We’re exploring novel techniques to improve computer defence. This includes automatically hardening programs, patching zero-day vulnerabilities in seconds, and conducting regression testing at scale before nefarious adversaries can exploit them. We aim to achieve this without compromising software performance or functionality.
Overall, we are identifying:
1. The best methods to apply the latest security mitigations to compiled binaries.
2. How to repair software once unknown vulnerabilities have been detected.
3. Intelligence required for automated processes to know if it is worth patching a security flaw if the risk and likelihood of impact is minimal.
Our research domains include:
- Symbolic execution
- Binary translation
- Binary rewriting/recompilation
- Memory safety checks
- Semantic program verification
- Dynamic taint analysis
- Binary optimisation
- Machine learning