Prolific malware murderer bags Mountain View’s Security, Privacy and Anti-Abuse award
Anti-malware machine and head of the Shellphish DARPA Grand Challenge bronze-medallist team has won US$100,000 from Google for security research efforts.
University of California Santa Barbara doctor Giovanni Vigna landed Google’s Security, Privacy and Anti-Abuse award for his long line of research into malware detection.
Google did not specify the specific work for which he was awarded but Dr.
Vigna has co-published dozens of papers in the field among some 200 works spanning Android, networking, and web-based attacks.
This year he and a team of colleagues from his university and Northeastern University detailed in the TriggerScope: Towards Detecting Logic Bombs in Android Applications [PDF] how to detect malware logic bombs on Android platforms.
Logic bombs are a complex and highly obscure mechanism to compromise devices and are favoured by well-resourced advanced attackers, including nation-state actors.
The team produced a prototype platform, named Gerscope, that can identify all tested hitherto hidden logic bombs in a first of its kind work that outpaced all current existing static and dynamic analysis tooling.
Paper authors Dr.
Vigna and co-authors Dr.
Christopher Kruegel, and Dr.
Engin Kirda run security research house International Security Lab where a laundry list of academic security work has been published, and have founded anti-malware firm LastLine.
University of California Santa Barbara Dr.
Dr Vigna says Silicon Valley culture is unhelpfully relaxed about security and therefore ships insecure code.
“There is a different bar that is set in academics that lends itself particularly well in the cybersecurity industry,” Dr Vigna says.
“In Silicon Valley, there is this concept of shipping a product which it is good enough.
In academia, the focus is on novel ideas.
“Only through innovation one can stay ahead of the ever-changing threat landscape.”
A recent feather in Dr Vigna’s cap came with the third place ranking in the highly-complex DARPA Cyber Grand Challenge held at the DEF CON hacking confab August.
Vigna’s Shellphish team, which counts hackers in the US, France, China, Brazil, and Senegal among its number, tried for the DARPA Grand Challenge prize by creating an automated vulnerability discovery and remediation intelligence platform.
Carnegie Mellon University’s ForAllSecure team won with its Mayhem plot and patch human-replacing security machine, while Shellphish came in third with its Mechanical Phish automated exploit discovery weapon. ®