Speaker:	Gogul Balakrishnan , NEC Laboratories America, Inc.
Period:	2009-06-02 16:00 ~ 2009-06-02 17:00
Place:	Room 308, Bldg 302, SNU

Abstract

What You See Is Not What You eXecute: computers do not execute source-code programs; they execute machine-code programs that are generated from source code. Not only can the WYSINWYX phenomenon create a mismatch between what a programmer intends and what is actually executed by the processor, it can cause analyses that are performed on source code -- which is the approach followed by most security-analysis tools -- to fail to detect bugs and security vulnerabilities. Moreover, source code is not available for a lot of programs such as viruses, worms, Commercial Off the Shelf (COTS) components, etc.
In this talk, I will highlight some of the advantages of analyzing executables directly, and discuss the algorithms we have developed to recover information from stripped executables about the memory-access operations that the program performs. These algorithms are used in the CodeSurfer/x86 tool to construct intermediate representations that are used for browsing, inspecting, and analyzing stripped x86 executables. Finally, I will show the results of using CodeSurfer/x86 to find bugs in Windows Device Drivers.
Joint work with T. Reps (UW), J. Lim (UW), and T. Teitelbaum (Cornell and GrammaTech, Inc.).

Short bio

Education:
Aug 2007 Ph.D. Computer Science, University of Wisconsin, Madison, USA
May 2003 M.S. Computer Science, University of Wisconsin, Madison, USA
May 2001 B.E. Computer Science and Engineering, College of Engineering Guindy Anna University, Chennai, India

Research and Work Experience:
Oct 2007 - Present Research Staff Member, NEC Laboratories Inc., Princeton, NJ, USA
Aug 2001 - Aug 2007 Research Assistant, University of Wisconsin, Madison, WI, USA

Awards and Distinctions:
2008 Outstanding Graduate Research Award (UW Computer Sciences Department)
2004 EAPLS Best Paper Award at ETAPS 2004 (with T. Reps)

Resources

• talk slide