home who we are what we do publications
 
Security: it's Team Research
Security: it's Team Research

SRL: Software. Research. Laboratory.

At the Software Research Laboratory our main research focus is on program analysis. Currently we are working primarily on the analysis of malware --- i.e., malicious programs such as worms, viruses, trojans, rootkits, spyware, an so on.

Below are some of the recent projects and activities we are involved in.

Projects
VILO: Malware Search and Analysis Capabilities
Comparing programs is hard. Comparing executable versions of them is harder still. And when the executables are malicious the challenges are amplified further. Yet comparing executables is important for combating malware since most new versions are a relatively simple variation or modifications of a previous version. The Vilo project aims to develop new methods for comparing, indexing, and organizing executables.
Metamorphic Malware
Malware (worms, trojans, spyware, etc.) is metamorphic if it changes as it propagates. We are seeking to understand the theoretical basis of metamorphic malware, and the possibilities and limitations for catching them.
DOC -- Detector of Obfuscated Calls
DOC is a static analysis suite that detects obfuscations in executables, particularly procedure call and call-return obfuscations. It uses abstract interpretation (AI) to find instances where explicit call or call-return instructions are not used. A prototype is implemented as an Eclipse plugin for browsing X86 executables.
Dynamic Unpacking
Developed as part of an undergraduate project by Corey Fournier, the Dynamic Unpacker executes packed programs in a virtual environment and writes the in-memory image of the executable to disk after the program has unpacked itself.
Normalized Compression Distance
We have created a simple Perl-based package for computing the Normalized Compression Distance between two arbitrary files. A program also is available to create a CLUTO-compatible similarity matrix from a list of files.
C-Right: Copyright Infringement Analysis
The C-Right project aims to develop tools to help find and evaluate overlaps and similarities in software, to develop quantitative, repeatable, and testable analyses in this area, and to advance techniques for visualizing and documenting the outcomes so that they are readily understood by legal expert and layman alike.

Activities
Dagstuhl Seminar: DRASIS
DRASIS: Duplication, Redundancy, and Similarity in Software; Dagstuhl seminar held in the summer of 2006.
WCRE 2004 Tutorial: Virus Analysis -- Techniques, Tools and Research Issues
Tutorial on malware analysis, given at WCRE 2004.
2nd International Workshop on Detection of Software Clones
Co-chairs of workshop held in conjunction with WCRE'2003.