[我研究]Behavior Based Software Theft Detection - Hawk - 作者简历研究

TODO:

看一个与dynamic taint analysis相关的研究方向 - Input Dependence Analysis [11]

看dynamic taint analysis到底是怎么回事

昨天文章中的作者：Yoon-Chan Jhi

个人简历：http://www.cse.psu.edu/~jhi/ycjhi_curriculum_vitae.pdf

从简历里面获得的信息：

- 他是韩国人，曾经创业过一段时间，与安全相关，后来在PSU在读博士，2010年8月答辩。
- 他做过的研究项目

　　1. Software plagiarism detection [1, 3, 4] and software analysis [11]

a new software analysis technique called Input Dependence Analysis (IDA) [11]. The goal of IDA is to solve some of the critical problems
(i.e., taint loosing issues with covert channel, implicit flow, data flow obfuscation through control dependence, etc.) that have been raised against dynamic taint analysis.

　　2. Malcode detection [2, 5, 7].

Participated in a research project, STILL: Exploit Code Detection via Static Taint and Initialization Analyses, which aims at developing an effective
technique to detect self-modifying (metamorphic and polymorphic) exploit codes from network packets. Metamorphic and polymorphic  techniques are usually used by selfpropagating malwares (such as computer worms) to hide themselves from the signature-based detection of firewalls and intrusion detection systems. To detect self-modifying code, STILL taints memory locations written by the GetPC code (a series of code that retrieves current program counter value, which is necessary for the self-modifying code). Then, through the taint analysis, STILL detects the places where the program writes, reads, or branches to/from the tainted locations. To minimize the false positives that could be caused by the random binary data, STILL introduces an additional analysis named initialization analysis. Because STILL is based on static analyses, STILL gains performance over traditional dynamic approaches.

很厉害，中过ICSE

[1] Y. C. Jhi, X. Wang, X. Jia, S. Zhu, and P. Liu. Value-Based Program Characterization and Its Application to Software Plagiarism Detection. In Proc. of 33rd International Conference on Software Engineering (ICSE) SEIP 2011. (acceptance ratio: 18%)

[2] D. Kong, Y. C. Jhi, T. Gong, S. Zhu, P. Liu, and H. Xi. SAS: Semantics Aware Signature Generation for PolymorphicWorm Detection. In Proc. of 6th International Conference on Security and Privacy in Communication Networks (SecureComm) 2010.

[5] X. Wang, Y. C. Jhi, S. Zhu, P. Liu. STILL: Exploit Code Detection via Static Taint and Initialization Analyses, In Proc. of the Annual Computer Security Applications Conference (ACSAC) 2008.

[7] D. Kong, Y. C. Jhi, T. Gong, S. Zhu, P. Liu, H. Xi. SAS: Semantics Aware Signature Generation for Polymorphic Worm Detection. International Journal of Information Security, Springer, in press. (SCIE)

[11] Y. C. Jhi, X. Jia, S. Zhu, P. Liu, Beyond Dynamic Taint Analysis: Input Dependence Analysis