Bio

Christian Collberg is a Professor at the Department of Computer Science at the University of Arizona. He got his PhD from Lund University, Sweden and taught at University of Auckland, New Zealand, before joining Arizona. His current research interests lie in the protection of software from reverse engineering and tampering, as well as in the reproducibility of computer science research (see FindResearch.org). He is the author of "Surreptitious Software, Obfuscation, Watermarking, and Tamperproofing for Software Protection".

Course abstract

We will look at traditional ways of obfuscating code, i.e. ways to make software harder to understand and analyze. There will be a significant hands-on practical component to this part of the course, where we will obfuscate code using automatic tools.

Bio

Roberto Giacobazzi was born in 1964 in Modena, Italy. He received the Laurea degree in Computer Science in 1988 from the University of Pisa, and in 1993 he received the Ph.D. in Computer Science from the same university. From 1993 to 1995 he had a Post Doctoral Research position at Laboratoire d'Informatique (LIX), Ecole Polytechnique (Paris) in the equipe Cousot. From 1995 to 1998 he was (tenured) Assistant Professor in Computer Science at the University of Pisa. From 1998 to 2000 he was Associate Professor at the University of Verona. From May 2000 until now he is Full Professor in Computer Science at the University of Verona. The research interests of Roberto Giacobazzi include abstract interpretation, static program analysis, semantics of programming languages, program verification, abstract model-checking, program transformation and optimization, digital asset protection, code obfuscation, software watermarking and lattice theory.

Course abstract

In this course I will introduce the basics of code obfuscation starting from its formal definition towards the impossibility result on universal Virtual-Black Box obfuscation of a generic Turing Machine. We then see how to weaken this result in order to have possibility results for restricted models of attack to SW systems as specified as automatic program analysis tools and algorithms. We will see through some examples how obfuscation can become possible against an attacker specified as an interpreter and how virtualisation provides the best strategy to protect your code against automated program analysis.

Bio

Bjorn De Sutter is associate professor in the Computer Systems Lab at the Faculty of Engineering and Architecture of Ghent University. He got both his MSc and his PhD from Ghent University in 1997 resp. 2002. Amongst others, he teaches courses on Compilers, and on Software Hacking and Protection, which are also his major research interests. The focus of his compiler technology research is on increasing the productivity of programmers by automating necessary tasks for non-functional requirements, incl. the protection of software against all kinds of attacks. His more than 80 peer-reviewed publications cover protections against fault injection attacks, against tampering attacks, against reverse engineering attacks, against memory exploit attacks, against patch-based attacks, and against timing side channel attacks. He coordinated the EU FP7 STREP ASPIRE (Advanced Software Protection: Integration, Research, and Exploitation), which was evaluated by the EC as excellent in Feb. 2017, and participated in numerous other national and international projects. He received the Annual FWO Barco Award in 1998 for his Master thesis, and is the recipient of a 2013 HiPEAC Technology Transfer Award.

Course abstract

Lecture 1: Anti-deobfuscation techniques

In the first part of this lecture, we will study the most powerful deobfuscating attacks, including both methods deployed today by industrial penetration testers and state-of-the-art academic methods such as debugging, pointer chaining, tracing, pattern matching, symbolic execution, and generic de-obfuscation techniques. In the second part of the lecture, we will discuss some advanced defenses against these attacks, such as more advanced obfuscations, but also anti-taint techniques, anti-debugging techniques, anti-tracing techniques, anti-tampering techniques, and code mobility and renewability.

Lecture 2: Protection Evaluation

In the first part of this lecture, we will address important aspects of software protection strength, such as potency, resilience, and stealth. What are they, when to they matter, why do they matter, how can we measure them? We will also discuss techniques to model the relation between attacks and protections. In the second part of the lecture, we will discuss do’s and don’ts of penetration testing experiments, i.e., experiments in which attackers are asked to attack protected code to learn about the level of protection that is achieved. There are quite some pitfalls to avoid in order to end up with meaningful results

Bio

I am a full time Professor in the department of Computer Science, University at Louisiana, Lafayette, USA. I earned my Ph.D. degree in C omputer Science from the Case Western Reserve University in 199 0. My research interests are malware analysis and autonomous vehicles

Course abstract

Analysis of malware introduces new challenges that are not present when analyzing programs in the normal context. Besides the fact that the programs are in a binary form, they are explicitly created to defeat analysis by hiding behind undecidability. Nonetheless, I will show that program analysis methods can indeed be used to answer a variety of questions related to malware. For instance, by relaxing the requirements of safety one can use program analysis to provide semantics based “features” to a machine learner. Similarity analysis is a key tool for understanding and querying big-data of code, in particular in the context of malware analysis and mitigation. We will provide an end-to-end experience in analyzing malware binaries, extracting semantics features, and using those in a machine learner to find similar malware in a repository. We will use these hands-on exercises to also highlight opportunities and challenges for further research, and introduce you to the state-of-the-art technologies to get started.

Bio

Mr. Gu was the co-founder of Cloakware Corporation that. In 2007, Cloakware was acquired by Irdeto. Since then, as a chief architect and a senior research director of Irdeto, Mr. Gu is also leading the development of next generation Cloakware technology, and research collaboration with research communities worldwide. Mr. Gu has been invited and visited over 40 universities and research institutes in North American, Europe and Asia, and organizing international security forums (workshops, summer schools, and association) and becomes an active speaker at many international conferences and workshops to promote software security and protection. Mr. Gu was invited being a guest professor of Northwest University in China. As a native Chinese, Mr. Gu often represents Irdeto to involve many business development and research collaboration activities in China. Prior to joining Cloakware, Mr. Gu has worked as a senior scientist and architect at Nortel Networks. Previously, Mr. Gu was a visiting professor at the Computer Science School of McGill University at Montreal of Canada between 1988-1990. Before relocated to Canada, Mr. Gu was a professor in the Computer Science Department at Northwest University in China. Mr. Gu received the First Outstanding Young Scientists Foundation Award from the Chinese Academy of Sciences in 1985, and has about four decades of software research and development knowledge and expertise, and has published more than two dozens of patents and patent applications.

Course abstract

No matter for business use or personal use, un-trusted environments have more dominated in digital world from consumer devices to home networks, to the public Internet, to the cloud and web services, and to the Internet of Things, where traditional security models are inadequate to address emerging threat models and attacks. The wireless connectivity quickly gains in popularity in recent years and provides anything/anytime/anywhere connection to playing contents, e-mail, instant messaging, online gaming and shopping, mobile banking, mobile payment, weather and travel information, connected and autonomous vehicles and much more of other digital services. All of these makes white-box security and digital asset protection much more challenging. This course describes and discusses white-box software attack scenarios and security patterns (that are abstracted from many application domains in terms of use cases, v ulnerability and threat analysis, and security solutions), the security lifecycle of digital asset application mandating protection from creation, through distribution and then ultimately consumption from being deployed in the field. Also, we introduce homomorphic obfuscation technology and detail certain currently software protection technologies in markets as a guide to the state of the art including. This course is structured in two sessions: 1) a course lecture; 2) a panel to host a group of industrial experts to present, discuss and explore some most interesting software and information protection issues in emerging markets.

Bio

I am Professor of Computer Science at the University of Virginia. I received my Ph.D. from the University of Arizona in 1981 and joined the University of Virginia in 1982. Over the years, I have worked in many areas including compilers, embedded systems, high-performance computing, and computer security. My current research foci is on software protection and computer security. In the area of software security, my group has developed dynamic methods to prevent adversaries from compromising intellectual property. In the area of computer security, we have developed methods for "hardening" binaries to make them impervious to cyber attack. In 2014–2016, I lead a team at the University of Virginia that competed in the DARPA Cyber Grand Challenge (CGC)—a contest to build an autonomous supercomputer to automatically analyze vulnerable binaries and patch them—all without human intervention. Our entry, produced in collaboration with Grammatech, Inc., finished second winning a $1M prize. I am also leading a DARPA project, "Double Helix: High Assurance N-variant Systems." Double Helix is a binary analysis and transformation system that processes binary applications and produces variants with diverse binary structures that are intended to be deployed within a multi-variant system. A unique aspect of Double Helix is that it employs structured diversity to guarantee that variants behave differently yielding high-assurance systems. Both CGC and Double Helix rely on high-precision binary analysis and rewriting to reverse engineer and transform binaries.

Bio

Sébastien Bardin joined CEA LIST, France, in 2006 as a full-time researcher, with research activities centered on program analysis and automatic software verification. For a few years now, Sébastien has been interested in automating software-level security analysis by lifting formal methods developed for the safety-critical industry. More especially, he focuses on binary-level formal methods, vulnerability detection & assessment, and malware deobfuscation. He leads the "binary-level security" group at CEA LIST as well as several related research projects, and he is one of the main designers of the (open-source) BINSEC platform for binary-level code analysis. Sébastien Bardin obtained his PhD in 2005 at ENS Cachan, France, in the field of formal methods.

Bio

Damien Couroussé is a research engineer at CEA (Commissariat à l’Énergie Atomique et aux Énergies Renouvelables) since 2011. He received his PhD degree in 2008 a PhD from INPG (Institut National Polytechnique de Grenoble) in Engineering of Cognition Creation and Learning, working on embedded computing architectures for virtual reality and mutisensory systems, and spent two years in the industry at Logica CMG as an expert in Linux and embedded systems. His research works focus on compilation and runtime code generation for performance and cybersecurity. He has contributed to several European collaborative projects, and is coordinator of the COGITO project (ANR INS 2013).

Course abstract

In this course we will focus on side channel attacks. We will first show how and why these attacks are powerful and effective, especially against embedded devices. We will present the main principles of countermeasures currently used in secured systems, and discuss the metrics for measuring the effectiveness of such countermeasures. As time permits, we will discuss at the end of the course solutions to automate the applications of such countermeasures at the software level.

Bio

Ronan Lashermes is a postdoctoral researcher at INRIA Rennes, in the LHS lab. Engineer from Grenoble-INP Phelma, after finishing a Ph.D. with the CEA and the UVSQ in 2014, he worked in a startup to develop physical attack benches for devices evaluation. He later joined INRIA and the LHS lab for a postdoc on fault attacks. He is interested in the security of embedded systems and hardware components and how the abstraction barriers (mathematics/software, hardware/software) can be exploited to compromise a device.

Course abstract

What happens if your program is not executed as it should, if some instructions are not executed? Here comes the world of fault injection attacks, where all your assumptions on the adversary's capabilities tumble down. Fault attacks have mainly been used to break cryptographic algorithms in the past, but we will see how they can also be used in relation with software attacks against embedded systems (Phones, IoT, set-top boxes...). Of course, what we can do to protect ourselves will be discussed as well as the impact of modern technologies (complex SoC, TrustZone, ...). Finally, we will try to analyze some pieces of software to spot vulnerabilities wrt fault attacks and discuss what can be automated by tools and what would be hard to achieve automatically.

Bio

Josselin Feist is a Senior Security Engineer at Trail of Bits where he works on the design and implementation of program analysis techniques. He holds a Ph.D. in static analysis and symbolic execution. At Trail of Bits, he brings his experience on adapting theoretical methods to practical problems. Josselin has spoken at both academic and industrial conferences.