Understanding and Protecting Closed-Source Systems using Dynamic Analysis
Speaker: Brendan Dolan-Gavitt
February 12, 2015 - 4:00 p.m. to 5:00 p.m.
Location: Sage 3101
Hosted By: Dr. Bulent Yener (x6907)
We are constantly surrounded by computing systems, including cars, coffee makers, phones, and of
course traditional desktops and laptops. The internal details of such systems are often tenuously
understood, even by their creators. In order to fully evaluate their security, these details are of
vital importance; however, for systems where source and documentation are not available, gaining
the requisite understanding requires time-consuming and expensive manual reverse engineering. In
this talk, I will discuss how dynamic program analyses can be used to uncover undocumented
assumptions and operating principles of real-world, closed-source systems. In particular, I will
describe and evaluate novel dynamic analyses to identify enforced kernel data structure invariants,
perform whole-system subprogram extraction for virtual machine introspection, and locate
interesting hook points in an OS and its applications. Finally, I will outline a research program
whose goal is to enable rapid understanding of large and complex computing systems, and consider
what can be done to make such internal workings transparent by design.
Brendan Dolan-Gavitt is a postdoctoral researcher at Columbia University in the IDS Lab, developing
techniques to automate the understanding of large, real-world systems in order to improve their
security. Prior to joining Columbia, he obtained his PhD from Georgia Tech. His primary research
interests are in systems security, and in particular in virtual machine introspection, reverse
engineering, and program analysis.
Last updated: February 3, 2015