Systems Seminar

EPFL IC Systems Seminar

When Program Analyses may, or may not, solve your Security problems



Abstract

Many proposals in software security research build on program analysis techniques originally proposed in domains like software testing and verification or programming language research. Powerful analyses of this kind involve for example execution paths and input characteristics that influence them as with symbolic execution, or data-flow facts and information-flow tracking where taint analysis proves its worth. Software security scenarios often pose further challenges to these analysis, such as an adversary actively trying to hinder them, the inevitably limited robustness of the instrumentation framework that backs their implementation, or alternative execution paradigms used to achieve malicious flows.

In this talk we will share our experience in applying program analyses to binaries for tasks such as malware analysis, reverse engineering, and bug identification

Bio

Daniele Cono D’Elia is a postdoctoral researcher at Sapienza University of Rome. He obtained his PhD from Sapienza in 2016 on programming languages topics, working on performance profiling and code transformation techniques for dynamic compilers. In 2014 he was a visiting scholar at Purdue University. Starting with his postdoc, he has explored code analysis and transformation techniques to address software security problems. He currently researches in malware analysis, code reuse attacks, code obfuscation, and transparent analysis systems.