Aarno Labs | Dynamic Analysis

Description

Dynamic analysis provides a powerful framework for extracting actionable insights from running programs and enforcing runtime protections to enhance security. By instrumenting software during execution, we uncover vulnerabilities and gain a deeper understanding of their behavior in real-world conditions. This enables precise diagnosis and supports the development of targeted mitigations. Additionally, our runtime protection systems dynamically retrofit security mechanisms and privilege controls, strengthening applications without altering their original design. Dynamic analysis also plays a crucial role in generating test cases, improving test coverage, and producing inputs that better explore complex program behavior. Through these multifaceted applications, dynamic analysis bridges vulnerability discovery, runtime defense, and testing, delivering comprehensive solutions for secure and resilient software systems.

Solutions

DIODE: Input Synthesis Engine
Lucien: Supply Chain Telemetry, Assessment, and Protection

Projects

DRIFT

Enhancing SBOMs to solve vulnerability discovery, reachability and remediation.

PI: Michael Gordon

Technical Areas: Static Analysis, Dynamic Analysis, Binary Patching, Supply Chain Security, Vulnerability Remediation, Vulnerability Reachability

Funding: DARPA (E-BOSS)

ClearScope

Precise and comprehensive runtime monitoring of sensitive behaviors in Android apps.

PI: Michael Gordon

Technical Areas: Dynamic Analysis, Runtime Protection, Supply Chain Security, Vulnerability Discovery

Funding: DARPA (TC)

Saran

Instrumentation system for Android apps to track sensitive information and retrofit security policies.

PI: Jeff Perkins

Technical Areas: Static Analysis, Dynamic Analysis, Runtime Protection

Funding: DARPA (SBIR 17.1)

Aikido

Automating Realistic Vulnerability Generation for Cyber Defense Evaluation

PI: Ricardo Baratto

Technical Areas: Static Analysis, Dynamic Analysis

Funding: DARPA (SBIR 15.3)

Arya (TA2)

Automated exploitation and vulnerability validation across diverse systems

PI: Jeff Perkins

Technical Areas: Dynamic Analysis, Supply Chain Security, Vulnerability Discovery

Funding: DARPA (HACCS)

Recent Blog Posts and News

Mitigating Supply Chain Attacks Through Fine-Grained Privilege Enforcement

Papers

Precise and Comprehensive Provenance Tracking for Android Devices. MIT Technical Report Report, 2019
SARAN: A System for Android Application Interposition. Aarno Labs Technical Report, 2021
Tunable Cyber Defensive Mechanisms: Final Report. Aarno Labs Technical Report, 2022
Automatic Exploitation of Fully Randomized Executables. MIT Technical Report, 2019
Practically Correct, Just-in-Time Shell Script Parallelization. OSDI, 2022
Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction. CCS, 2021
Mir: Automated Quantifiable Privilege Reduction Against Dynamic Library Compromise in JavaScript. arXiv, 2021

Technical Area: Dynamic Analysis

Principal Investigators