The growing threat of malware in embedded systems and the possibility of adversaries crafting one-of-a-kind sophisticated malware as a catastrophic cyberweapon makes malware detection a high priority topic for advanced research, college education, and professional training. There is a need for automated detection tools for commercial applications as well as a need for sophisticated apparatus to discover evasive malware targeted at defense applications. With those needs in mind, this tutorial will show the participants how to effectively deploy program analyses for cybersecurity.
The tutorial will be filled with interesting demonstrations of practical techniques, their applicability and limitations, and the underlying formal framework for future advances. We will discuss a novel and easy-to-understand graph paradigm of program analysis as the backbone of the framework. We will introduce Atlas, a platform designed to deploy the graph paradigm effectively. We will show how Atlas makes it easy to develop automated tools by taking away the burden of programming low-level program analysis constructs. We will demonstrate the Android Security Toolbox, an Atlas plug-in, as a sophisticated apparatus we developed through the DARPA APAC program.
The participants will get a hands-on experience in the powerful applicability of the graph paradigm through Atlas by observing its use to perform visual graph interactions or write small graph traversal programs to perform analyses that would otherwise take days of conventional programming. Researchers, college professors, and professional practitioners will find that they can build on the tutorial material and incorporate the graph program analysis paradigm to foster their special interests in research, teaching, or professional practice.
Venue: MILCOM 2015, Tampa, Florida, October 2015.
Authors: Suresh Kothari, Benjamin Holland