Cyber Forensics through Program Analysis

My research interests lie in cyber forensics, systems security, and the vetting of untrusted software. More specifically, I have developed novel capabilities for the investigation of advanced cyber crimes and the analysis and prevention of next-generation malware attacks, particularly in mobile and cloud computing environments. Underpinning this research is the development of fundamental techniques for binary program analysis and instrumentation, modeling of temporal and spatial forensic evidence, and virtualization-based defenses. In addition, I have been involved in many highly successful research collaborations in the design of efficient and reliable cloud computing systems. In recognition of my research contributions, I have been honored with two prestigious fellowships: the 2016 Symantec Research Labs Graduate Fellowship and the inaugural Emil Stefanov Memorial Fellowship in Computer Science. In the field of cyber forensics, my research has introduced new paradigms in evidence acquisition via memory image analysis [1, 2, 3, 4] and execution projection investigation [5, 6]. My research in this area has received a Best Paper Award from the ACM Conference on Computer and Communications Security (CCS’15) [3] and a Best Student Paper Award from the 2014 USENIX Security Symposium [1], both toptier cyber security conferences. My work is widely regarded as breaking from traditional data-recoveryoriented forensics and instead proposing innovative techniques, based on retargeting program executions, for recovering spatial-temporal evidence. Further, the practical impact of this work has garnered acclaim from highly regarded media outlets such as the Stanford Cyber Initiative, The Register, NSF News, ACM TechNews, IEEE Electronics360, and Homeland Preparedness News (a full list is available on my webpage). In the field of software and systems security, my work develops new program analysis techniques for the vetting and hardening of untrusted software [7, 8, 9] and virtualization-based technologies for the detection, monitoring, and prevention of attacks against cloud platforms [10, 11]. My work in mobile app vetting [7] has led to the identification and removal of hundreds of privacy-violating iOS apps from the Apple App Store. Further, the practical solutions built from this research have led to a number of tech-transfers and real world deployments with industry partners (e.g., Intelligent Automation Inc., Cisco Systems, and Vencore Labs).