Research

Overview

The system security research group is studying the security of software systems. Computers around the world are threatened with malicious software (malware) and attacks.  Members in this group are working on the technology to make people use computers safely, particularly, malware analysis technology, attack prevention technology in IoT environments, and virtualization software technology specialized for providing advanced mechanisms.

Major Research Subjects

Analysis of Advanced Malware

Malware analysis is an operation to clarify malware’s characteristic, behavior, degree of threats, structure, and origin. For example, it clarifies the information on what files malware reads and writes and what sites malware communicates with. Modern malware is complicated and sophisticated, and the analysis is becoming increasingly difficult. For example, programs and data in many malware samples are encrypted or obfuscated, and they cannot be analyzed with simple tools. In addition, some malware samples guess the environment in which they are running, and if they determine they are running in an analysis system, they hide the truly intended behavior by execution termination or repetition of dummy operations.

This research group aims to provide knowledge about the characteristic and behavior of latest malware and to develop technologies for efficient analysis. Recently, the group is working particularly on understanding analysis-hampering operations (anti-analysis operations) and developing countermeasure technologies against them.

A malware analysis result

Prevention of Attacks in IoT Environments

Internet-of-Things (IoT) is currently spreading and it is urgent to build technologies to achieve high security in IoT environments. However, the assumption about security in IoT environments greatly differs from that in PC or smartphone environments. For example, many IoT devices have poor computing resource and running a PC-level security system on them is difficult. In addition, some IoT devices can control equipment such as motors, heaters, and lighting. Attacks against these IoT devices can differ from those against PCs, and conventional knowledge base is insufficient to countermeasure these attacks.

This research group is studying malware and attacks in IoT environments. The group is working on the issue such as what security threats exist, what is the characteristic of actual malware and attacks, and how devices and software need to be developed to reduce the threats.

Attacks against IoT devices

Development of Advanced Virtualization Software

Virtualization software enables to create a virtual computer on a real computer.

This research group also studies virtualization software specialized for provision of  advanced functions. For example, we are continuing to explore virtualization software for analyzing, detecting, and preventing attacks efficiently, and virtualization software for providing virtual hardware that shows peculiar behavior.

A malware analysis system using virtualization software