PANDA – Platform for Architecture-Neutral Dynamic Analysis

An open source platform helps analysts quickly reverse engineer large, real-world binary systems to better analyze how software executes.
PANDA's replay log files are compact and shareable, allowing for repeatable experiments. For example, a nine billion instruction set is represented by only a few hundred megabytes.
PANDA's replay log files are compact and shareable, allowing for repeatable experiments. For example, a nine billion instruction set is represented by only a few hundred megabytes.

The Platform for Architecture-Neutral Dynamic Analysis (PANDA) is a flexible plugin-based framework that helps analysts understand how software behaves as it executes on a system. The platform was designed to facilitate reverse engineering, a process of analyzing code to discover its internal principles. The knowledge gleaned from PANDA can help analysts understand the true conduct of their code, identify errors in the code and determine if those errors are benign or harmful, and make legacy code function on modern operating systems. 

The main feature of PANDA is a novel record-and-replay mechanism that captures a recording of all software executing on a system. Analysts can then replay that recording repeatedly. With each replay, users can implement PANDA's software-analysis plugins, more than 40 of which have been developed by Lincoln Laboratory researchers, university collaborators, and the open-source community. Used iteratively, the plugins help an analyst construct a deep understanding of the system's execution, from determining when key events are executed on the system to tracking specific pieces of data as they flow around the system. Since PANDA's open-source release, universities and companies around the world have been using the platform to improve their software analysis tasks.

Related

Events

Apr 30 -
May 1

Homeland Protection Technologies Workshop 2024

MIT Lincoln Laboratory, Lexington, Massachusetts
May
29 - 30

Cyber Technology for National Security (CTNS) 2024

MIT Lincoln Laboratory, Lexington, Massachusetts

News

Three men stand side by side, with the person in the middle holding a box containing a software package.
Awards

TASR wins a 2024 FLC Excellence in Technology Transfer Award

February 7, 2024
Two individuals hold and look at a drone at an Air Force Base indoor test range.

Cybersecurity technology forms basis for winning pitch at NSIN Foundry competition

February 5, 2024
three people talking around a high top table at a poster session

Workshop explores cyber technology for national security

December 14, 2023
A piece of hardware showing a copper mount with integrated circuit components bonded to it
Awards

Lincoln Laboratory technologies win five R&D World awards

September 7, 2023

Datasets

VPN/NonVPN Network Application Traffic Dataset (VNAT)

cyber security

Publications

Cross-language attacks

Apr 22
Network and Distributed System Security (NDSS) Symposium 2022.

Preventing Kernel Hacks with HAKCs

Apr 22
Network and Distributed System Security (NDSS) Symposium 2022.

Keeping Safe Rust safe with Galeed

Dec 6
Annual Computer Security Applications Conf., ACSAC, December 2021, pp. 824-36.

Practical principle of least privilege for secure embedded systems

May 18
2021 IEEE 27th Real-Time and Embedded Technology and Applications Symp., RTAS. 18-21 May 2021.

Staff

Tim Leek

Tim Leek

Senior Staff