CS Students Win Best Student Paper at USENIX Security Symposium08-26-2014
Writer(s): Jesica E. Hollinger
Purdue CS researchers won the Best Student Paper award at the 23rd USENIX Security Symposium, a top-tier computer systems security conference. The paper, "DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse," was co-authored by Ph.D. students Brendan Saltaformaggio and Zhongshu Gu, with CS Professors Xiangyu Zhang and Dongyan Xu.
The paper is one of only two papers sharing the award from the 67 papers accepted from 350 submissions. The authors also are affiliated with Purdue’s Center for Education and Research in Information Assurance and Security (CERIAS). This award was presented at the conference on August 20 in San Diego.
DSCRETE is a memory forensics tool for cyber crime investigators which enables automatic discovery and rendering of in-memory data structure contents. DSCRETE overcomes the common challenge in memory forensics that investigators are often not able to interpret the content of data structures, even with a deep understanding of the data structure’s syntax and semantics. For example, the figure shown on the left depicts part of a raw in-memory data structure for a JPEG image, which an investigator would need to manually decode.
DSCRETE leverages binary code analysis and reuse to scan memory images and automatically render the contents using an application's own output functions, presenting investigators with intuitive, ready-to-use digital evidence. Using DSCRETE, the investigator can retrieve the JPEG image's content (i.e., the image shown on the right).
(Photo caption): Brendan Saltaformaggio accepts the Best Student Paper award from Dr. Kevin Fu, chair of the conference.