During my time as a doctoral student in the SycureLab at Syracuse University, I've studied a number of tools and techniques that are used to perform malware reverse engineering via dynamic analysis. I began building a tool of my own, called DECAF (Dynamic Executable Code Analysis Framework), to assist in this sort of work. While it began as a simple class project, DECAF has grown and matured a great deal over the past two years. It has become our lab's standard tool for performing malware dynamic analysis.
DECAF uses an emulation-based approach to malware analysis. Using the QEMU processor emulator as a base, DECAF adds functionality for data tainting, instruction tracing, semantic gap reduction, and extensible plug-in support. While similar to the functionality of other whole-system analysis platforms, DECAF is often much, much faster. This allows us to add more instrumentation per emulated instruction, which leads to more complex analyses and studies.
Please take a look at the poster on DECAF that I put together for a recent research poster session to see a little bit more detail on DECAF's approach to data flow tracking.
A guest lecture that I gave to students taking the graduate "Mobile Operating Systems" course at Syracuse University (October 2013).
When I was doing some post-graduate work in electrical engineering at University of North Florida, I joined a research group that was performing research in the area of brain-computer interfacing (BCI). I published two papers on controlling robotics using eletroencephalographic signals under NSF award #0905468.
One of the demonstrations based upon our research work.
Here is a list of the magazine articles and peer-reviewed papers that I have authored or co-authored. Not everything that I write is intended for an academic audience. I like to write educational articles about my research work and personal projects to help others to better understand the material that I work on.A. Henderson, A. Prakash, L. K. Yan, X. Hu, X. Wang, R. Zhou, and H. Yin. Make it work, make it right, make it fast: building a platform-neutral whole-system dynamic binary analysis platform. To appear in the Proceedings of the International Symposium on Software Testing and Analysis (ISSTA'14), San Jose, CA, July 2014.
A. Henderson (2014, April). Patrulha do código. Linux Magazine, 60-64.
A. Henderson (2014, March). Bred in the Bone: BeagleBone capes. Raspberry Pi Geek, 64-68.
L. K. Yan, A. Henderson, X. Hu, H. Yin, and S. McCamant. On soundness and precision of dynamic taint analysis. Technical Report SYR-EECS-2014-04, Syracuse University, January 2014.
A. Henderson (2013, December). Beagle Music: HDMI and the BeagleBone Black multimedia environment. Raspberry Pi Geek, 20-24.
A. Henderson (2013, December). SecurityCode-Kontrolle: Malware analysieren und bekämpen. Admin: IT-Praxis & Strategie, 78-91.
A. Henderson (2013, October). Code Patrol: Fighting malware with static and dynamic code analysis. Linux Magazine, 16-19.
N. Waytowich, A. Henderson, D. Krusienski, and D. Cox (2010, September). Robot application of a brain computer interface to staubli TX40 robots-early stages. In World Automation Congress (WAC), 2010 (pp. 1-6). IEEE.
A. Henderson (2010, May). A design for a middleware communications layer between an industrial robotic arm and the BCI2000 software package. In Proceedings of the Florida Conference on Recent Advances in Robotics (FCRAR).
I have served as an external reviewer for several conferences, workshops, and journals:
Annual Computer Security Applications Conference (ACSAC), 2014
ACM Conference on Computer and Communications Security (CCS), 2014
IEEE Transactions on Reliability, 2013
Network and Distributed System Security Symposium (NDSS), 2013