[PRL] Fwd: [MIT-PL] 1/20: Ben Livshits on multi-execution

Mitchell Wand wand at ccs.neu.edu
Tue Jan 10 10:41:46 EST 2012


---------- Forwarded message ----------
From: Jean Yang <jeanyang at csail.mit.edu>
Date: Tue, Jan 10, 2012 at 10:29 AM
Subject: [MIT-PL] 1/20: Ben Livshits on multi-execution
To: pl at lists.csail.mit.edu
Cc: Sally Lee <sally at csail.mit.edu>


Hi all,

  Next Friday we will have the pleasure of hearing Ben Livshits from
Microsoft Research speak about his work on multi-execution.

Hope to see you there.
Jean

---

Title: Multi-execution as an alternative to symbolic execution
Time: 2:30-3:30pm; refreshments at 2:15
Location: 32-G882 (8th floor reading room)

This talk will cover out recent work that explores multi-execution
techniques as an alternative to both static analysis and symbolic
execution. Our primary application is detection or malware-hosting
pages on the web. In recent years, attacks that exploit
vulnerabilities in browsers and their associated plugins have
increased significantly. These attacks are often written in JavaScript
and literally millions of URLs contain such malicious content.

While static and runtime methods for malware detection been proposed
in the literature, both on the client side, for just-in-time
in-browser detection, as well as offline, crawler-based malware
discovery, these approaches encounter the same fundamental limitation.
Web-based malware tends to be environment-specific, targeting a
particular browser, often attacking specific versions of installed
plugins. This targeting occurs because the malware exploits
vulnerabilities in specific plugins and fail otherwise. As a result, a
fundamental limitation for detecting a piece of malware is that
malware is triggered infrequently, only showing itself when the right
environment is present. In fact, we observe that using current
fingerprinting techniques, just about any piece of existing malware
may be made virtually undetectable with the current generation of
malware scanners.

We propose Rozzle, a JavaScript multi-execution virtual machine, as a
way to explore multiple execution paths within a single execution so
that environment-specific malware will reveal itself. Using
large-scale experiments, we show that Rozzle increases the detection
rate for offline runtime detection by almost seven times. In addition,
Rozzle triples the effectiveness of online runtime detection. We show
that Rozzle incurs virtually no runtime overhead and allows us to
replace multiple VMs running different browser configurations with a
single Rozzle-enabled browser, reducing the hardware requirements,
network bandwidth, and power consumption.

---

Biography:

Ben Livshits is a researcher at Microsoft Research in Redmond, WA and
an affiliate professor at the University of Washington. Originally
from St. Petersburg, Russia, he received a bachelor's degree in
Computer Science and Math from Cornell University in 1999, and his
M.S. and Ph.D. in Computer Science from Stanford University in 2002
and 2006, respectively. Dr. Livshits' research interests include
application of sophisticated static and dynamic analysis techniques to
finding errors in programs.

Ben has published papers at PLDI, POPL, Oakland Security, Usenix
Security, CCS, SOSP, ICSE, FSE, and many other venues. He is known for
his work in software reliability and especially tools to improve
software security, with a primary focus on approaches to finding
buffer overruns in C programs and a variety of security
vulnerabilities (cross-site scripting, SQL injections, etc.) in
Web-based applications. He is the author of several dozen academic
papers and patents. Lately he has been focusing on how Web 2.0
application and browser reliability, performance, and security can be
improved through a combination of static and runtime techniques. Ben
generally does not speak of himself in the third person.

http://research.microsoft.com/~livshits/

--
Jean Yang
http://people.csail.mit.edu/jeanyang

_______________________________________________
Pl mailing list
Pl at lists.csail.mit.edu
https://lists.csail.mit.edu/mailman/listinfo/pl
http://projects.csail.mit.edu/pl
-------------- next part --------------
HTML attachment scrubbed and removed


More information about the PRL mailing list