Sebastian Schrittwieser (SBA Research)

Keynote:

Firmware Forensics: Semantic Functionality Identification Through Symbolic Execution and Program Simulation

Biography:

Sebastian Schrittwieser completed his Ph.D. studies in technical sciences in the field of information security at the Vienna University of Technology in 2014. From 2015 to 2020, he led the Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks. Since April 2024 Sebastian heads the newly established Christian Doppler Laboratory for Assurance and Transparency in Software Protection at the University of Vienna (Research group Security & Privacy). His current research interests include software protections and the security of LLMs. He has authored papers in several top-tier venues such as NDSS, USENIX Security, ACSAC, and ACM Computing Surveys and chaired several conferences and workshops in the past.

Abstract:

The rapid expansion of the Internet of Things (IoT) has connected a wide range of devices, from household items to industrial systems. Despite this growth, the exact functionalities contained in IoT firmware often remain unclear, with hidden features and potential backdoors posing significant security threats.

In the past, symbolic execution has been used to reveal possible paths through programs, uncovering hidden functionalities and backdoors. This talk will cover existing work on symbolic execution and will further introduce a novel approach: identifying known algorithms through program simulation. By observing the input-output behavior of functions during simulated execution, our method can – independently from its actual implementation – identify malicious code, such as domain generation algorithms, within a binary firmware.