[PAST EVENT] Transparent System Introspection

February 26, 2021
12pm - 1pm
McGlothlin-Street Hall, online
251 Jamestown Rd
Williamsburg, VA 23185Map this location


How can we fight malicious software that intentionally hides itself? Numerous security vulnerabilities plague modern computer systems. Though the security community routinely advances the state-of-the-art in hardening systems and software, attackers keep pace with these advancements. In particular, the increasing complexity and sophistication of attacks has led to stealthy adversaries who seek to evade detection. Thus, there is a need for techniques that enable analyzing system behavior despite the presence of a stealthy malicious attacker.

In this talk, I will introduce two hardware-assisted techniques for transparent system introspection to support detecting stealthy adversaries. First, I will discuss the use of underexplored aspects of modern hardware, such as Intel System Management Mode, to gain per-instruction dynamic analysis data even when the operating system is compromised. Second, I will present a custom Field-Programmable Gate Array circuit that rapidly collects smears of system memory with no measurable overhead. Both techniques facilitate transparent system introspection and have been used to accurately classify and successfully analyze thousands of malware samples and kernel rootkits with low runtime overhead. I will also discuss how these two techniques have been applied to the important areas of cloud infrastructure security, kernel hotpatching, and autonomous vehicle security.

Finally, despite improvements in systems security, human decision-makers are frequently deceived by adversaries. Ultimately, well-meaning victims may decide to execute unsafe code. I will conclude this talk by discussing my recent work in understanding software developers and how I will combine insights from security and software engineering to investigate how humans make security-related decisions in software.


Kevin Leach is a postdoctoral research scientist and lecturer at the University of Michigan. Kevin is a cross-disciplinary researcher, combining the areas of systems security, functional brain imaging studies, and software engineering. He is particularly focused on designing dependable systems that operate correctly despite being compromised by sophisticated adversaries. Kevin has published over 30 refereed articles, 3 of which have received awards, and 8 of which were co-authored with student mentees. He has also taught 6 different undergraduate courses as the instructor of record while at UM, reaching 1400 students. He earned the PhD from the University of Virginia in 2016, where he received the Louis T Rader Outstanding Research Award.


Prof. Yifan Sun