Sunday, 23 February

  • 09:20 - 09:30
    Welcome and Opening Remarks
    Kon Tiki Ballroom
  • 09:30 - 10:30
    Keynote: The hard things about analyzing 1’s and 0’s...
    • Dr. David Brumley, Carnegie Mellon University - ForAllSecure

      My 17 years of binary analysis has taught me one thing: “easy” things in compilation and program analysis are often the “hard” things in binary analysis. Want to analyze assembly? Write an IL (oh my)! Want to perform static analysis? Let’s implement this data-flow analysis from the dragon book (oh wait...). The experiments seem to be working out except this case, but that’s just an engineering issue (wait, there really is a fundamental science problem there...). Want to transition this tool to practice? I’ll just open source it (oh, maintaining is hard work). I could make a company out of that (uh, customers aren’t asking to solve the hard scientific problems, they just want it to work). I’ll share some hilariously naive mindsets I had, and share some dinosaur-sized research problems that can (mistakenly) look like just small bugs. Where do we go? What’s the next step in the evolution of binary analysis to truly be able to find and fix vulnerabilities in software we all use?

  • 10:30 - 11:30
    Morning Break
  • 11:00 - 12:30
    Session 1: Binary Analysis and Security
  • 12:30 - 13:30
    Lunch
    Beach
  • 13:30 - 14:40
    Session 2: Analyzing Difficult Targets
    14:40 - 15:00
    Invited Demo: Analyzing obfuscated binaries with QSynth
  • 15:00 - 15:30
    Afternoon Break
  • 15:30 - 16:00
    Invited Talk: IoT Platform Fuzzing
    16:00 - 16:30
    Invited Talk: The State of Firmware Analysis
    16:30 - 17:00
    Invited Talk: From Zero to Hero: Bootstrapping Students into Binary Analysis