Startseite // SnT // Distinguishe... // Dynamic Analyses and Their Security Applications - November 30, 2016

Dynamic Analyses and Their Security Applications - November 30, 2016

It is our pleasure to host this distinguished lecture by Prof. Xiangyu Zhang, Purdue University. The lecture will be followed by a reception. Please feel free to forward this invitation.

Date: November 30, 2016
Time:14:15
Venue: Weicker Building -Room B001 Ground floor, 4 rue Alphonse Weicker, L-2721 Luxembourg

Abstract: Dynamic analyses analyze runtime information collected during program execution. They can be classified to two categories: temporal analysis that inspects execution history and spatial analysis that studies states of program execution (e.g., memory states and disk states). They have a wide range of applications in various areas such as software debugging, testing and security.

In this talk, I will introduce a number of our dynamic analysis projects. Particularly, I will present two kinds of temporal analyses: (1) audit logging; and (2) forced execution. Audit logging analyzes software system behavior by inspecting their system level event traces such as file reads/writes and sockets sends/receives. It is critical for understanding advanced security attacks to enterprise systems. Forced execution forces a program to execute even when the required environmental and input conditions are not satisfied. It is highly-effective in disclosing hidden malicious logic in executable programs. In the presentation, I will discuss how audit logging can be used to analyze Advanced Persistent Threat (APT) attacks and how forced execution can be used to disclose stealthy unwanted behaviors in a large number of iOS apps.

I will also introduce memory forensic analysis, which is a kind of spatial analysis. It inspects the memory snapshot of a process to recover critical information such as the files that are being edited in a document processing software, the ongoing conversation in a social-networking software, and the pictures that were taken by a camera app in the past but not saved to disk. Such information is extremely useful in attack investigation.

Xiangyu Zhang is a professor at Purdue University. He received his PhD degree in the University of Arizona in 2006. He works on dynamic and static program analysis and their applications in debugging, testing, forensic analysis, and data processing. He is currently a Purdue University Scholar. He has received the 2006 ACM SIGPLAN Distinguished Doctoral Dissertation Award, NSF Career Award, ACM SIGSOFT Distinguished Paper Awards, Best Student Paper Award on USENIX'14, Best Paper Award on CCS'15 and Distinguished Paper Award on NDSS