{"603943":{"#nid":"603943","#data":{"type":"news","title":"Saltaformaggio Tapped for NSF CRII Award","body":[{"value":"\u003Cp\u003EBrendan D. Saltaformaggio has received the CISE Research Initiation Initiative (CRII) Award from the National Science Foundation (NSF).\u003C\/p\u003E\r\n\r\n\u003Cp\u003ESaltaformaggio is an assistant professor in the Georgia Tech School of Electrical and Computer Engineering (ECE), where he leads the Cyber Forensics Innovation Laboratory. The title of his research project is \u0026quot;GEMINI: Guided Execution Based Mobile Advanced Persistent Threat Investigation.\u0026rdquo;\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EAdvanced persistent threat (APT) campaigns are increasingly targeting mobile devices deployed across corporations, governments, and financial institutions. Unfortunately, prohibitively slow responses to even high-profile APT attacks have shown that authorities lack the capability to quickly investigate ongoing attacks (in a matter of hours or days rather than months). To address this challenge, Saltaformaggio\u0026rsquo;s research draws inspiration from recent developments in memory image forensics, in particular a recently introduced technique called guided execution. This technique has provided rapid evidence collection and crime investigation capabilities currently unparalleled in APT investigation.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThrough this research, Saltaformaggio is developing an integrated framework, called GEMINI, which shifts the goal of modern memory forensics from the investigation of physical-world crimes to APT campaigns. Based on the analysis of only a single memory image \u0026ndash; collected from an Android device after an attack is suspected \u0026ndash;\u0026nbsp;GEMINI provides the following set of APT investigation capabilities:\u003C\/p\u003E\r\n\r\n\u003Cul\u003E\r\n\t\u003Cli\u003EBased on exploratory guided execution techniques, GEMINI can search\u0026nbsp;for and re-create previously enacted APT attack stages.\u003C\/li\u003E\r\n\t\u003Cli\u003EBeyond investigating prior attack execution, GEMINI enables the revelation of hidden\/potential future attack behaviors by \u0026ldquo;puppeteering\u0026rdquo; their executing with pre-staged memory image data.\u003C\/li\u003E\r\n\t\u003Cli\u003EAfter exploring future payloads, GEMINI can further leverage its guided execution capabilities for the remediation of the observed attack strategies.\u003C\/li\u003E\r\n\u003C\/ul\u003E\r\n\r\n\u003Cp\u003EThis work directly contributes to national security by advancing research in and developing techniques for the investigation of APT campaigns targeting mobile devices. In addition, the results of this research are being made publicly available with the goal of enhancing discovery and empowering future research in this area, as well as contributing to the development of new curriculum materials focused on malware analysis and reverse engineering.\u003C\/p\u003E\r\n","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":[{"value":"\u003Cp\u003EECE Assistant Professor\u0026nbsp;Brendan D. Saltaformaggio has received the CISE Research Initiation Initiative (CRII) Award from the National Science Foundation.\u003C\/p\u003E\r\n","format":"limited_html"}],"field_summary_sentence":[{"value":"ECE Assistant Professor\u00a0Brendan D. Saltaformaggio has received the CISE Research Initiation Initiative (CRII) Award from the National Science Foundation."}],"uid":"27241","created_gmt":"2018-03-17 21:35:53","changed_gmt":"2018-03-19 11:57:31","author":"Jackie Nemeth","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2018-03-17T00:00:00-04:00","iso_date":"2018-03-17T00:00:00-04:00","tz":"America\/New_York"},"extras":[],"hg_media":{"598635":{"id":"598635","type":"image","title":"Brendan Saltaformaggio","body":null,"created":"1510268641","gmt_created":"2017-11-09 23:04:01","changed":"1510268719","gmt_changed":"2017-11-09 23:05:19","alt":"photo of Brendan Saltaformaggio","file":{"fid":"228216","name":"BrendanSaltaformaggiocrop.jpg","image_path":"\/sites\/default\/files\/images\/BrendanSaltaformaggiocrop.jpg","image_full_path":"http:\/\/www.tlwarc.hg.gatech.edu\/\/sites\/default\/files\/images\/BrendanSaltaformaggiocrop.jpg","mime":"image\/jpeg","size":164036,"path_740":"http:\/\/www.tlwarc.hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/BrendanSaltaformaggiocrop.jpg?itok=XOcMfwgG"}}},"media_ids":["598635"],"related_links":[{"url":"https:\/\/www.ece.gatech.edu\/faculty-staff-directory\/brendan-d-saltaformaggio","title":"Brendan D. Saltaformaggio"},{"url":"https:\/\/cyfi.ece.gatech.edu","title":"Cyber Forensics Innovation Laboratory"},{"url":"http:\/\/www.ece.gatech.edu","title":"School of Electrical and Computer Engineering"},{"url":"http:\/\/www.iisp.gatech.edu","title":"Institute for Information Security and Privacy"},{"url":"http:\/\/www.gatech.edu","title":"Georgia Tech"},{"url":"https:\/\/www.nsf.gov\/funding\/pgm_summ.jsp?pims_id=12810\u0026org=CISE\u0026from=home","title":"NSF Directorate for Computer and Information Science and Engineering"}],"groups":[{"id":"1255","name":"School of Electrical and Computer Engineering"}],"categories":[{"id":"134","name":"Student and Faculty"},{"id":"135","name":"Research"},{"id":"153","name":"Computer Science\/Information Technology and Security"},{"id":"145","name":"Engineering"}],"keywords":[{"id":"175307","name":"Brendan Saltaformaggio"},{"id":"1506","name":"faculty"},{"id":"276","name":"Awards"},{"id":"169143","name":"Institute for Information Security and Privacy"},{"id":"177455","name":"malware analysis"},{"id":"177456","name":"reverse engineering"},{"id":"177457","name":"GEMINI: Guided Execution Based Mobile Advanced Persistent Threat Investigation"},{"id":"177458","name":"guided execution"},{"id":"176201","name":"memory image forensics"},{"id":"177459","name":"advanced persistent threat (APT) campaigns"},{"id":"176203","name":"Cyber Forensics Innovation Laboratory"},{"id":"166855","name":"School of Electrical and Computer Engineering"},{"id":"109","name":"Georgia Tech"},{"id":"362","name":"National Science Foundation"},{"id":"177460","name":"CISE Research Initiation Initiative (CRII)"},{"id":"177461","name":"NSF Directorate for Computer and Information Science and Engineering"}],"core_research_areas":[{"id":"145171","name":"Cybersecurity"}],"news_room_topics":[],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003EJackie Nemeth\u003C\/p\u003E\r\n\r\n\u003Cp\u003ESchool of Electrical and Computer Engineering\u003C\/p\u003E\r\n\r\n\u003Cp\u003E404-894-2906\u003C\/p\u003E\r\n","format":"limited_html"}],"email":["jackie.nemeth@ece.gatech.edu"],"slides":[],"orientation":[],"userdata":""}}}