As software has proliferated to become a critical part of our daily lives, increasing in both variety and volume beyond the ability of human hackers to effectively analyze it, the need for automated techniques to identify and mitigate bugs and vulnerabilities has become painfully apparent.
Over the last few decades, several paradigms for the design of such automation have been explored by security researchers, numerous buzzwords have been coined, and many papers have been written to convey various techniques. The culmination of this push, thus far, is last year's DARPA Cyber Grand Challenge, a competition in which completely automated systems found, exploited, and patched software vulnerabilities. But looking at the CGC from the outside is misleading: one sees huge racks of servers battling it out on stage, but doesn't see the program analysis methods used, the subtle trade-offs accepted, and the real capabilities and limitations of these systems. One also doesn't see why, outside of the controlled CGC environment, automated techniques don't actually scale to the analysis of real-world software!
This talk will provide a better vantage point. I will take you inside the minds of the teams that created the Mechanical Phish, the machine that won third place in the competition. I will describe the research that created angr, a binary analysis framework that enabled the powerful vulnerability identification and remediation techniques that the Mechanical Phish is composed of. We'll learn, about the capabilities, achievements, and limitations of the Mechanical Phish and its opponent systems, and in potential ways to address these limitations so that autonomous techniques can be applied on complex, real-world software.
All of this is open source. The growing community around the project, including research labs and companies around the world, are actively pushing forward the frontier of binary analysis. With ever-improving vulnerability detection and remediation techniques, we hope to introduce automated binary analysis techniques into the standard arsenal of the "good guys", making our world more secure in the process. Come to this talk and join us.
Yan Shoshitaishvili has been crashing programs (accidentally and otherwise) since he was 8. He is currently an Assistant Professor at Arizona State University, leading cutting-edge research in the field of binary analysis. He has a strong belief in open sourcing his research so that it can be built upon by others. In his spare time, he is one of the hacking aces on Shellphish, the longest-running CTF team in the world, whom he led to a 3rd-place victory and a big prize payout at the DARPA Cyber Grand Challenge.