SlideShare a Scribd company logo

Moving Anti-Malware Research Forward (Fraser)

Michael Scovetta
Michael Scovetta

Presentation from the Colloquium on Future Directions in Cyber Security on Nov 7, 2011.

TechnologyBusiness
1 of 4
Download to read offline
Tim Fraser Program Manager, Information Innovation Office Moving Anti-Malware Research Forward DARPA Cyber Colloquium Arlington, VA November 7, 2011 Approved for Public Release, Distribution Unlimited.
The boundary between malicious and benign is fractally complex (Source: Sentar Inc.’s MATCH project.) • We and our adversaries • Their costs are low are both exploring the • Ours are high boundary Leveling the Playing Field with Automation Approved for Public Release, Distribution Unlimited.
WANTED: Breakthroughs in Deep Program Analysis Program: Cyber Genome APAC Insight: Reuse resembles Analyses SeL4 9KLOC heredity can now [Klein 2009] scale Linux 6MLOC [Dillig 2008] Approach: Extract lineage Define and graphs demonstrate properties Application: Do profiling and Certify mobile forecasting applications Reduce Human Analysis Time – Reduce Costs Approved for Public Release, Distribution Unlimited.
DARPA Program Analysis Challenge A second way to participate in the APAC effort Open to all comers A chance to prove your program analysis chops Win cash • DARPA provides a set of mobile Early 2013 applications • Bring your own tools • Set time limit • Compete to label each app as malicious or benign most accurately E-mail ProgramAnalysisChallenge@DARPA.mil Approved for Public Release, Distribution Unlimited.

Recommended

The Listening: Email Client Backdoor
The Listening: Email Client BackdoorThe Listening: Email Client Backdoor
The Listening: Email Client Backdoor
Michael Scovetta
 
Scalable Cyber Deception (Ragsdale)
Scalable Cyber Deception (Ragsdale)Scalable Cyber Deception (Ragsdale)
Scalable Cyber Deception (Ragsdale)
Michael Scovetta
 
Migration stories in a digital era.
Migration stories in a digital era.Migration stories in a digital era.
Migration stories in a digital era.
DH Benelux
 
TIC-Migrations
TIC-MigrationsTIC-Migrations
TIC-Migrations
TIC-Migrations
 
E diasporas atlasnovember2010
E diasporas atlasnovember2010E diasporas atlasnovember2010
E diasporas atlasnovember2010
TIC-Migrations
 
DMI Summer 2010 - Final Presentations
DMI Summer 2010 - Final PresentationsDMI Summer 2010 - Final Presentations
DMI Summer 2010 - Final Presentations
Digital Methods Initiative
 
E-diasporas Atlas
E-diasporas AtlasE-diasporas Atlas
E-diasporas Atlas
TIC-Migrations
 
A Protest’s Web: The Cross-Syndication Practices of G20 Toronto Summit Online...
A Protest’s Web: The Cross-Syndication Practices of G20 Toronto Summit Online...A Protest’s Web: The Cross-Syndication Practices of G20 Toronto Summit Online...
A Protest’s Web: The Cross-Syndication Practices of G20 Toronto Summit Online...
annehelmond
 

Recommended

The Listening: Email Client Backdoor
The Listening: Email Client BackdoorThe Listening: Email Client Backdoor
The Listening: Email Client Backdoor
Michael Scovetta
 
Scalable Cyber Deception (Ragsdale)
Scalable Cyber Deception (Ragsdale)Scalable Cyber Deception (Ragsdale)
Scalable Cyber Deception (Ragsdale)
Michael Scovetta
 
Migration stories in a digital era.
Migration stories in a digital era.Migration stories in a digital era.
Migration stories in a digital era.
DH Benelux
 
TIC-Migrations
TIC-MigrationsTIC-Migrations
TIC-Migrations
TIC-Migrations
 
E diasporas atlasnovember2010
E diasporas atlasnovember2010E diasporas atlasnovember2010
E diasporas atlasnovember2010
TIC-Migrations
 
DMI Summer 2010 - Final Presentations
DMI Summer 2010 - Final PresentationsDMI Summer 2010 - Final Presentations
DMI Summer 2010 - Final Presentations
Digital Methods Initiative
 
E-diasporas Atlas
E-diasporas AtlasE-diasporas Atlas
E-diasporas Atlas
TIC-Migrations
 
A Protest’s Web: The Cross-Syndication Practices of G20 Toronto Summit Online...
A Protest’s Web: The Cross-Syndication Practices of G20 Toronto Summit Online...A Protest’s Web: The Cross-Syndication Practices of G20 Toronto Summit Online...
A Protest’s Web: The Cross-Syndication Practices of G20 Toronto Summit Online...
annehelmond
 
Smooth CoffeeScript
Smooth CoffeeScriptSmooth CoffeeScript
Smooth CoffeeScript
Michael Scovetta
 
Introducing the Ceylon Project
Introducing the Ceylon ProjectIntroducing the Ceylon Project
Introducing the Ceylon Project
Michael Scovetta
 
The Ceylon Type System
The Ceylon Type SystemThe Ceylon Type System
The Ceylon Type System
Michael Scovetta
 
Anomaly Detection at Multiple Scales (Waltzman)
Anomaly Detection at Multiple Scales (Waltzman)Anomaly Detection at Multiple Scales (Waltzman)
Anomaly Detection at Multiple Scales (Waltzman)
Michael Scovetta
 
DEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking ForDEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking For
Michael Scovetta
 
Attacking the WebKit Heap
Attacking the WebKit HeapAttacking the WebKit Heap
Attacking the WebKit Heap
Michael Scovetta
 
Secure Computer Systems (Shrobe)
Secure Computer Systems (Shrobe)Secure Computer Systems (Shrobe)
Secure Computer Systems (Shrobe)
Michael Scovetta
 
High Assurance Systems (Fisher)
High Assurance Systems (Fisher)High Assurance Systems (Fisher)
High Assurance Systems (Fisher)
Michael Scovetta
 
Systematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android SmartphonesSystematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android Smartphones
Michael Scovetta
 
National Cyber Range (Ranka)
National Cyber Range (Ranka)National Cyber Range (Ranka)
National Cyber Range (Ranka)
Michael Scovetta
 
Android Attacks
Android AttacksAndroid Attacks
Android Attacks
Michael Scovetta
 
Don't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade MachinesDon't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade Machines
Michael Scovetta
 
Strategic Surprise
Strategic SurpriseStrategic Surprise
Strategic Surprise
Michael Scovetta
 
Stackjacking
StackjackingStackjacking
Stackjacking
Michael Scovetta
 
HTML5 Web Security
HTML5 Web SecurityHTML5 Web Security
HTML5 Web Security
Michael Scovetta
 
Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013
Michael Scovetta
 
Modern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and TechniquesModern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and Techniques
Michael Scovetta
 
Exploitation and State Machines
Exploitation and State MachinesExploitation and State Machines
Exploitation and State Machines
Michael Scovetta
 
Consumer Password Worst Practices
Consumer Password Worst PracticesConsumer Password Worst Practices
Consumer Password Worst Practices
Michael Scovetta
 
A collection of examples of 64 bit errors in real programs
A collection of examples of 64 bit errors in real programsA collection of examples of 64 bit errors in real programs
A collection of examples of 64 bit errors in real programs
Michael Scovetta
 
If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)
Michael Scovetta
 
Scaling Cyberwarfare (Roelker)
Scaling Cyberwarfare (Roelker)Scaling Cyberwarfare (Roelker)
Scaling Cyberwarfare (Roelker)
Michael Scovetta
 

More Related Content

Viewers also liked

DEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking ForDEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking For
Michael Scovetta
 
Systematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android SmartphonesSystematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android Smartphones
Michael Scovetta
 
Don't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade MachinesDon't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade Machines
Michael Scovetta
 
Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013
Michael Scovetta
 
Modern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and TechniquesModern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and Techniques
Michael Scovetta
 
Exploitation and State Machines
Exploitation and State MachinesExploitation and State Machines
Exploitation and State Machines
Michael Scovetta
 

Viewers also liked (18)

Smooth CoffeeScript
Smooth CoffeeScriptSmooth CoffeeScript
Smooth CoffeeScript
 
Introducing the Ceylon Project
Introducing the Ceylon ProjectIntroducing the Ceylon Project
Introducing the Ceylon Project
 
The Ceylon Type System
The Ceylon Type SystemThe Ceylon Type System
The Ceylon Type System
 
Anomaly Detection at Multiple Scales (Waltzman)
Anomaly Detection at Multiple Scales (Waltzman)Anomaly Detection at Multiple Scales (Waltzman)
Anomaly Detection at Multiple Scales (Waltzman)
 
DEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking ForDEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking For
 
Attacking the WebKit Heap
Attacking the WebKit HeapAttacking the WebKit Heap
Attacking the WebKit Heap
 
Secure Computer Systems (Shrobe)
Secure Computer Systems (Shrobe)Secure Computer Systems (Shrobe)
Secure Computer Systems (Shrobe)
 
High Assurance Systems (Fisher)
High Assurance Systems (Fisher)High Assurance Systems (Fisher)
High Assurance Systems (Fisher)
 
Systematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android SmartphonesSystematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android Smartphones
 
National Cyber Range (Ranka)
National Cyber Range (Ranka)National Cyber Range (Ranka)
National Cyber Range (Ranka)
 
Android Attacks
Android AttacksAndroid Attacks
Android Attacks
 
Don't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade MachinesDon't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade Machines
 
Strategic Surprise
Strategic SurpriseStrategic Surprise
Strategic Surprise
 
Stackjacking
StackjackingStackjacking
Stackjacking
 
HTML5 Web Security
HTML5 Web SecurityHTML5 Web Security
HTML5 Web Security
 
Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013
 
Modern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and TechniquesModern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and Techniques
 
Exploitation and State Machines
Exploitation and State MachinesExploitation and State Machines
Exploitation and State Machines
 

More from Michael Scovetta

More from Michael Scovetta (7)

Consumer Password Worst Practices
Consumer Password Worst PracticesConsumer Password Worst Practices
Consumer Password Worst Practices
 
A collection of examples of 64 bit errors in real programs
A collection of examples of 64 bit errors in real programsA collection of examples of 64 bit errors in real programs
A collection of examples of 64 bit errors in real programs
 
If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)
 
Scaling Cyberwarfare (Roelker)
Scaling Cyberwarfare (Roelker)Scaling Cyberwarfare (Roelker)
Scaling Cyberwarfare (Roelker)
 
PROCEED and Crowd-Sourced Formal Verification
PROCEED and Crowd-Sourced Formal VerificationPROCEED and Crowd-Sourced Formal Verification
PROCEED and Crowd-Sourced Formal Verification
 
Beyond Passwords (Guidorizzi)
Beyond Passwords (Guidorizzi)Beyond Passwords (Guidorizzi)
Beyond Passwords (Guidorizzi)
 
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
 

Recently uploaded

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Recently uploaded (20)

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 

Moving Anti-Malware Research Forward (Fraser)

  • 1. Tim Fraser Program Manager, Information Innovation Office Moving Anti-Malware Research Forward DARPA Cyber Colloquium Arlington, VA November 7, 2011 Approved for Public Release, Distribution Unlimited.
  • 2. The boundary between malicious and benign is fractally complex (Source: Sentar Inc.’s MATCH project.) • We and our adversaries • Their costs are low are both exploring the • Ours are high boundary Leveling the Playing Field with Automation Approved for Public Release, Distribution Unlimited.
  • 3. WANTED: Breakthroughs in Deep Program Analysis Program: Cyber Genome APAC Insight: Reuse resembles Analyses SeL4 9KLOC heredity can now [Klein 2009] scale Linux 6MLOC [Dillig 2008] Approach: Extract lineage Define and graphs demonstrate properties Application: Do profiling and Certify mobile forecasting applications Reduce Human Analysis Time – Reduce Costs Approved for Public Release, Distribution Unlimited.
  • 4. DARPA Program Analysis Challenge A second way to participate in the APAC effort Open to all comers A chance to prove your program analysis chops Win cash • DARPA provides a set of mobile Early 2013 applications • Bring your own tools • Set time limit • Compete to label each app as malicious or benign most accurately E-mail ProgramAnalysisChallenge@DARPA.mil Approved for Public Release, Distribution Unlimited.