Themes
Current Research Themes
Malware Collection, Detection and Analysis
Anti-malware companies receive thousands of malware samples every day. To process this large quantity, a number of automated analysis tools were developed. These tools execute a malicious program in a controlled environment and produce reports that summarize the program's actions. Of course, the problem of analyzing the reports still remains. Recently, researchers have started to explore automated clustering techniques that help to identify samples that exhibit similar behavior. This allows an analyst to discard reports of samples that have been seen before, while focusing on novel, interesting threats. Unfortunately, previous techniques do not scale well and frequently fail to generalize the observed activity well enough to recognize related malware.
This line of work focuses on the analysis, classification and detection of large numbers of malware. Some of the systems that we have built are available online such as Anubis, Exposure, FIRE, Leurrecom.
Keywords: Malware, static and dynamic analysis, obfuscation, reverse engineering, detection, clustering
Selected publications:
Web Security
Web-based applications have become a popular means of exposing functionality to large numbers of users by leveraging the services provided by web servers and databases. Unfortunately, due to the dynamic nature of the web, web applications face many security challenges. For example, due to the increasing amount of Web sites offering features to contribute rich content, and the frequent failure of Web developers to properly sanitize user input, cross-site scripting prevails as the most significant security threat to Web applications. Using cross-site scripting techniques, miscreants can hijack Web sessions, and craft credible phishing sites.
This line of work focuses on the detection, mitigation, and large-scale analysis of web-related security threats and problems.
Some of the systems that we have built are available online such as PAPAS.
Keywords: Cross site scripting, clickjacking, SQL injections, static analysis, logical errors, sanitization
Selected publications:
Social Networks and Cloud Computing
Clearly, most social network sites are critical with respect to user's security and privacy due to the large amount of information available on them, as well as their very large user base. Users of online social networks tend to exhibit a higher degree of trust in friend requests and messages sent by other users. Our current research efforts on this topic concern how attackers can abuse one of the key feature of social networks: the support they provide for finding new friends. For example, social network sites may try to automatically identify which users know each other in order to propose friendship recommendations.
Keywords: Reverse social engineering,
Selected publications:
Smartphone and Embedded Systems Security
With the introduction of Apple's iOS and Google's Android operating systems, the sales of smartphones have exploded. These smartphones have become powerful devices that are basically miniature versions of personal computers. However, the growing popularity and sophistication of smartphones have also increased concerns about the privacy of users who operate these devices. These concerns have been exacerbated by the fact that it has become increasingly easy for users to install and execute third-party applications. Embedded devices are more and more present in every-day's life, they are now often connected to the Internet and remotely accessible, and they often control report information about critical systems. Securing those low cost devices is therefore of a high importance of the trustworthiness of the future Internet.
Keywords: Smartphones, mobile applications markets, File hosting service, Embedded Devices,
Selected publications: