Learn More
In this paper, we give an overview of the BitBlaze project, a new approach to computer security via binary analysis. In particular, BitBlaze focuses on building a unified binary analysis platform and using it to provide novel solutions to a broad spectrum of different security problems. The binary analysis platform is designed to enable accurate analysis,(More)
The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P ′ , automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P ′. In this paper, we propose techniques for automatic patch-based exploit generation, and show that our techniques can automatically(More)
Automatic protocol reverse-engineering is important for many security applications, including the analysis and defense against botnets. Understanding the command-and-control (C&C) protocol used by a botnet is crucial for anticipating its repertoire of nefarious activity and to enable active botnet infiltration. Frequently, security analysts need to(More)
Dynamic taint analysis (DTA) is a powerful technique for, among other things, tracking the flow of sensitive information. However, it is vulnerable to false negative errors caused by implicit flows, situations in which tainted data values affect control flow, which in turn affects other data. We propose DTA++, an enhancement to dynamic taint analysis that(More)
We give the first systematic investigation of the design space of worm defense system strategies. We accomplish this by providing a taxonomy of defense strategies by abstracting away implementation-dependent and approach-specific details and concentrating on the fundamental properties of each defense category. Our taxonomy and analysis reveals the key(More)
The complexity of the client-side components of web applications has exploded with the increase in popularity of web 2.0 applications. Today, traditional desktop applications , such as document viewers, presentation tools and chat applications are commonly available as online JavaScript applications. Previous research on web vulnerabilities has primarily(More)
Program state-space exploration is central to software security , testing, and verification. In this paper, we propose a novel technique for state-space exploration of software that maintains an ongoing interaction with its environment. Our technique uses a combination of symbolic and concrete execution to build an abstract model of the analyzed(More)
Attackers often take advantage of vulnerabilities in benign software, and the authors of benign software must search their code for bugs in hopes of finding vulnerabilities before they are exploited. But there has been little research on the converse question of whether defenders can turn the tables by finding vulnerabilities in malware. We provide a first(More)
—A security analyst often needs to understand two runs of the same program that exhibit a difference in program state or output. This is important, for example, for vulnerability analysis, as well as for analyzing a malware program that features different behaviors when run in different environments. In this paper we propose a differential slicing approach(More)
—Medical devices used for critical care are becoming increasingly reliant on software; however, little is understood about the security vulnerabilities facing medical devices and their software. To investigate this open question, we analyze the security of software that controls a modern Automated External Defibrillator (AED) used for treating cardiac(More)