Program analysis is the process of analyzing software to learn about its properties, such as correctness, robustness, and safety. Recently, deep learning and natural language processing (NLP) have made great progress. Meanwhile, the heterogeneous Internet of Things (IoT) platforms raise plenty of new challenges in program analysis. In this talk, I will share my experiences in leveraging ideas and techniques from different domains, including deep learning, NLP, and software engineering, to resolve these new challenges in IoT research.
First, I will present our work on precise binary code semantics extraction. With the booming development of the IoT industry, a sheer number of firmware images of IoT devices can be downloaded from the Internet. It imposes notable barriers to analyze these images for heterogeneous architectures at scale, without access to the source code, for identifying malicious programs, detecting plagiarism, and finding vulnerabilities. I will introduce a brand new binary code analysis technique that learns from Natural Language Processing, an area remote from code analysis, to extract useful semantic information from binary code.
Second, I will present our work on bug discovery in IoT apps. Due to unique characteristics of IoT platforms, many conventional methods do not work, calling for innovative IoT analysis techniques. Finally, I will outline my future research directions.
Lannan Lisa Luo is an Assistant Professor in the Department of Computer Science and Engineering at University of South Carolina. She received her Ph.D. from Pennsylvania State University in 2017. Her research mainly focuses on Software and Systems Security, including software analysis and verification, vulnerability discovery, IoT security, mobile security, and software engineering. She publishes papers in CCS, NDSS, MobiCom, MobiSys, FSE, TDSC, TMC, and TSE. She is the recipient of the 2020 Young Investigator Research Award at University of South Carolina. She has received three NSF grants as a PI (total $1million).