but make future… (More)