Adam Dugger - Arxan
"Signature Analysis Coupled With Slicing Analysis for the Validation of Software"
Oct 15, 2008PDF (763KB) Download: MP4 Video Size: 331.2MB
Watch on YouTube
AbstractWhat if you could determine exactly where, in any compiled binary, a security threat existed?
Answering this question has been the fundamental goal of anti-virus software for many years past, with limited success. Instead, what if you could determine not where security threats do exist, but where they could possibly exist? This is certainly a step in the right direction for total software security -- one which puts us well on our way to being able to develop applications safe against hidden malicious code. All of this is possible with the machine code analysis methodology known as Signature Analysis.
However, consider the following question: What if you could determine exactly where, in any compiled binary, a security threat might exist, and, further, precisely what this threat might affect later in the application’s execution?
This information can be retrieved by combining the capabilities of Code Slicing Analysis with the previously mentioned Signature Analysis. This paradigm not only assists in hardening against currently known threats, but it also identifies areas that are affected by those threats.
These principles form the framework for a novel static technique for ensuring software integrity. The goal of this seminar is to present these ideas and to discuss possible future applications.
About the Speaker
Adam Dugger graduated from Purdue University with a double major in Computer Science and Mathematics in May of 2007. Adam now works for Arxan Defense Systems on a variety of research projects. His presentation focuses on the use of Signature Analysis coupled with Slicing Analysis for detection of malicious code. He has applied known techniques used in anti-virus scanners for use in system integrity checking.
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...