CRII: SaTC: ExHume: An Empirical Approach to Program Analysis for Security
New York University, New York NY
Investigators
Abstract
As software controls an ever-increasing number of devices that perform critical tasks, their security and robustness are of paramount importance to society. In addition, malicious software and "greyware" that violates the privacy of users causes billions in damage every year and erodes public confidence in computing systems. However, despite decades of work on techniques to analyze software with automated techniques, it remains a difficult and largely manual task. The ExHume project aims to address this issue by collecting detailed information about both normal and erroneous behaviors of a large corpus of real-world software. This behavioral information will then be used to inform a new generation of empirically guided program analysis techniques, with the goal of significantly improving software vulnerability discovery and reverse engineering techniques. The technical approach taken by ExHume is to capture in vivo traces of software using low-overhead record and replay techniques. This corpus, which will consist of normal and buggy executions of benign and malicious software, can then be mined to extract a wide variety of detailed, dynamic information about the runtime properties of the software under test. Specifically, the data gathered will be used to create (a) new heuristics for guiding program exploration, which can be used for symbolic execution and guided fuzz testing; (b) methods for identifying previously unseen implementations of known functionality and algorithms; and (c) a set of domain-specific dynamic taint analyses that can aid in explicating the features used by image processing and machine learning algorithms.
View original record on NSF Award Search →