Malicious Code Reverse Engineering & Analysis (MCREA)
Many combat and support systems depend on computers that use commercial-off-the-shelf software (COTS) to perform vital functions for critical missions. The software embedded in these systems is developed throughout the world by contractor and manufactures whose pedigree of trust is not really known. They could embed capabilities for the systems to fail under certain conditions or provide unreliable results. Currently, capabilities to reliably detect malicious code do not exist.

Two primary approaches exist for detecting malicious code. They are: 1) static analysis, and 2) dynamic analysis. Static analysis of suspected malicious code by means of disassembly of binary code is a task requiring significant skill and time. Authors of software applications often embed anti-reverse engineering features designed to make static analysis much more difficult, thereby reducing the speed and increasing costs associated with this activity. Current tools for the analysis of malware are complex and slow, often requiring many weeks to months of a highly skilled analysts time to fully analyze. This cost limits the analysis to known malicious or mission critical software, leaving the vast bulk of application software unexamined.

Malicious Code Reverse Engineering and Analysis (MCREA) is intended to advance the technology for the detection and mitigation of anti-reverse engineering and obfuscation capabilities in hostile code. The goal of this work is to produce an automated tools suite that will perform a first pass examination of untrusted software to determine if it is likely safe, likely malicious, or indeterminate, to allow the deployment agencies the ability to estimate the risk of deploying software.
 
Project Leads
Wayne Meitzler, PNNL
Steve Ouderkirk, PNNL
 
Project Contributors
Richard Griswold, PNNL

Return to Projects list


The National Center for Advanced Secure Systems Research NCASSR) at the University of Illinois at Urbana-Champaign (UIUC) is a multi-institutional cybersecurity research team. NCASSR focuses basic and applied research necessary to develop next generation information security technologies that address national cybersecurity needs. NCASSR is led by the National Center for Supercomputing Applications (NCSA) and supported by funding from the Office of Naval Research (ONR).


SELS 0.7 released
Secure Email List Services (SELS) is an open source software for creating and developing secure email list services among user communities.
 
Strong community engagement strengthens cybersecurity research and development
NCASSR-supported exploratory research at NCSA and elsewhere has sparked additional external funding and development opportunities as well as successful deployment and adoption by users ranging from the defense sector to state law enforcement to the utilities industry.
 
NCASSR Collaborator Goes To Washington
Carl Gunter, a professor in the University of Illinois Department of Computer Science and a project lead on NCASSR-supported work involving adaptive, secure messaging, recently spoke to an audience of congressional staffers and lobbyists on Capitol Hill regarding ways to address a variety of critical cybersecurity issues in areas such as healthcare and energy distribution.