Aarno Labs | Static Analysis

Description

Static analysis research involves the automated examination of software code without executing it, providing deep insights into program behavior and vulnerabilities. This powerful technique is essential for discovering security flaws, enabling proactive identification of weaknesses before they can be exploited. In addition to vulnerability discovery, static analysis aids in patch analysis by verifying the effectiveness and safety of code updates. It also contributes to program optimization by identifying redundant or inefficient code paths, ultimately speeding up software execution. Furthermore, static analysis can generate test cases that cover a wide range of execution scenarios, improving the robustness and reliability of software. As a comprehensive tool in the software development lifecycle, static analysis enhances code quality, security, and performance.

Solutions

CodeHawk: Analysis and Patching Platform

Projects

DroidSafe

Best-in-class static analysis to vet untrusted Android mobile applications.

PI: Michael Gordon

Technical Areas: Static Analysis, Vulnerability Discovery, Vulnerability Reachability

Funding: DARPA (APAC)

AMdP

Vulnerability remediation capabilities for EoL medical devices with firmware change understanding.

PI: Ricardo Baratto

Technical Areas: Static Analysis, Binary Patching, Vulnerability Discovery, Vulnerability Remediation

Funding: ARPA-H (DIGIHEALS)

Dark Corners

Identify and mitigate the sources of static analysis imprecision in large, real-world programs.

PI: Jeff Perkins

Technical Areas: Static Analysis, Software Correctness, Vulnerability Discovery

Funding: DARPA (APAC)

Saran

Instrumentation system for Android apps to track sensitive information and retrofit security policies.

PI: Jeff Perkins

Technical Areas: Static Analysis, Dynamic Analysis, Runtime Protection

Funding: DARPA (SBIR 17.1)

Aikido

Automating Realistic Vulnerability Generation for Cyber Defense Evaluation

PI: Ricardo Baratto

Technical Areas: Static Analysis, Dynamic Analysis

Funding: DARPA (SBIR 15.3)

MRAM

Low-cost and high-assurance binary patching for the masses

PI: Michael Gordon

Technical Areas: Static Analysis, Binary Patching, Software Correctness, Vulnerability Remediation

Funding: DARPA (AMP)

DRIFT

Enhancing SBOMs to solve vulnerability discovery, reachability and remediation.

PI: Michael Gordon

Technical Areas: Static Analysis, Dynamic Analysis, Binary Patching, Supply Chain Security, Vulnerability Remediation, Vulnerability Reachability

Funding: DARPA (E-BOSS)

Papers

Information Flow Analysis of Android Applications in DroidSafe. NDSS, 2015
Covert Communication in Mobile Applications. ASE, 2015
Concord - Verifying Memory Safety. Aarno Labs Technical Report, 2019
DroidSafe: Final Report. Aarno Labs Technical Report, 2019
SARAN: A System for Android Application Interposition. Aarno Labs Technical Report, 2021
Tunable Cyber Defensive Mechanisms: Final Report. Aarno Labs Technical Report, 2022
Automatic Exploitation of Fully Randomized Executables. MIT Technical Report, 2019
A Unified Algebraic Framework Of Program Analyses. LangSec, 2021
Multifocal Relational Analysis for Assured Micropatching: Final Report. Aarno Labs Technical Report, 2024
Assured Micropatching of Race Conditions in Legacy Real-time Embedded Systems. Real-Time Autonomous Systems Security, 2024
IDA Pro Plugins for CodeHawk-Binary. Aarno Labs Technical Report, 2023
Practically Correct, Just-in-Time Shell Script Parallelization. OSDI, 2022
Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction. CCS, 2021

Technical Area: Static Analysis

Principal Investigators

Description

Solutions

Projects

DroidSafe

AMdP

Dark Corners

Saran

Aikido

MRAM

DRIFT

Papers