Analysis and Defense of Vulnerabilities in Binary Code

New vulnerabilities are constantly discovered and exploited by attackers. A major focus of my research is developing techniques for protecting vulnerable applications when the program is only readily available as binary (i.e. executable) code. Since most programs are available in binary form, and binary-only analysis does not require cooperation of the source code vendor, this line of research is likely to impact a wide audience.

In this talk, I show two new security applications of binary code analysis: automatic patch-based exploit generation, and automatic input filter generation. In this first part, I show how binary analysis can be used to automatically generate exploits based upon patches released from Windows Update. An immediate consequence of this line of research is that many current vendor patching practices are insecure because they allow attackers to create new exploits before all vulnerable hosts can receive a patch. All is not lost, however. In the second part of this talk, I show how to defend against exploits by automatically generating input filters. Input filters remove exploits from the input stream, thus allowing the vulnerable application to continue to operate normally even under attack. The generated input filters are guaranteed to only filter out exploits, thus safe to automatically deploy.
David Brumley is a PhD student in Computer Science at Carnegie Mellon University. His current work focuses on software security. His research and interests also include all areas of security, as well as programming languages, compilers, formal methods, and systems. He is a recipient of the Symantec Research Fellowship Award for 2007. His research has won several awards, including 2 best paper awards at top-tier security conferences.