Cyber forensics “robots” clean up infected code

(page 3 of 3)

“A lot of proprietary codes, and certainly a lot of malicious codes, have been stripped of their symbol tables,” Miller says.  “Analyzing a program that has been stripped of its symbol tables is quite complex.  But in the last year, we’ve built up Dyninst’s ability to analyze these stripped binary codes.  It has given us the ability to work with malicious code much more effectively.”

At the same time, Dyninst has become a key component of high-performance computing systems.  In a collaboration with DOE’s Los Alamos National Laboratories in New Mexico, Miller helped scale up the Dyninst library to help maintain large-scale physics codes.

“There were just no debugging programs that would run on these very large-scale codes,” Miller says.  “When we first tried to run Dyninst on them it just died in all sorts of horrible and glorious ways.  But through several months of effort we were able to extend Dyninst’s ability to scale up.  And now there are several tools built by Los Alamos scientists to help maintain their physics codes.”

It’s easy to underestimate how difficult it is to build these kinds of programs, but Miller says the combination of his crack research team and collaborations with DOE laboratories has allowed the group to make progress quickly.

“Part of it is clever design, part of it is experience, but mostly I have a really good staff,” he says.

« Previous       1   |   2   |   3   |   Print