Advisory Board

Vishwath Mohan, MS

Vishwath Mohan, MS is Ph.D. Candidate at the University of Texas at Dallas.
 
Vishwath is interested in advancing the state of the art in computer and smartphone security, both offensively as well as defensively. He also has an interest in artificial intelligence, machine learning, and cognitive modeling.
 
His projects include:
 
1. Frankenstein is a system that stitches together malware from benign binaries. Given a high-level description of what the malware should do, Frankenstein looks for semantically useful sequences of code (adding two values, moving a value from one location to another, etc.) in the programs on a host system and finds combinations of these sequences that when executed, implement the malware description. It synthesizes a new binary for every combination it finds, creating malware mutants that are composed entirely of bytes from benign programs — making them much harder to detect when using standard feature-based detectors.
 
2. Macgyver is a malware propagation mechanism that works by generating transformation functions that can take a benign file (like Notepad) as input and produce the malware you want as output. The transformation function consists of simple mathematical operations and contains nothing that can be flagged as malicious. It’s a kind of encryption, except you transmit the (harmless looking) encryption function, and the key happens to be a benign file on the target system.
 
3. STIR is an automated program rewriting tool that prevents ROP-attacks by self-randomizing all basic blocks within the program at runtime, on each invocation, without source code or debug information. If you don’t know where the gadgets are, you can’t use them.
 
4. Reins is also an automated rewriter that requires no source code or debug symbols, that can secure an untrusted program by enforcing (custom) security policies. Want to make sure Outlook can’t attach any files from your c:\SuperSecretWork\ directory? Reins can rewrite it to do that. Or maybe you want to allow such an attachment to be sent only once a day, and only if the recipient happens to be you? Reins can do that too!
 
Vishwath coauthored Frankenstein: Stitching Malware from Benign Binaries, Binary Stirring: Self-Randomizing Instruction Addresses of Legacy x86 Binary Code, Exploiting an Antivirus Interface, Reining In Windows API Abuses with In-lined Reference Monitors, and Securing Untrusted Code via Compiler-Agnostic Binary Rewriting.
 
Vishwath earned his I.S.C. in Computer Science at Bishop Cottons, India in 2002 and earned his B.E. in Computer Science at Visvesvaraya Technological University, India in 2006. He earned his MS in Computer Science at The University of Texas at Dallas in 2008.
 
Read “Frankenstein” virus could assemble itself from app snippets. Read his LinkedIn profile. Follow his Twitter feed.