Methodologies, Techniques, and Tools for Security: From Code Analysis to ML and Beyond.

28 et 29 novembre 2024

Valerio SCHIAVONI

Pr Valerio Schiavoni (University of Neuchâtel)

Pr Lydia Chen (University of Neuchâtel)

Pr Torsten Braun (Univesity of Bern)

• Pr Giuseppe Di Luna (Sapienza, Rome, Italy)
• Pr Daniele Cono D'Elia (Sapienza, Rome, Italy)
• Pr Marcelo Pasin (HE-Arc, Switzerland)
• Dr Antonio Di Maio (U. Bern, Switzerland)

General informations

This CUSO seminar will revolve around methodologies, techniques, and tools for security: from code analysis to ML and beyond. The invited guests will engage students in a set of highly interactive sessions, complemented by the required fundamental notions. While the exact topics and titles of each intervention have yet to be finalized, we prospect the following ones (subject to changes). Pr Di Luna will present his work and tools to perform binary inspection of malicious programs. Pr D'Elia will talk about dynamic binary instrumentation for security analysis of programs. Pr Marcelo Pasin will show how to write secure applications with WebAssembly and Trusted Execution Environments. Dr Di Maio will show how to use federated machine learning techniques to detect anomalies in network traffic. The event will span 1.5 days. It is not mandatory to attend the presentations and tutorials from all the speakers. The exact schedule of the day has been announced.

Bio of speakers

Pr Giuseppe Di Luna (Sapienza, Rome, Italy)

Giuseppe Antonio Di Luna is Associate Professor at Sapienza University of Rome. He got his Ph.D. from Sapienza University of Rome in 2015. After his Ph.D. he did a postdoc at the University of Ottawa, working on fault-tolerant distributed algorithms, distributed robotics, and algorithm design for programmable particles. In 2018 he started a postdoc at the Aix-Marseille University, where he worked on dynamic graphs. He has been a postdoctoral fellow at Sapienza funded by the AXA fellowship and performing research on applying NLP techniques to the binary analysis domain.

Pr Daniele Cono D'Elia (Sapienza, Rome, Italy)

Daniele Cono D'Elia is a Tenure-track Assistant Professor at Sapienza University of Rome. His research work spans several fields of software and systems security, studying how program analysis techniques can boost accuracy and performance aspects of security policies. He regularly publishes in top-tier conferences and journals of his reference areas and engages in community service work with organizing and editorial roles. Thanks to the practical ramifications of his work, he has spoken several times at the Black Hat Briefings, a premier venue in the cybersecurity industry.

Pr Marcelo Pasin (HE-Arc, Switzerland)

Marcelo Pasin is an associate professor in the Engineering School Arc of the University of Applied Sciences and Arts Western Switzerland. He has a PhD in Computer Science from the Grenoble INP (France, 1999), Master in Computer Science from the Federal University of Rio Grande do Sul (Porto Alegre, Brazil, 1994) and Electrical Engineering from the Federal University of Santa Maria (Brazil, 1988). After graduating, he worked two years for the computer industry in Brazil. Following that, he was assistant and later associate professor at the Federal University of Santa Maria (Brazil, 1991-2007). In a sabbatical leave from UFSM, he visited the Engineering and Architecture School of Fribourg (Switzerland, 2005) and the University of Pisa (Italy, 2006). He later worked at INRIA (Lyon, France, 2007-8), was assistant professor at the University of Lisbon (Portugal, 2008-12) and researcher at the University of Neuchâtel (Switzerland, 2012-24).

Dr Antonio Di Maio (U. Bern, Switzerland)

Antonio Di Maio received his Ph.D. degree from the University of Luxembourg in 2020 with a thesis on "Routing and Content Dissemination in Software-Defined Vehicular Networks". Since then, he has been a postdoctoral researcher with the Communications and Distributed Systems (CDS) group at the University of Bern, Switzerland. He has published 35+ articles on topics such as decentralized, secure, federated, split, gossip, and personalized learning on mobile and resource-constrained networks, reinforcement-learning-based neural architecture search for federated trajectory prediction, auditable and privacy-friendly cooperative localization, service deployment and slice admission control on mobile edge networks, and opportunistic networking for floating content and services. He has received the Best Paper Award at NOMS 2024 and the Best Paper Award Runner-Up at WoWMoM 2023. Dr. Di Maio received two teaching awards for his inter-university course "Quantum Mobile Networking" in 2023. He has served the scientific community by reviewing 250+ articles for conferences and journals, participating in 20+ conferences TPC board, and editing 3 journals. In 2024, Dr. Di Maio acquired an SNSF Ambizione grant on "Decentralized and Distributed Intelligence in Dynamic and Resource-constrained Mobile Networks".

University of Neuchatel, Faculty of Science, UniMail Building, Rue Emile-Argand, 11.

Map

1) Federated Learning for Privacy-Preserving Traffic Anomaly Prediction in Large-scale Computer Networks: Theory and Practice

Detecting traffic anomalies in large-scale computer networks is essential for ensuring security and maintaining network integrity. However, traditional methods often require centralized data collection, posing significant privacy risks. Federated Learning (FL) is a novel paradigm for distributed learning that ensures user privacy by keeping data localized. This talk will first address the theoretical aspects of FL, including its privacy-preserving features and scalability for network anomaly detection, providing a foundational understanding of how FL enables secure learning without raw data sharing, and the FL paradigm's recent evolutions. In the second part, attendees will participate in a hands-on session, where we will code an FL model trained on a popular traffic anomaly dataset, demonstrating how FL can be practically applied to real-world network anomaly detection while maintaining data privacy.

2) Analyzing Binaries with Deep Neural Networks: An End-to-End Tutorial

Deep neural networks have shown promising results in several fields, including binary analysis. This tutorial will present a general pipeline to solve various tasks on binaries, ranging from classification to embedding tasks. Specifically, we will explain how to collect a representative raw dataset of binaries, discuss the major representations that can be used to encode single functions or entire binaries, and how these can be extracted using open-source tools. We will delve into how assembly instructions can be preprocessed to avoid the out-of-vocabulary problem when using dense representations, what neural architectures can be applied to these samples, and how they can be utilized during inference and training. These topics will be illustrated with a practical case study implemented in Python using the PyTorch and Transformers libraries. The case study will demonstrate how to solve binary analysis tasks such as compiler provenance and function similarity for the x64 architecture.

3) Dynamic Binary Instrumentation for Security Analysis of Programs

Dynamic binary instrumentation (DBI) is a popular technology for prototyping heterogeneous program analyses and monitoring tools. DBI allows analysts to monitor, and possibly even alter, the execution of a program with a granularity up to the instruction level. The ease of use and flexibility of DBI primitives have made them popular in a large body of research in different domains, including software security. In this session, we will familiarize with the abstraction and inner workings of DBI systems, discuss how DBI assisted prominent security research works, and implement a DBI-based analysis tool prototype from the grounds up.

4) Writing secure applications with WebAssembly and Trusted Environments

Today's computing infrastructure has evolved to what is called the cloud-edge continuum, integrating cloud, edge, and IoT devices. Such an infrastructure enables applications to profit from the large capacities of the cloud, the low latencies of edge devices and the ubiquity of the IoT. Unfortunately, the continuum is far from seamless, and all three levels work under their unique and incompatible models.
Security is essential in multi-tenant systems such as the continuum. Tenants may exploit vulnerabilities to uncover (or infer) someone else's data or to abuse the infrastructure. Curious providers have the power to inspect data in their machines. Edge and IoT security is even harder, as it is impossible to guarantee the devices' physical integrity. Confidential computing has emerged as a promising approach to address such security challenges, leveraging trusted execution environments (TEEs) to protect sensitive data and code from unauthorised access. However, vendors offer incompatible and cumbersome TEE models, hampering general adoption.
As a result of recent research, we proposed using WebAssembly inside TEEs as a first step towards homogeneity, so machines in all levels can execute the same binary code. WebAssembly was created to accelerate the execution of code inside Web browsers, replacing JavaScript. It has evolved to a complete programming ecosystem, where standalone applications can be written in many different languages, then deployed and intepreted using many different architectures.
In this session you will learn the basics of TEEs and the basics of their programming using the popular Intel's SGX. You will then learn how to compile code into WebAssembly and to execute it with and without TEEs

15

[email protected]