During my time as a doctoral student in the SycureLab at Syracuse University, I've studied a number of tools and techniques that are used to perform malware reverse engineering via dynamic analysis. I began building a tool of my own, called DECAF (Dynamic Executable Code Analysis Framework), to assist in this sort of work. While it began as a simple class project, DECAF has grown and matured a great deal over the past two years. It has become our lab's standard tool for performing malware dynamic analysis.
DECAF uses an emulation-based approach to malware analysis. Using the QEMU processor emulator as a base, DECAF adds functionality for data tainting, instruction tracing, semantic gap reduction, and extensible plug-in support. While similar to the functionality of other whole-system analysis platforms, DECAF is often much, much faster. This allows us to add more instrumentation per emulated instruction, which leads to more complex analyses and studies.
Please take a look at the poster on DECAF that I put together for a recent research poster session to see a little bit more detail on DECAF's approach to data flow tracking.
A guest lecture that I gave to students taking the graduate "Mobile Operating Systems" course at Syracuse University (October 2013).
When I was doing some post-graduate work in electrical engineering at University of North Florida, I joined a research group that was performing research in the area of brain-computer interfacing (BCI). I published two papers on controlling robotics using eletroencephalographic signals under NSF award #0905468.
One of the demonstrations based upon our research work.
Here is a list of the articles and peer-reviewed papers that I have authored or co-authored. Not everything that I write is intended for an academic audience. I like to write educational articles about my research work and personal projects to help others to better understand the material that I work on.
Henderson, A. (2013, December). Beagle Music: HDMI and the BeagleBone Black multimedia environment. Raspberry Pi Geek, 20-24.
Henderson, A. (2013, December). SecurityCode-Kontrolle: Malware analysieren und bekämpen. Admin: IT-Praxis & Strategie.
Henderson, A. (2013, October). Code Patrol: Fighting malware with static and dynamic code analysis. Linux Magazine, 16-19.
Waytowich, N., Henderson, A., Krusienski, D., & Cox, D. (2010, September). Robot application of a brain computer interface to staubli TX40 robots-early stages. In World Automation Congress (WAC), 2010 (pp. 1-6). IEEE.
Henderson, A. (2010, May). A design for a middleware communications layer between an industrial robotic arm and the BCI2000 software package. In Proc. Florida Conference on Recent Advances in Robotics (FCRAR).