Attend the ARO System Security Workshop, April 4

March 31, 2025 (Last updated: April 2, 2025)

graphic depicting a person at laptop computer

The Center for Cybersecurity and Trusted Foundations at Arizona State University and the School of Computing and Augmented Intelligence would like to invite you to the upcoming ARO System Security Workshop.

The workshop is designed to identify real-world software security cases that can guide future multidisciplinary research in the field, identify current gaps among different areas and establish a framework for mitigating vulnerabilities, especially those in large-scale and complicated systems. This event is supported by the U.S. Department of Defense Army Research Office, under Grant W911NF-24-1-0119.

The views, opinions and/or findings expressed at or in relation to this event are those of the participants and should not be construed as an official Department of the Army or U.S. Government position, policy or decision, unless so designated by other documentation.

Abstract

For decades, law enforcement has attempted to combat malware with limited success. These efforts have primarily relied on blocking and seizing command and control, or C and C, servers, yet malware continuously evolves to evade these measures. In this talk, Brendan Saltaformaggio will present the CyFI Lab’s research that advances malware forensics from reactive defense to proactive remediation. The process begins by forecasting malware capabilities from cyberattack memory snapshots, predicting malicious actions before execution. Next, malware’s stealth techniques are explored through an empirical study of its abuse of legitimate web applications. These insights are used to develop methods for covertly infiltrating malware C and C servers using over-permissioned protocols, enabling large-scale monitoring without detection by adversaries. Finally, we demonstrate proactive defense by repurposing attacker infrastructure to deliver automated remediation payloads via malware’s own update mechanisms. Collectively, this research enhances forensic techniques to not only expose malware strategies but also actively disrupt and remediate ongoing threats.

About the speaker

Brendan Saltaformaggio is an associate professor in the School of Cybersecurity and Privacy and the School of Electrical and Computer Engineering at Georgia Tech. His research interests lie in cyber forensics, computer systems security and the vetting of untrusted software. Saltaformaggio earned a National Science Foundation Faculty Early Career Development Program (CAREER) Award, the Inaugural GTRI Research Fellowship, two Cisco Systems University Research Program Gifts, a Best Paper Award from the Association for Computing Machinery, or ACM, Conference on Computer and Communications Security, and a Best Student Paper Award from USENIX Security. Saltaformaggio has been the lead principal investigator on research projects totaling more than $13.5 million. Originally from New Orleans, Saltaformaggio earned a bachelor’s degree with honors from the University of New Orleans in 2012 as well as a master’s degree in 2014 and doctoral degree in 2016 from Purdue University. In 2017, he received the ACM Special Interest Group on Security, Audit and Control Doctoral Dissertation Award.

Predict, Monitor, Disrupt: Cyber Forensics Research to Enable Proactive Malware Remediation
Friday, April 4, 2025
Noon–1 p.m.
Brickyard (BYENG) M1-09, Tempe campus [map]
Attend online via Zoom