This is what bridges the worlds of compiler technology and verification, which led me to malware detection. In essence, malware disregards all the coding conventions that compilers depend upon. If you assume something is one way, then you can miss the bug–which by definition means that things aren’t working as they should. In verification, you know what is supposed to happen and you’re looking for cases where it doesn’t happen because of a bug. I joined IBM in 1994 and started working in the area of formal verification.
#Tokyo detectives cyber code
As a result, I became comfortable working directly with machine code, and intimately familiar with the structure of code generated by standard compilers. We spent a lot of time debugging by going into the binary code and editing it manually to verify our code fixes. It was the last thing we did before going home at night. At that time, compiling the compiler would take eight hours, so we could only compile once a day. I started out working on compilers back in the 1980s. My team builds tools that are used by other security experts to make sure malware is detected faster and more accurately.Įverything I did in the past feeds into this. Our goal is to detect it immediately so that the malicious behavior is blocked. It can sometimes take weeks or months for a new piece of malware to be identified. So the challenge is to evade the evasion code. And if noticed, the code will automatically divert from malicious behavior to benign. They have sophisticated ways of knowing if they are being tracked. My job is to understand what the hackers are trying to do so we can stop them. Once hackers get inside the system and run their code, they want to keep it hidden.
#Tokyo detectives cyber software
What is your area of expertise in this field?Īs opposed to a lot of the security software out on the market, we’re not looking into the attack, but rather investigating the malware itself. For instance, using a very long multi-threaded function whose sole purpose is to return the value 0. The extra code might do nothing except waste time, but it also might perform necessary calculations in a convoluted manner. But they write it in 25 million lines of code so it becomes almost impossible to find the lines that do the damage. For example, if malware authors want to find out if I’m surfing my bank site so they can take my password, they can achieve that in about 25 lines of code. They purposely make it hard to figure out what they’re doing so it’s difficult to debug. My job is to constantly think about how someone could misuse a system.įor example, one of the ways malware writers try to make detection difficult is by flouting and abusing coding conventions. This makes it difficult to understand what they are doing. How does a malware writer try to evade detection?Ĭybercrooks use things the wrong way on purpose. With malware moving all over the globe and going mobile, according to IBM X-Force’s 2016 report, I spoke to Cindy about her work and how her unique approach to the security business is helping put a stop to these breaches and threats. Today, as an expert in malware evasion techniques, she tries to figure out how the bad guys are avoiding detection as they try to hack our computers to steal money, take over systems, defraud people, or do other damage.
#Tokyo detectives cyber tv
Since she was a child, Cindy Eisner, a senior technical staff member at IBM Research – Haifa, has loved watching whodunit detective shows on TV and reading suspense thrillers.
Cindy Eisner, Senior Technical Staff Member at IBM Research – Haifa
0 kommentar(er)
