UC Santa Barbara

Starting from that historic moment in 1948 when the first ever piece of software was written and successfully executed on a stored-program computer to this era of supercomputers, software have continuously been evolving in tandem with the underlying hardware to churn the last bit of performance out of the silicon. Long gone those days when the only use of software was to perform some simple calculations, much like today's handheld calculators. In the last few decades, the software industry has witnessed tremendous growth. The collective effort of the community has pushed software to its limit—both in terms of complexity and criticality. Today, software is frequently used in a multitude of critical applications, from solving existential problems to supporting diverse business scenarios. Traffic control systems, medical devices, nuclear power grids, the defense and military systems, autonomous vehicles, industrial control systems, the on-board computer of spacecrafts, financial trading systems—all these systems have one thing in common—even the most minor glitch in the software running on them can wreak havoc.

Given the variety of use-cases, deployment scenarios, framework or language used to develop the software, almost inevitably, no single technique is enough to deal with the complexity of analyzing critical software components. For example, a financial trading system runs in a very different environment than an operating system kernel, which would bring in different set of security concerns from a researcher's perspective. Similarly, the impact of failure of both the systems would be different as well. On the other hand, an operating system kernel would be highly optimized for performance, which would, in turn, influence the choice of the language it would be written in. Despite these challenges, by the very nature of critical systems, the need of ensuring the safety and security of such systems is paramount.

My Ph.D. is inspired by the diversity, challenges, and the importance of such critical systems. In my research journey, I explored ways to understand, attack, and mitigate the threats on critical systems through the lens of a security researcher. In this thesis, I will first provide a detailed introduction of critical systems, along with the unique challenges in their security analysis, highlighting why a one-size-fits-all technique is likely not to work across systems. Then, I will present my research which pushes the limits of the current advancements in the security analysis for critical systems. Specifically, I will cover the following—(i) PeriScope, a technique to find vulnerabilities in the operating system kernel through a non-traditional attack surface. In the Wi-Fi drivers of two popular chipset vendors, PeriScope discovered 15 unique vulnerabilities, 9 of which were previously unknown. (ii) An in-depth analysis of the multi-billion dollar Non-Fungible Token (NFT) ecosystem, focusing on the security and privacy issues, and the design weaknesses found in the NFT marketplaces. In the top 8 marketplaces (ranked by transaction volume), we discovered a number of potential issues, many of which can lead to substantial financial losses, and finally (iii) Hybrid Pruning, a novel program analysis technique that injects run-time information in the traditional static analysis to improve its precision. On our dataset of 12 CGC and 8 real-world applications, our hybrid approach cuts down the warnings up to 21% over vanilla static analysis, while reporting 19 out of 20 bugs in total. For each approach, I will first present the technique, and then establish its real-world applicability through thorough evaluations.