Jan 14
2013
By Sagar Chaki,
Senior Member of the Technical Staff
Research, Technology & System Solutions
A
malicious program disrupts computer operations, gains access to private
computational resources, or collects sensitive information. In February
2012, nearly 300 million malicious programs were detected, according to
a report compiled by SECURELIST.
To help organizations protect against malware, I and other researchers
at the SEI have focused our efforts on trying to determine the origin of
the malware. In particular, I’ve recently worked with my colleagues—Arie Gurfinkel, who works with me in the SEI’s Research, Technology, & System Solutions Program, and Cory Cohen, a malware analyst with the CERT Program—to
use the semantics of programming languages to determine the origin of
malware. This blog post describes our exploratory research to derive
precise and timely actionable intelligence to understand and respond to
malware.
Read more...
Dec 19
2011
Acquisition , Acquisition Dynamics , Agile , Architecture Documentation , Architecture Driven Design (ADD) , Binaries , Cyber-physical Systems , Fuzzy Hashing , Handheld Devices , Malware , Measurement & Analysis , Resilience Management Model (RMM) , Safety-Related Requirements , Security-Related Requirements , SEI Research , Software Cost Estimates , Team Software Process (TSP) , Technical Debt
By Douglas C. Schmidt
Chief Technology Officer
A key mission of the SEI is to advance the practice of software engineering and cyber security through research and technology transition
to ensure the development and operation of software-reliant Department
of Defense (DoD) systems with predictable and improved quality,
schedule, and cost. To achieve this mission, the SEI conducts research
and development (R&D) activities involving the DoD, federal
agencies, industry, and academia. One of my initial blog postings
summarized the new and upcoming R&D activities
we had planned for 2011. Now that the year is nearly over, this blog
posting presents some of the many R&D accomplishments we completed
in 2011.
Read more...
Feb 21
2011
By Douglas C. Schmidt,
Chief Technology Officer
In response to a comment on my initial post
introducing the SEI blog, I wanted to provide some additional
information on new and upcoming SEI research initiatives. In this post, I
describe these areas, and include a “sneak preview” of upcoming blog
postings in each area.
Read more...
Feb 14
2011
By Sagar Chaki, Senior Member of the Technical Staff
Research Technology and System Solutions (RTSS)
As software becomes an
ever-increasing part of our daily lives, organizations find themselves relying
on software that originates from unknown and untrusted sources. The vast
majority of such software is available only as executables, known as “binaries.”
Many binaries—such as malware or different versions and builds of a software
package—are simply minor variants of old programs (or in some cases exact
copies) that have been run through a different compiler. This blog post explains how the ability to detect
similarities among binaries is an important tool in malware detection and a
growing area of research.
Read more...
Recent Comments