David Lie

Michelle’s paper on deobfuscating Android malware accepted to Usenix Security 2018 — Paper now posted!

Michelle Wong has been working on a finding a way to defeat a new kind of Android malware obfuscation, which we call run-time based obfuscation.   Run-time based obfuscation subverts the Java runtime environment of Android itself, bending the rules that normally govern code execution to allow malware to hide itself.  It is currently used by many of the most advanced Android packers and code obfuscators, including aliprotect, qihoo, tencent and ijiami.  Michelle devised a novel technique that uses iterative rounds of static analysis, symbolic execution and dynamic instrumentation to defeat these obfuscation technqiues.  The paper, titled “Tackling runtime-based obfuscation in Android with TIRO” has been accepted at Usenix Security.  Congratulations Michelle!