Friday, Aug. 1, 2003
4 - 5 PM
1325 CS
|
Mihai Christodorescu (web)
Computer Sciences Department (web)
University of Wisconsin, Madison (web)
Static Analysis of Executables to Detect Malicious Patterns
Malicious code detection is a crucial
component of any defense mechanism. In
this paper, we present a unique
viewpoint on malicious code
detection. We regard malicious code
detection as an
obfuscation-deobfuscation game between
malicious code writers and researchers
working on malicious code detection.
Malicious code writers attempt to
obfuscate the malicious code to
subvert the malicious code detectors,
such as anti-virus software. We tested
the resilience of three commercial
virus scanners against code
obfuscation attacks. The results were
surprising: the three commercial virus
scanners could be subverted by very
simple obfuscation transformations! We
present an architecture for detecting
malicious patterns in executables that
is resilient to common obfuscation
transformations. Experimental results
demonstrate the efficacy of our
prototype tool, SAFE (a static
analyzer for executables).
This is a practice talk for USENIX
Security'03. Comments and suggestions
about the contents, clarity, and style
of the presentation are welcome.
There will be donuts and other treats.
|
Monday, Aug. 11, 2003
4 - 5 PM
2310 CS
|
Frontline, PBS Video, "Cyber War!"
We will be playing the video
documentary "Cyber War!" from
the Frontline series on PBS. The video
will be followed by an open
discussion.
The capsule summary is:
"A new form of warfare has broken out
and the battleground is cyberspace.
With weapons like embedded malicious
code, probes and pings, there are
surgical strikes, reverse neutron
bombs, and the potential for assaults
aimed directly at America's
infrastructure - the power grid, water
supply, and the air traffic control
system."
|