Towards Secure Systems via Precise Causal Analysis and Program Transformation

Talk
Yonghwi Kwon
University of Virginia
Talk Series: 
Time: 
03.13.2023 14:00 to 15:00

Software plays a critical role in computing systems, including cyber-physical systems such as drones. Unfortunately, understanding complicated software systems is challenging, resulting in insecure and vulnerable systems. A fundamental challenge for security analysis of modern systems is handling overwhelming complexity and dependencies among the software components. In addition, improving forensic techniques such as decompilation against ever-increasing malware is of utmost importance, while it is difficult to achieve in practice due to the complexity of the techniques and sophisticated anti-forensic techniques. In this talk, we will walk through two systems dealing with complex software systems to improve the security of the systems: (1) finding logic flaws in drone swarm algorithms and (2) enhancing the robustness of Python decompilers against sophisticated malware. Specifically, I will demonstrate how a complex drone swarm's behavior can be systematically measured and understood, eventually guiding a greybox fuzz testing to effectively test diverse behaviors of drone swarms and discover logic flaws. I will introduce the novel interpretation of counterfactual causality in the context of robotics. With the system, we find 42 unique mission failures, 15 root causes, and 15 potential fixes confirmed by developers. For forensic analysis of Python malware binaries, I will walk you through explicit and implicit errors (which silently generate incorrect decompiled code) of decompilers, which can prevent and mislead forensic analysis of malware binaries. Then, I will show that instead of fixing the decompilers, we can transform failure-inducing binaries into decompilable binaries with a set of program transformation techniques. With this system, we enabled the decompilation of 17,117 real-world Python malware binaries, resolving 77,022 decompilation errors. Finally, I will present my future plan to further secure computing systems by constructing and integrating security primitives such as counterfactual causality, program transformation, and statistical/probabilistic analysis.