Research Project - LAREDO

Lincoln Automated Reverse Engineering (LAREDO)

Georgia Tech Student obtaining trace data in order to re-host COTS router with PANDA

Reverse engineering (RE) is the process of discovering undocumented internal and external principles of software or hardware. This is largely a manual process at present, laboriously performed by a handful of experts possessing deep domain knowledge of the systems under inspection. Nevertheless, it is a common and critical task at Lincoln and in the US Government. The LAREDO project aims to advance the state of software RE automation. Our approach is founded on dynamic analysis, in which sophisticated instrumentation is added to software to gather trace data while software runs, for post hoc analysis. The Platform for Architecture-Neutral Dynamic Analysis (PANDA), co-developed by Lincoln with researchers at Northeastern and Georgia Tech, is a particularly exciting LAREDO product. PANDA expands the scope of binary dynamic analysis via an intermediate-language meta-analysis, meaning that code from a diversity of instruction sets (PPC, ARM, MIPS) are available for analysis and not just mainstream X86 binaries.   

PANDA and related LAREDO research projects would have been impossible without close collaboration with a number of university groups.  Professor Wenke Lee of the College of Computing at Georgia Institute of Technology, and Director of the Georgia Tech Information Security Center (GTISC), had this to say about the joint effort. "Georgia Tech has had a fruitful collaboration with MIT Lincoln Lab for the past four years. In that time, we have produced not only top-tier research with our collaborators at Lincoln, but also innovative technology and open-source software that benefits the larger security community. Our most recent accomplishment is PANDA (Platform for Architecture-Neutral Dynamic Analysis), a next-generation research platform developed at Lincoln's BeaverWorks facility on MIT campus. We anticipate that our ongoing work with Group 59 will yield exciting results that help secure critical infrastructure and advance the state of the art in privacy and security."  And according to Professor David Kaeli of Northeastern’s Department of Electrical and Computer Engineering “Our research collaboration with Lincoln Lab has given Northeastern students a easy path to get involved in cutting edge research working with both a leading FFRDC and their faculty mentor on software and hardware security.  The facilities provided at Beaver Works in Cambridge have really helped us build an open collaboration, enabling exciting projects such as PANDA - Full System Tainting to flourish.”

PANDA is open-source and freely available to the research community. The openness of this platform has enabled a number of vertical applications including research efforts in program introspection, embedded device re-hosting, dynamic decompilation, and vulnerability discovery. Students at Northeastern, Georgia Tech, and MIT are actively engaged in these projects under the joint supervision of home institution professors and Lincoln staff members Tim Leek and Ryan Whelan. Leveraging this up-and-coming talent has been crucial to the success of LAREDO and the Beaver Works facility is the nexus of these efforts, providing support and critical space for collaborative work.