It is open source! Check it out HERE.
Daphne and Xiaokui gave a tutorial on program anomaly detection at ACM CCS in ACM CCS '16. It is useful for all researchers and practitioners who are interested in data analytic and program analysis tools for designing innovative security methods.
Daphne's 2017 keynote slides on program anomaly detection in the cloud at ASIACCS SCC can be found here.
Daphne is to present program anomaly detection at IEEE Dependable Systems and Networks (DSN). Our system CMarkov provides context-sensitive and probabilistic classification of program traces for security.
Joint work with Ke Tian, Kui Xu, Barbara Ryder.
Xiaodong Yu (PhD Student)
Ya Xiao (PhD Student)
The conventional attack model assuming a stand-alone malware app may be inadequate for mobile security. Multiple apps can collude to leak sensitive information or abuse system resources.
Existing methods are not designed to defend against such sophisticated collusion attacks on Android. New program analysis and classification techniques on pairs or chains of apps are needed.
Scalability and false alarms are two foremost research challenges. Our new AsiaCCS '17 work computes the collusion threats of more than 100,000 Android apps.+ Learn more
Context is a key for security analysts to reason about the legitimacy of observed system and network events.
Finding out why things occur and why they occur in a specific order are like telling stories about the computers and users.
We coined the phrase storytelling security to refer to a general causal reasoning approach for security.
Our group has successfully demonstrated several concrete embodiments for network security (C&S 2016, ASIACCS 2014), web security (TDSC 2012, NSS 2011), and Android security (C&S 2016, AISec 2016).
We hold two U.S. patents on the causality for security technologies.
Software vulnerabilities are costly. NIST estimates that cost to be $60 billion each year, which includes the costs for developing and distributing software patches and reinstalling infected systems and the lost productivity due to malware and errors.
The problem of software vulnerabilities is not new. What is new and promising is the increasing adoption of cryptography and security mechanisms in common software applications. However, it is difficult to write crypto code correctly.
Surprisingly, the practical task of securing cryptographic implementation is still in its infancy. This status is in sharp contrast with the multi-decade advancement of modern cryptography.
This gap became particularly alarming, after multiple high-profile discoveries of cryptography-related vulnerable code in widely used network libraries and tools (e.g., the lack of authenticated encryption in iMessage, Diffie-Hellman key exchange downgrade vulnerability in TLS, and the exposure of random seeds in Juniper Network).
Our ongoing effort is on cryptographic program analysis (CPA), where we design rigorous static program analysis to detect crypto vulnerabilities in code C programs (IEEE SecDev 2017) and Java programs.
Our ICSE '18 work on empirical findings from the Stack Overflow forum are interesting. They motivate the need for effective crypto coding assistance.