News Archives

[Colloquium] Malware Analysis on Mobile and Commodity Computing Platforms

April 17, 2012

Watch Colloquium: 

M4V file (703 MB)

  • Date: Tuesday, April 17, 2012 
  • Time: 11:00 am — 12:15 pm 
  • Place: Mechanical Engineering 218

Manuel Egele
University of California, Santa Barbara

Two complementing approaches exist to analyze potentially malicious software (malware); static and dynamic analysis. Static analysis reasons about the functionality of the analyzed application by analyzing the program’s code in source, binary, or any intermediate representation. In contrast, dynamic analysis monitors the execution of an application and the effects the application has on the execution environment. In this talk I will present a selection of my research in both areas — static and dynamic analysis.

On commodity x86 computer systems the browser has become a central hub of activity and information. Hence, a plethora of malware exists that tries to access and leak the sensitive information stored in the browser’s context. Accordingly, I will present the research and results form my dynamic analysis system (TQANA) targeting malicious Internet Explorer plugins. TQANA implements full system data-flow analysis to monitor the propagation of sensitive data originating from within the browser. This system successfully detects a variety of spyware components that steal sensitive data (e.g., the user’s browsing history) from the browser.

In the mobile space, smartphones have become similar hubs for online communication and private data. The protection of this sensitive data is of great importance to many users. Therefore, I will demonstrate how my system (PiOS) leverages static binary analysis to detect privacy violations in applications targeted at Apple’s iOS platform. PiOS automatically detects a variety of privacy breaches, such as the transmission of GPS coordinates, or leaked address books. Applications that transmit address book contents recently got in the focus of mainstream media as many popular social network applications (e.g., Path, Gowalla, or Facebook) transmit a copy of the user’s address book to their backend servers. The static analysis in PiOS is also the foundation for a dynamic enforcement system that implements control-flow integrity (CFI) on the iOS platform. Thus, this system is suitable to prevent the broad range of control flow diverting attacks on the iOS platform.


Bio: Manuel Egele currently is a post-doctoral researcher at the Computer Security Group at the Department of Computer Science of the University of California, Santa Barbara. Hereceived his Ph.D. in January 2011 from the Vienna University of Technology under his advisors Christopher Kruegel and Engin Kirda. Before starting his work as a post-doc he visited the Computer Security Group at UCSB as part of his Ph.D. studies. Similarly, he spent six months visiting the iSeclab’s research lab in France (i.e., Institute Eurecom). He was very fortunate to meet and work with interesting and smart people at all these locations.

His research interests include most aspects of systems security, such as mobile security, binary and malware analysis, and web security.

Since 2009 he has helped organizing UCSB’s iCTF. In 2010 they were the first CTF that featured a challenge with effects on the physical world (i.e., the teams had to control a foam missile launcher). In 2011 they took this concept one step further and teams from around the globe could remote control a unmaned areal vehicle in the conference room of UCSB’s Computer Science Department. Before being part of the organzing team for the iCTF he participated as part of the We_0wn_Y0u team of the Vienna University of Technology, as well as on the team of the Institute Eurecom. Furthermore, he participated as part of the Shellphish team at several DefCon CTF competitions in Las Vegas.