Thank you David Melski for presenting at our 1st Lunch & Learn Series.

Automatically Finding and Fixing Software Vulnerabilities in Binaries

New! ITEA Virtual Lunch and Learn Series will be an unclassified session open to all ITEA members for free. Each presentation is 45 minutes long including Q&As.

Abstract
In 2016, DARPA ran the final event in the Cyber Grand Challenge (CGC). The challenge in CGC was to build an autonomous system capable of playing in a “Capture The Flag” (CTF) hacking competition. CGC demonstrated the feasibility of automatically discovering and repairing vulnerabilities in software binaries.

Automatically finding and fixing software vulnerabilities in binaries lower costs on software testing and maintenance. This presentation describes GrammaTech’s approach to building such an automated system by integrating five capabilities. Error Amplification instruments the SUT to monitor for memory corruption and “make noise early,” which increases error detection and helps with fault localization.  Weakness Discovery uses fuzzing and symbolic execution to automatically generate test inputs and discover weaknesses.  Exploitability Analysis examines the SUT’s state after each crash to determine the potential exploitability of the underlying weakness.  Binary Patching recommends possible patches to the user by automatically selecting from a library of patch templates for common error patterns.  Binary Hardening adds residual protections for any weaknesses that may remain undiscovered during weakness discovery.

PROTEUS is a tool under development that implements and integrates these five capabilities. The development is funded and sponsored by the 96th Cyberspace Test Group, Eglin AFB. Proteus is for 32-bit and 64 Intel processors. It discovers potential memory corruption vulnerabilities, including 20+ common entries in the Common Weakness Enumeration (CWE). It focuses on vulnerabilities that could be triggered by potentially malicious file or network inputs.

This presentation will discuss the core capabilities in depth and introduce PROTEUS to the Cyber T&E community. 

Key Words:
•  Cybersecurity
•  Software Testing and Assurance
•  Supply Chain Risk Management

David Melski
Chief Technology Officer, GrammaTech

Dr. Melski has been a part of GrammaTech’s Research team since June 2002.

Dr. Melski graduated summa cum laude from the University of Wisconsin with a B.S. in Computer Sciences and Russian Studies. He also received his Ph.D. in Computer Sciences from the University of Wisconsin. Dr. Melski’s work in static analysis and interprocedural path-profiling techniques has been featured in numerous articles and conferences.

Prior to joining GrammaTech, Dr. Melski worked as a research assistant at the University of Wisconsin-Madison. While at GrammaTech, he oversaw a greater-than-seven-fold increase in sponsored projects funded by DOD, IARPA, DHS, NSF, NASA, and NIST. He has worked on static and dynamic vulnerability detection, symbolic and concolic execution, survivability under attack, program hardening by means of confinement and diversification, binary rewriting, and semantics-preserving transformations. Dr.Melski has held the role of principal investigator on many of GrammaTech’s projects. In 2016 he lead a team from GrammaTech and the University of Virginia to develop Xandra, the autonomous cyber reasoning system that took second place in DARPA’s Cyber Grand Challenge.

He currently resides in Ithaca, NY.