A key challenge in dynamic information flow analysis is handling <i>implicit flows</i>, where code conditional on a private variable updates a public variable x. The naive approach of upgrading x to private results in x being <i>partially leaked</i>, where its value contains private data but its label might remain public on an alternative execution (where… (More)
This paper focuses on extensibility, the ability of a programmer using a particular language to extend the expressiveness of that language. This paper explores how to provide an interesting notion of extensibility by virtualizing the interface between code and data. A virtual value is a special value that supports behavioral intercession. When a primitive… (More)
Recent work has presented a technique based on structural entropy measurement as an effective way to detect metamorphic malware. The technique uses two steps, file segmentation and sequence comparison, to calculate file similarity. In another previous work, it was observed that similar malware have similar measures of Kolmogorov complexity. A proposed… (More)
It is important for applications to protect sensitive data. Even for simple confidentiality and integrity policies, it is often difficult for programmers to reason about how the policies should interact and how to enforce policies across the program. A promising approach is <i>policy-agnostic programming</i>, a model that allows the programmer to implement… (More)
Metamorphic malware changes its internal structure with each infection, while maintaining its original functionality. Such malware can be difficult to detect, particularly using static analysis, since there may be no common signature across infections. In this paper, we apply a score based on Singular Value Decomposition (SVD) to the challenging problem of… (More)
We analyze dynamic information-flow control for imperative languages in terms of functional computation. Specifically, we translate an imperative language to a functional language, thus accounting for the main difficulties of information-flow control in the imperative language.
Previous research has shown that hidden Markov model (HMM) analysis is useful for detecting certain challenging classes of malware. In this research, we consider the related problem of malware classification based on HMMs. We train multiple HMMs on a variety of compilers and malware generators. More than 8,000 malware samples are then scored against these… (More)