軟件學院6月1日學術講座預告
題 目:Value-based program characterization and its application to software plagiarism detection
報告人:劉鵬教授(賓夕法尼亞州立大學終身教授、網絡安全實驗室主任)
時 間:6月1日下午2:00
地 點:研究生樓101教室
Abstract
Identifying similar or identical code fragments becomes much more challenging in code theft cases where plagiarizers can use various automated code transformation techniques to hide stolen code from being detected. Previous works in this field are largely limited in that (1) most of them cannot handle advanced obfuscation techniques; (2) the methods based on source code analysis are less practical since the source code of suspicious programs is typically not available until strong evidences are collected; and (3) those depending on the features of specific operating systems or programming languages have limited applicability.
Based on an observation that some critical runtime values are hard to be replaced or eliminated by semantics-preserving transformation techniques, we introduce a novel approach to dynamic characterization of executable programs. Leveraging such invariant values, our technique is resilient to various control and data obfuscation techniques. We show how the values can be extracted and refined to expose the critical values and how we can apply this runtime property to help solve problems in software plagiarism detection. We have implemented a prototype with a dynamic taint analyzer atop a generic processor emulator. Our experimental results show that the value-based method successfully discriminates 34 plagiarisms obfuscated by SandMark, plagiarisms heavily obfuscated by KlassMaster, programs obfuscated by Thicket, and executables obfuscated by Loco/Diablo.
報告人簡介:
劉鵬教授1999年在美國喬治梅森大學獲得博士學位,1999年~2002年在馬里蘭州立大學任教,2002年轉到賓夕法尼亞州立大學信息科學技術學院,現是賓夕法尼亞州立大學的終身教授、網絡安全實驗室主任。主要研究方向是計算機網絡與系統安全,具體研究領域包括:可存活系統構建、攻擊代碼的分析檢測技術、軟件安全等。目前累計承擔的科研經費超過1400萬美元,指導學生發表高水平論文180余篇,其中包括計算機安全頂級期刊ACM Transactions on Information and Systems Security、IEEE Transactions on Dependable and Secure Computing和國際頂級會議CCS、USENIX Security、NDSS等。
劉鵬教授是ACM Workshop on Survivable and Self-Regenerative Systems的創始程序主席之一、國際頂級會議ACM Conference on Computer and Communications Security (CCS) 2004/2003的學報主席、超過80種國際會議的程序委員會成員(其中包括ACM CCS、INFOCOM、ESORICS和WWW),同時也是多種國際著名期刊的編委。