Recon 2024

Cristina Cifuentes

As Vice President of Oracle's Software Assurance organisation, I lead a team of world-class security researchers and engineers whose passion lies in solving the big issues in Software Assurance. Our mission is to make application security and software assurance, at scale, a reality. We enjoy working with today's complex enterprise systems composed of millions of lines of code, variety of languages, established and new technologies, to detect vulnerabilities and attack vectors before others do. Automation is important, so are security assessments.

Cristina was the founding Director of Oracle Labs Australia in 2010, a team she led for close to 12 years. As Director of Oracle Labs Australia, I led a team of world-class Researchers and Engineers whose passion lies in solving the big issues in Program Analysis. Our team specialises in software vulnerability detection and developer productivity enhancement – in the context of real-world, commercial applications that contain millions of lines of code. My team successfully released Oracle Parfait, a static analysis tool used by thousands of C/C++/Java developers each day. Our inventions have resulted in dozens of US patents at Oracle and Sun Microsystems, and our impact on program analysis is well known through our active participation and publication record.

Cristina’s passion for tackling the big issues in the field of Program Analysis began with her doctoral work in binary decompilation at the Queensland University of Technology, which led to her being named the Mother of Decompilation for her contributions to this domain. In an interview with Richard Morris for Geek of the Week, Cristina talks about Parfait, Walkabout and her career journey in this field.

Before she joined Oracle and Sun Microsystems, Cristina held academic posts at major Australian Universities, co-edited Going Digital, a landmark book on Cybersecurity, and served on the executive committees of ACM SIGPLAN and IEEE Reverse Engineering.

Cristina continues to play an active role in the international programming language and software security communities. Where possible, she channels her interests into mentoring young programmers through the CoderDojo network and mentoring women in STEM.

The speaker's profile picture

Sessions

06-28
10:00
60min
From Student of Compilation to Mother of Decompilation -- 30 Years Edition
Cristina Cifuentes

From Student of Compilation to Mother of Decompilation -- 30 years edition
Cristina Cifuentes
VP, Oracle Software Assurance

Having worked on a machine code interpreter for the Modula-2 language for my Compilers project in 1990 and later integrating it into a mixed GPM Modula-2 compiler/interpreter for the 8086 during the summer of 1990-91 meant that I was familiar with assembly language and had a notion of transforming an intermediate representation into executable assembly code. Enjoying compilers and hearing about the latest viruses that were becoming popular in DOS binaries raised my interest in looking into binaries/executable programs to determine how to reverse compile them back into a high-level language representation, to be able to aid with an automated tool in understanding what the virus code was doing. And hence I enrolled in a PhD in April 1991.

30 years ago, on 4th July 1994, I submitted my PhD thesis on "Reverse Compilation Techniques". Little did I know that such a fun project, looking into 80286 DOS binaries and reading assembly, drawing graphs of groups of assembly instructions, understanding how parameters were passed in assembly language, determining what optimising compilers would do to optimised parameters and code, following variables through a function and the whole program to understand data flows and how variables were stored on the stack or memory; would result in techniques that would be picked up in the 2000s with the growing interest in application security.

In this keynote I give a retrospective on the decompilation PhD work, the growing interest on this technology throughout the past three decades, examples of commercial uses of decompilation, and conclude with an application of decompilation to develop a malware analysis tool.

To learn more about Cristina:

LinkedIn: https://www.linkedin.com/in/drcristinacifuentes
Twitter: @criscifuentes
Oracle: https://labs.oracle.com/pls/apex/f?p=94065:11:10856631025365:21

Keynote
Grand Salon
06-28
17:30
60min
Decompilation Panel
Ilfak Guilfanov, Cristina Cifuentes, Chris Wysopal, Sergey Bratus, Rusty Wagner

Decompilation Panel

Panel
Grand Salon