 |
||||||||||
|
Condado Plaza Hilton, San Juan, Puerto Rico, USA
December 9–10, 2019
Collocated with
ACSAC
2019
Training Sessions
The first day of the SSPREW offers the following training sessions:
Hacking Program Analysis - From Theory to Practice
Presenter: Roberto Giacobazzi, University of Verona
The tutorial is intended to introduce the foundations and design principles of program analysis with particular emphasis on code protecting transformations for anti reverse engineering applications. This is a gentle introduction for non-specialists and students to some of the main results concerning both the limits and the possibilities of making code obscure and unlearnable by a generic program analysis tool. The battle scenario involves (automated) attackers intended to extract information by reverse engineering the code, and protecting code transformations modelled as distorted compilers devoted to inhibit these attacks. Attacks are inhibited by maximising imprecision in all attempts made by the attacker (which is an algorithm) to exploit control and data-flow of the obscured code. The module will introduce the main results on the impossibility of virtual black box obfuscation and the possibility results for weakened attack models. We then introduce program analysis and methods for the design of program analysis algorithms, such as abstract interpretation and monotone-frameworks. We then show that protecting transformations can be systematically and formally derived as distorted compilers, obtained by virtualising the source code, i.e., by specialising a suitably distorted interpreter for the given programming language with respect to the source code to protect. The limits of these methods are shown both theoretically and practically with some hands on sessions. Interestingly, this distortion corresponds precisely to defeat the potency of the expected attacker, which is itself an interpreter and whose potency consists in its ability to extract a complete and precise view of the program's execution.
Roberto Giacobazzi was born in 1964 in Modena, Italy. He received the Laurea degree in Computer Science in 1988 from the University of Pisa, and in 1993 he received the Ph.D. in Computer Science from the same university. From 1993 to 1995 he had a Post Doctoral Research position at Laboratoire d'Informatique (LIX), Ecole Polytechnique (Paris) in the equipe Cousot. From 1995 to 1998 he was (tenured) Assistant Professor in Computer Science at the University of Pisa. From 1998 to 2000 he was Associate Professor at the University of Verona. From May 2000 until now he is Full Professor in Computer Science at the University of Verona. The research interests of Roberto Giacobazzi include abstract interpretation, static program analysis, semantics of programming languages, program verification, abstract model-checking, program transformation and optimization, digital asset protection, code obfuscation, software watermarking and lattice theory.
Reverse Engineering with Binary Ninja
Presenter: Jordan Wiens, Vector 35
Binary Ninja has made a special effort to focus on reverse engineering by leveraging intermediate languages. And not just intermediate languages for automation but for human interaction. This workshop will talk about some of the design decisions behind BNIL (Binary Ninja Intermediate Languages, a suite of multiple ILs), demonstrate scripts that leverage the ILs and show how you'd implement or extend an architecture in BNIL.
Binary Ninja Downloads:
Mac OS
Linux
Windows
License: http://www.pprew.org/2019-9/proceedings/license-ssprew-workshop.txt
Tutorial Downloads:
Example Files (ZIP)
Binary Ninja User Documentation
Modern Binary Analysis with IL (PDF)