Binary Program Analysis and Model Extraction for Security Applications

25 Mar

Juan Caballero, Carnegie Mellon University and University of California, Berkeley (USA)

External Presentation (External Speaker)


In this talk I present a platform to extract models of security-relevant functionality from program binaries, enabling multiple security applications such as active botnet infiltration, finding deviations between implementations of the same functionality, vulnerability signature generation, and finding content-sniffing cross-site scripting (XSS) attacks.
In this talk, I present two applications: active botnet infiltration and finding content-sniffing XSS attacks.

Botnets, large networks of infected computers under control of an attacker, are one of the dominant threats in the Internet, enabling fraudulent activities such as spamming, phishing, and distributed denial-of-service attacks.
To build strong botnet defenses, defenders need information about the botnet’s capabilities and the attacker’s actions.
One effective way to obtain that information is through active botnet infiltration, but such infiltration is challenging due to the encrypted and proprietary protocols that botnets use to communicate.
In this talk, I describe techniques for reverse-engineering such protocols and present how we use this information to infiltrate a prevalent, previously not analyzed, spam botnet.

Cross-site scripting attacks are the most prevalent class of attacks nowadays. One subtle class of overlooked XSS attacks are content-sniffing XSS attacks. In this talk, I present model extraction techniques and how they enable finding content-sniffing XSS attacks.
We use those models to find attacks against popular web sites and browsers such as Wikipedia when accessed using Internet Explorer 7.
I describe our defenses for these attacks and how our proposals have been adopted by widely used browsers such as Google Chrome and IE8, as well as standardization groups.

Who is Juan Cabellero?

Juan Caballero is a Ph.D. candidate in Electrical and Computer Engineering at Carnegie Mellon University and a visiting student researcher at the EECS department of University of California, Berkeley, under the supervision of his advisor Prof. Dawn Song.
His research interests center on computer security, including security issues in systems, software, and networks.
His Ph.D thesis deals with developing binary program analysis techniques to enable security applications such as active botnet infiltration, finding deviations between implementations of the same functionality, signature generation, and finding evasion attacks.
His research bridges other disciplines such as networking and programming languages.

Juan is a recipient of the La Caixa fellowship for graduate studies and won the best paper award at the Usenix Security Symposium in 2007.
He holds a M.Sc. in Electrical Engineering from the Royal Institute of Technology (KTH) and a Telecommunications Engineer degree from Universidad Politecnica de Madrid (UPM).

The conference will be conducted in English


  • Location: Sala de Juntas 3.3.B01, Edificio Rey Pastor (Biblioteca), Universidad Carlos III de Madrid, Avda. Universidad, 30, 28911 Leganes – Madrid

  • Organization: NETCOM Research Group (Telematics Department, University Carlos III of Madrid, Spain); IMDEA Networks (Madrid, Spain)
  • Time: 03:00pm
  • Add to Calendar: iCalendar Outlook Google