CSE postdoctoral researcher Karl Koscher (near left) was the first author on another paper presented at the Workshop on Offensive Technologies, jointly with Microsoft’s David Molnar and CSE alumnus Tadayoshi Kohno (PhD ’06) (far left), who was Koscher’s advisor at the University of Washington. They presented a system called SURROGATES to emulate and instrument embedded systems in near-real time, enabling a variety of dynamic analysis techniques. To do so, the researchers used a custom, low-latency FPGA bridge between the host’s PCI Express bus and the system being tested, giving the emulator full access to the system’s peripherals. Koscher and his co-authors built and evaluated a system that enables dynamic analysis of embedded systems at an unprecedented scale. “This will ultimately enable embedded systems developers to take advantage of several dynamic analysis techniques that were previously available only to traditional software developer,” they noted in the paper’s conclusions, “allowing them to deliver safer and more secure embedded systems.” The findings could ultimately offset some of the security concerns related to the Internet of Things, which is effectively a massive network of embedded systems.
In a related story, a former CSE postdoc, Damon McCoy (right), also had a paper on the WOOT 2015 program. McCoy, who recently moved from George Mason University to the International Computer Science Institute in Berkeley, is the senior author on “Fuzzing E-mail Filters with Generative Grammars and N-Gram Analysis.” Email filtering is the primary defense against email phishing attacks, and McCoy proposes a system that uses generative grammars to create large sets of unique phishing emails, which are then used for ‘fuzzing’ input against email filters. As the authors concluded, “this approach can be used to ensure the delivery of emails without the need to white-list” email from reliable sources.
Read the full paper “SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems”.
Read the full paper “Fuzzing E-mail Filters with Generative Grammars and N-Gram Analysis”.