Abstract

Disassemblers and debuggers, tools that were in vogue two decades ago, have resurged. In the past these tools were used by programmers to track bugs, now they are used by security analysts to find hidden features. The catch is that these tools, and other techniques for program analysis, were developed as an aid for program development. They were not designed to aid security analysts, and it is no surprise that they can easily be fooled. The talk will demonstrate the limitations of these technologies, and explain the theory underlying their limitations.

Developing tools that aid in analyzing adversarial programs requires us to go back to the drawing board. Besides presenting a broad vision for adversarial code analysis, this talk will highlight some kinks in the armor of a malware writer. The talk will also present some emerging technologies geared for analyzing unfriendly program, for instance, a deobfuscating disassembler to aid in finding and analyzing specific obfuscations; a reverse morpher to undo metamorphic transformations; and a virus phylogeny generator to match a new sample with a database of known malware.