Skip to main content

Full Speed in Reverse -- Why Reverse Engineering Helps to Protect Your Programs

Abstract
In this talk, we discuss how reverse engineering can help keep our systems safe. Both researchers and crackers have been working on automatic reverse engineering of complex binaries for decades. The limited success they have had so far suggests that the challenge is formidable. Compared to most earlier attempts, we approach the problem from a different angle and start with automatic extraction of data structures.

Besides serving as an obvious first step towards full reverse engineering (typically of interest to crackers and AV vendors), this talk will show that the extracted data structures help us to give legacy C binaries a 'security facelift', to harden them against attacks like buffer overflows. Better still, we will see that we can even protect legacy binaries against attacks for which we currently do not have any protection whatsoever: memory corruption of non-control data.

Speaker Bio
Herbert Bos obtained his Ph.D. from Cambridge University (UK), and is currently full professor at VU University Amsterdam. In 2010, he obtained an ERC Starting Grant to work on the Rosetta project---a research program toward reverse engineering of complex programs. Herbert has published in leading venues in both systems (OSDI, EUROSYS, TOCS, USENIX, etc) and security (NDSS, Security & Privacy, RAID, etc.) and served on the program committee of venues like SOSP, Eurosys, CCS, and Security & Privacy. He is the current (2012) PC Co-Chair of EuroSys. The software developed and released by his group (like the Argos honeypot technology, the Minemu taint tracker, and the Streamline high-speed I/O architecture) are in active use in research and production systems around the world. Two of his students have won the ACM SIGOPS Eurosys Roger Needham Award for best Ph.D. thesis in computer systems in Europe.



ACM IEEE USENIX TCE 2012 Technion NetUpp VMware RedHat Riverbed Intel IBM IEEE TCOS ACM ACM Sigops USENIX TCE