*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Tess Malone, Communications Officer
Summary Sentence: Fish Wang gives talk.
Full Summary: No summary paragraph submitted.
Fish WangTITLE: Enhancing the Discovery and Mitigation of Vulnerabilities in Binary
Programs
ABSTRACT:
In the computing landscape of the modern world, our devices and systems, including PCs, servers, industrial control systems, and smart/embedded devices, are increasingly relying on programs for which the source code is unavailable to end users, security analysts, and even manufacturers — termed “binary programs.” Oftentimes, binary programs are not fully secure, and through these devices and systems, vulnerabilities in binaries may have a broad impact on society. Because of the intrinsic complexity of programs, the discovery and mitigation of vulnerabilities in binaries is generally viewed as a difficult task. It is only more difficult due to the loss of information, especially semantics, through compilation and optimization.
In this talk, I will present my research on improving the discovery and mitigation of vulnerabilities in binaries without requiring source code. I approach this goal from different angles. I will first discuss improvements on traditional vulnerability discovery techniques, such as fuzz testing, by complementing them with assistance from either symbolic execution engines or intelligence from non-expert humans. I will then showcase a novel technique for static binary rewriting with extremely low overhead, which greatly reduces the performance impact of vulnerability mitigation and program hardening on binaries. These techniques are built upon the angr binary analysis platform, which I co-founded and maintain to help foster the future of binary analysis.
BIO:
Ruoyu (Fish) Wang is a Ph.D. candidate in the SecLab of the Department of Computer Science at the University of California, Santa Barbara, being advised by Professors Giovanni Vigna and Christopher Kruegel. His research focuses on system security, especially on automated binary program analysis and reverse engineering of software. He is the co-founder and a core developer of the binary analysis platform angr. He is a core member of the CTF team Shellphish and the CGC team Shellphish CGC, with whom he won the third place in the Final Event of the DARPA Cyber Grand Challenge in 2016.
