log in  |  register  |  feedback?  |  help  |  web accessibility
Towards Secure Systems via Precise Causal Analysis and Program Transformation
Iribe, Room 4105 (Zoom link: https://umd.zoom.us/j/92977540316?pwd=NVF2WTc5SS9RSjFDOGlzcENKZnNxQT09)
Monday, March 13, 2023, 2:00-3:00 pm Calendar
  • You are subscribed to this talk through .
  • You are watching this talk through .
  • You are subscribed to this talk. (unsubscribe, watch)
  • You are watching this talk. (unwatch, subscribe)
  • You are not subscribed to this talk. (watch, subscribe)

Software plays a critical role in computing systems, including cyber-physical systems such as drones. Unfortunately, understanding complicated software systems is challenging, resulting in insecure and vulnerable systems. A fundamental challenge for security analysis of modern systems is handling overwhelming complexity and dependencies among the software components. In addition, improving forensic techniques such as decompilation against ever-increasing malware is of utmost importance, while it is difficult to achieve in practice due to the complexity of the techniques and sophisticated anti-forensic techniques. 

In this talk, we will walk through two systems dealing with complex software systems to improve the security of the systems: (1) finding logic flaws in drone swarm algorithms and (2) enhancing the robustness of Python decompilers against sophisticated malware.  Specifically, I will demonstrate how a complex drone swarm's behavior can be systematically measured and understood, eventually guiding a greybox fuzz testing to effectively test diverse behaviors of drone swarms and discover logic flaws. I will introduce the novel interpretation of counterfactual causality in the context of robotics. With the system, we find 42 unique mission failures, 15 root causes, and 15 potential fixes confirmed by developers. For forensic analysis of Python malware binaries, I will walk you through explicit and implicit errors (which silently generate incorrect decompiled code) of decompilers, which can prevent and mislead forensic analysis of malware binaries. Then, I will show that instead of fixing the decompilers, we can transform failure-inducing binaries into decompilable binaries with a set of program transformation techniques. With this system, we enabled the decompilation of 17,117 real-world Python malware binaries, resolving 77,022 decompilation errors.  

Finally, I will present my future plan to further secure computing systems by constructing and integrating security primitives such as counterfactual causality, program transformation, and statistical/probabilistic analysis. 


Yonghwi Kwon is an assistant professor of computer science at the University of Virginia. He is broadly interested in solving system security problems via program analysis and counterfactual causality inference. He is a recipient of the NSF CAREER and CRII Awards in 2022 and 2018, two ACM Distinguished Paper Awards in 2019 and 2013, Best Paper Awards in Automated Software Engineering (ASE) and WISA in 2013 and 2022, and Maurice H. Halstead Memorial Award in 2017. He also led UVA's Collegiate Cyber Defense Competition Team, which won the championship of National CCDC in 2019 and 2020.

This talk is organized by Dana Purcell