Advancing Security Red-Teaming through Probabilistic Binary Analysis

Speaker: Dr. Zhuo Zhang
Purdue University

Title: Advancing Security Red-Teaming through Probabilistic Binary Analysis

Date: Monday, 10 March 2025

Time: 10:00am - 11:00am

Join Zoom Meeting: https://hkust.zoom.us/j/96688516988?pwd=qfj1PQIjEi0I75lwVGfY7PurdPDRBW.1
Meeting ID: 966 8851 6988
Passcode: 202526

Abstract:

Digital systems are the backbone of modern society, supporting everything from critical infrastructure to everyday communications. As these systems grow increasingly complex, securing them requires collective and broader community efforts beyond in-house teams. Third-party red-teaming plays a crucial role in this shared responsibility by conducting rigorous security assessments to uncover hidden vulnerabilities and inform proactive defense strategies. However, a major challenge for independent security teams is the frequent lack of access to the system of interest, particularly its source code, which hinders red-teaming efforts.

In this talk, I will introduce probabilistic binary analysis, a novel framework that leverages probabilistic modeling to analyze compiled binaries when source code is unavailable. By systematically examining binary behavior and rigorously modeling the uncertainties inherent in the analysis process, this approach uncovers security flaws and provides actionable insights for proactive defense. Our method has already demonstrated real-world impact by identifying critical vulnerabilities in widely used systems, earning substantial bug bounties, and receiving recognition through the SIGSAC Doctoral Dissertation Award.

Biography:

Zhuo Zhang is a postdoctoral researcher at Purdue University specializing in software and system security. His research has been published in top-tier venues, including IEEE S&P, USENIX Security, ACM CCS, NDSS, ICSE, OOPSLA, and PLDI. Zhuo's projects have collectively garnered approximately 2,000 GitHub stars and have been adopted in real-world practice by DARPA and ONR. His work has received several prestigious accolades, including Distinguished Paper Awards at OOPSLA 2019 and CCS 2024, as well as the 2024 ACM SIGSAC Doctoral Dissertation Award. He earned his Ph.D. in Computer Science from Purdue University in 2023 under the guidance of Prof. Xiangyu Zhang.