Presentation is loading. Please wait.

Presentation is loading. Please wait.

Can Embeddings Detect Heartbleed?

Published byRudolph Müller Modified over 5 years ago

Similar presentations

Presentation on theme: "Can Embeddings Detect Heartbleed?"— Presentation transcript:

1 Kim Redmond redmonkm@email.sc.edu
Can Embeddings Detect Heartbleed? Source code isn't available to analyze proprietary software for security vulnerabilities. We can use binary code analysis (BCA) on binary executables. However, most BCA methods are inefficient and unscalable. Solution: use machine learning to generate semantic instruction embeddings using assembly code from the binary! Source: Security problem and your credentials to solve the problem – layman's terms only Importance of the problem and the impact of the technology you are proposing – layman's terms only Kim Redmond

2 Can Embeddings Detect Heartbleed?
1. What available program has a version with a known vulnerability, and another version that has fixed the vulnerability? - OpenSSL (v 1.0.1g and Heartbleed (v 1.0.1c)) 2. How do we compile and disassemble this program? - config and llvm-objdump 3. How do we distinguish between insecure and secure code patterns? - train instruction embeddings and project a visualization to observe where they don’t overlap Kim Redmond

3 Can Embeddings Detect Heartbleed?
recap your contribution and emphasize your contributions Instruction embeddings do display a meaningful difference between secure and insecure versions of the same program: the bounds check! Future work: more vulnerabilities; larger set of training instructions; identify security-related embedding features/patterns Kim Redmond

Download ppt "Can Embeddings Detect Heartbleed?"

Similar presentations

Decompilation of Binary Programs Christina Cifuentes & K. John Gough School of Computing Science Queensland University of Technology Presented by Conny.

Decompilation of Binary Programs Christina Cifuentes & K. John Gough School of Computing Science Queensland University of Technology Presented by Conny.
SAFETYCHECK Eric Hatch | David Allen |Bailee Lucas| Austin Rhodes.

SAFETYCHECK Eric Hatch | David Allen |Bailee Lucas| Austin Rhodes.
Computer Concepts 5th Edition Parsons/Oja Page 546 CHAPTER 11 Software Engineering Section A PARSONS/OJA Computer Programming.

Computer Concepts 5th Edition Parsons/Oja Page 546 CHAPTER 11 Software Engineering Section A PARSONS/OJA Computer Programming.
Wish Branches A Review of “Wish Branches: Enabling Adaptive and Aggressive Predicated Execution” Russell Dodd - October 24, 2006.

Wish Branches A Review of “Wish Branches: Enabling Adaptive and Aggressive Predicated Execution” Russell Dodd - October 24, 2006.
Chapter 16 Programming and Languages: Telling the Computer What to Do.

Chapter 16 Programming and Languages: Telling the Computer What to Do.
1 Capstone projects supervised by Yinong Chen (1) Implementation of a Shell on Palm Hand Held Device (2) Building a Programmer’s Interface to the Palm.

1 Capstone projects supervised by Yinong Chen (1) Implementation of a Shell on Palm Hand Held Device (2) Building a Programmer’s Interface to the Palm.
1-1 Embedded Software Development Tools and Processes Hardware & Software Hardware – Host development system Software – Compilers, simulators etc. Target.

1-1 Embedded Software Development Tools and Processes Hardware & Software Hardware – Host development system Software – Compilers, simulators etc. Target.
Software Development and Software Loading in Embedded Systems.

Software Development and Software Loading in Embedded Systems.
6.8 –Systems of Inequalities. Just like systems of equations, but do the inequality part!

6.8 –Systems of Inequalities. Just like systems of equations, but do the inequality part!
CCSA 221 Programming in C CHAPTER 2 SOME FUNDAMENTALS 1 ALHANOUF ALAMR.

CCSA 221 Programming in C CHAPTER 2 SOME FUNDAMENTALS 1 ALHANOUF ALAMR.
Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.

Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.
© Janice Regan, CMPT 128, Jan. 2007 0 CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.

© Janice Regan, CMPT 128, Jan CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.
Red Lizard Software Creators of Code Confidence..

Red Lizard Software Creators of Code Confidence..
Programming. What is a Program ? Sets of instructions that get the computer to do something Instructions are translated, eventually, to machine language.

Programming. What is a Program ? Sets of instructions that get the computer to do something Instructions are translated, eventually, to machine language.
IXA 1234 : C++ PROGRAMMING CHAPTER 1. PROGRAMMING LANGUAGE Programming language is a computer program that can solve certain problem / task Keyword: Computer.

IXA 1234 : C++ PROGRAMMING CHAPTER 1. PROGRAMMING LANGUAGE Programming language is a computer program that can solve certain problem / task Keyword: Computer.
National Diploma Unit 4 Introduction to Software Development Introduction to Programming Languages.

National Diploma Unit 4 Introduction to Software Development Introduction to Programming Languages.
Software Basics. Some Pioneers Charles Babbage Analytical Engine Countess Ada Lovelace First Programmer ? John Von Neumann storing instructions in memory.

Software Basics. Some Pioneers Charles Babbage Analytical Engine Countess Ada Lovelace First Programmer ? John Von Neumann storing instructions in memory.
Chapter 1 Introduction. Chapter 1 - Introduction 2 The Goal of Chapter 1 Introduce different forms of language translators Give a high level overview.

Chapter 1 Introduction. Chapter 1 - Introduction 2 The Goal of Chapter 1 Introduce different forms of language translators Give a high level overview.
1.4 Representation of data in computer systems Instructions.

1.4 Representation of data in computer systems Instructions.
Plug-in Architectures Presented by Truc Nguyen. What’s a plug-in? “a type of program that tightly integrates with a larger application to add a special.

Plug-in Architectures Presented by Truc Nguyen. What’s a plug-in? “a type of program that tightly integrates with a larger application to add a special.

Similar presentations

Ads by Google