University of California, Santa Barbara
March 10th, 2017
Our world is driven by interconnected software. While this connectivity provides functionality and convenience, it is not without risks: vulnerabilities are still rampant in modern software, and the exploitation of these vulnerabilities turns our connectivity into a liability. With the recent proliferation of “smart” devices, more vulnerable software than ever is connected to the internet and open to attackers.
We must find and fix these vulnerabilities before they can be exploited. In this talk, I will describe my research into an analysis pipeline that is flexible and extensible enough to target the identification of different types of vulnerabilities in binary code. I will discuss angr, the analysis framework powering this pipeline and detail how angr can be applied not only to vulnerability identification in binary code, but to vulnerability remediation as well. Finally, I will show the culmination of these techniques in the form of the Mechanical Phish, one of the world’s first fully autonomous hacking systems. Last year, the Mechanical Phish won third place in the DARPA Cyber Grand Challenge by autonomously finding, exploiting, and patching vulnerabilities in a live competition, at a scale that could not be achieved by human hackers.
I have open-sourced the Mechanical Phish and the angr framework that powers it. The growing community around the project, including research labs and companies around the world, are actively pushing forward the frontier of binary analysis. With ever-improving vulnerability detection and remediation techniques, we hope to introduce automated binary analysis techniques into the standard arsenal of the “good guys,” making our world more secure in the process.
Yan Shoshitaishvili is a Ph.D. candidate at the University ofCalifornia, Santa Barbara, with a primary research focus of program analysis and vulnerability identification.
He is currently the captain of the Shellphish, a student computer hacking group, and guides them through cybersecurity competitions worldwide.
Over the last two years, Shoshitaishvili led Shellphish’s participation in the DARPA Cyber Grand Challenge, applying his research to the creation of a fully autonomous hacking system that won third place in the competition. Underpinning this system is angr, an open-source binary analysis project founded by Shoshitaishvili in the course of his research.