2nd ACM SIGPLAN Program Protection and
Reverse Engineering Workshop (PPREW 2013)

Parco dei Principi Hotel, Rome, Italy
January 26, 2013
Collocated with POPL 2013

Keynote Speakers

At this year's workshop we are fortunate to hear from two leading researchers in industry and academia who have made significant contributions to the field of software protection and analysis.

Andrew Wajs, Chief Technology Officer, Irdeto

Andrew Wajs is the Chief Technology Officer of Irdeto and also leads the research organization of this company. Andrew started within the telecommunications industry where he developed products that include optical receiver and transmission systems, adaptive signal processing for fault location and audio distribution systems before moving into the security field. Andrew joined Irdeto in where he architected the world’s first DVB Conditional Access system. Subsequent to this, he has been the force behind many startup projects within Irdeto ranging from secure music distribution, session based watermarking for video and audio content, the world’s first pay satellite mobile TV solution in Korea and software based security solutions for digital content. Andrew has also had firsthand experience in engaging piracy in the field. He has held a range of positions ranging from engineering, system engineering, VP Product Line Management and the CTO.

Andrew has authored over 30 patents in the field of security and has published papers on topics including white-box security and cloud security, and gives keynote speeches in international forums and industrial events. He is well recognized as industrial expert on emerging security on large content delivery systems.

As the CTO of Irdeto, Andrew built up Irdeto research teams in Europe, North America and Asia, and has been engaging and establishing research collaborations with universities worldwide to promote software security and protection, and digital asset protection.

Arun Lakhotia, University of Louisiana at Lafayette

Arun Lakhotia is Professor of Computer Science at the University of Louisiana at Lafayette and the Director of the Software Research Lab. His current research interest is in malware analysis, in particular, investigating the stealth mechanisms used by malware to defeat detection. Besides malware analysis, Arun has also forayed in robotics. He led Team CajunBot in the 2004 and 2005 DARPA Grand Challenge and the 2007 DARPA Urban Challenge. In the latter challenge the team fielded CajunBot-II, a full-size Jeep Wrangler Rubicon, a self-driving car with the mission to drive in an urban environment, amidst traffic.

Arun earned a Ph.D. in computer science from Case Western Reserve University in 1990, and has been with UL Lafayette ever since.

Keynote: Fast location of similar code fragments using semantic ‘juice’
Abstraction of semantics of blocks of a binary is termed as “juice.” Whereas the denotational semantics summarizes the computation performed by a block, the juice presents a template of the relationships established by the block. For instance, the semantics of a block may be that it adds 5 to the register eax. Its juice would be that it adds a number to a register. The granularity of juice may be varied by changing the level of abstraction.

BinJuice is a tool for extracting the semantic juice of a binary. It symbolically interprets individual blocks of a binary to extract their semantics: the effect of the block on the program state. The symbolic interpreter includes an algebraic simplifier to normalize a large class of code variations that can be introduced through equivalence preserving transformations. The extraction of the semantic juice of a binary is performed by generalizing the semantics through the substitution of register names and literal constants with logical variables. Relationships between literal constants are maintained as algebraic constraints between the corresponding logical variables. Thus, this semantic juice forms a semantic template that is expected to be identical regardless of code variations due to register renaming, memory address allocation, and constant replacement.

BinJuice may be used to efficiently relate semantically similar code fragments by structural comparison of their semantic juice. While BinJuice cannot find all equivalent constructs, for that would solve the Halting Problem, it does significantly improve the state of the art in both the computational complexity as well as the scope of equivalences it can establish. Extraction of semantic juice using BinJuice is close to linear runtime in the size of a block, and hence the size of the program. It achieves this performance by using acyclic directed graphs, instead of trees, to represent expressions and by defining a total order on semantic structures. The total order is achieved by collapsing structures that are symbolic variants, and hence comes at the cost of safety. Empirical results, however, show that the loss of safety does not significantly increase the false matches and is acceptable to the intended applications.