BitBlaze: A new approach to computer security via binary analysis

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5352 LNCS, Issue , 2008, Pages 1-25

  Song, Dawn ^a   Brumley, David ^b   Yin, Heng ^a,b,c   Caballero, Juan ^a,b   Jager, Ivan ^b   Kang, Min Gyung ^a,b   Liang, Zhenkai ^b   Newsome, James ^b   Poosankam, Pongsin ^a,b   Saxena, Prateek ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b CARNEGIE MELLON UNIVERSITY   (United States)

^c The College of William and Mary   (United States)

Author keywords

Binary analysis; Malware analysis and defense; Reverse engineering; Vulnerability analysis and defense

Indexed keywords

BINARY ANALYSIS; BROAD SPECTRUM; COMPUTER SECURITY; MALWARE ANALYSIS AND DEFENSE; NEW APPROACHES; NOVEL SOLUTIONS; PROGRAM VERIFICATION (PV); SECURITY APPLICATIONS; SECURITY PROBLEMS; VULNERABILITY ANALYSIS AND DEFENSE;

COMPUTER CRIME; INFORMATION SYSTEMS; REENGINEERING; REVERSE ENGINEERING; SECURITY OF DATA; SECURITY SYSTEMS;

DYNAMIC ANALYSIS;

EID: 58449129985     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-89862-7_1     Document Type: Conference Paper

References (43)

1. CVC Lite documentation (Page checked 7/26/2008), http://www.cs.nyu.edu/ acsys/cvcl/doc/
2. The DOT language (Page checked 7/26/2008), http://www.graphviz.org/doc/ info/lang.html
3. On the run - building dynamic modifiers for optimization, detection, and security. Original DynamoRIO announcement via PLDI tutorial (June 2002)
4. ARM. ARM Architecture Reference Manual (2005) Doc. No. DDI-0100I
5. Balakrishnan, G.: WYSINWYX: What You See Is Not What You eXecute. PhD thesis, Computer Science Department, University of Wisconsin at Madison (August 2007)
6. Balakrishnan, G., Gruian, R., Reps, T, Teitelbaum, T: Codesurfer/x86 - a platform for analyzing x86 executables. In: Proceedings of the International Conference on Compiler Construction (April 2005)
7. Brumley, D., Caballero, J., Liang, Z., Newsome, L, Song, D.: Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation. In: Proceedings of the USENIX Security Symposium, Boston, MA (August 2007)
8. Brumley, D., Hartwig, C, Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Song, D.: Bitscope: Automatically dissecting malicious binaries. Technical Report CS-07-133, School of Computer Science, Carnegie Mellon University (March 2007)
9. Brumley, D., Hartwig, C, Liang, Z., Newsome, J., Poosankam, P., Song, D., Yin, H.: Automatically identifying trigger-based behavior in malware. In: Lee, W. Wang, C, Dagon, D. (eds.) Botnet Detection. Countering the Largest Security Threat Series: Advances in Information Security, vol. 36, Springer, Heidelberg (2008)
10. Brumley, D., Hartwig, C, Liang, Z., Newsome, L, Song, D., Yin, H.: Towards automatically identifying trigger-based behavior in malware using symbolic execution and binary analysis. Technical Report CMU-CS-07-105, Carnegie Mellon University School of Computer Science (January 2007)
11. Brumley, D., Newsome, J., Song, D., Wang, H., Jha, S.: Towards automatic generation of vulnerability-based signatures. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, pp. 2-16 (2006)
12. Brumley, D., Poosankam, P., Song, D., Zheng, J.: Automatic patch-based exploit generation is possible: Techniques and implications. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy (2008)
13. Brumley, D., Wang, H., Jha, S., Song, D.: Creating vulnerability signatures using weakest pre-conditions. In: Proceedings of Computer Security Foundations Symposium (July 2007)
14. Caballero, J., Yin, H., Liang, Z., Song, D.: Polyglot: Automatic extraction of protocol message format using dynamic binary analysis. In: Proceedings of the 14th ACM Conferences on Computer and Communication Security (CCS 2007) (October 2007)
15. Caballero, J., Yin, H., Liang, Z., Song, D.: Polyglot: Automatic extraction of protocol message format using dynamic binary analysis. In: Proceedings of the ACM Conference on Computer and Communications Security (October 2007)
16. Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding data lifetime via whole system simulation. In: Proceedings of the 13th USENIX Security Symposium (Security 2004) (August 2004)
17. Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham P.: Vigilante: End-to-end containment of internet worms. In: In Proceedings of the Symposium on Systems and Operating Systems Principles (SOSP 2005) (2005)
18. Crandall, J.R., Chong, F.T.: Minos: Control data attack prevention orthogonal to memory model. In: Proceedings of the 37th International Symposium on Microarchitecture (MICRO 2004) (December 2004)
19. DataRescue. IDA Pro. (Page checked 7/31/2008), http:/ /www.datarescue.com
20. Dijkstra, E.W.: A Discipline of Programming. Prentice Hall, Englewood Cliffs (1976)
21. Ganesh, V., Dill, D.: STP: A decision procedure for bitvectors and arrays, http://theory.Stanford,edu/-vganesh/stp
22. Ganesh. V., Dill. D.L.: A decision procedure for bit-vectors and arrays. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 524-536. Springer, Heidelberg (2007)
23. Intel Corporation. Intel 64 and IA-32 Architectures Software Developer's Manual, Volumes 1-5 (April 2008)
24. Jackson, D., Rollins, E.J.: Chopping: A generalization of slicing. Technical Report CS-94-169, Carnegie Mellon University School of Computer Science (1994)
25. Kang, M.G., Poosankam, P., Yin, H.: Renovo: A hidden code extractor for packed executables. In: Proceedings of the 5th ACM Workshop on Recurring Malcode (WORM 2007) (October 2007)
26. Kruegel, C, Robertson, W., Valeur, F., Vigna, G.: Static disassembly of obfuscated binaries. In: Proceedings of the USENIX Security Symposium (2004)
27. Luk, C.-K., Cohn, R. Muth, R., Patil, H. Klauser, A., Lowney, G., Wallace, S., Reddi, V.J., Hazelwood, K.: Pin: Building customized program analysis tools with dynamic instrumentation. In: Proceedings of the ACM Conference on Programming Language Design and Implementation (June 2005)
28. Microsoft. Phoenix framework (Paged checked 7/31/2008), http://research.microsoft.com/phoenix/
29. Microsoft. Phoenix project architect posting (Page checked 7/31/2008) (July 2008), http://forums.msdn.microsoft.com/en-US/phoenix/thread/ 90f5212c-05a-4aea-9a8f-a5840a6dl01d
30. Muchnick, S.S.: Advanced Compiler Design and Implementation. Academic Press, London (1997)
31. Nethercote, N.: Dynamic Binary Analysis and Instrumentation or Building Tools is Easy. PhD thesis, Trinity College, University of Cambridge (2004)
32. Newsome, J., Brumley, D., Franklin, J., Song, D.: Replayer: Automatic protocol replay by binary analysis. In: Write, R., De Capitani di Vimercati, S., Shmatikov, V. (eds.) Proceedings of the ACM Conference on Computer and Communications Security, pp. 311-321 (2006)
33. Newsome, J., Brumley, D., Song, D.: Sting: An end-to-end self-healing system for defending against zero-day worm attacks. Technical Report CMU-CS-05-191, Carnegie Mellon University School of Computer Science (2006)
34. Newsome, J., Brumley, D., Song, D.: Vulnerability-specific execution filtering for exploit prevention on commodity software. In: Proceedings of the 13th Annual Network and Distributed Systems Security Symposium, NDSS (2006)
35. Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS 2005) (February 2005)
36. Qemu,http://fabrice.bellard.free.fr/qemu/
37. Simpson, L.T.: Value-Driven Redundancy Elimination. PhD thesis, Rice University Department of Computer Science (1996)
38. Suh, G.E., Lee, J.W., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. In: Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2004) (October 2004)
39. Tridgell. A.: How samba was written (Checked on 8/21/2008) (August 2003). http://www.samba.org/ftp/tridge/misc/french-cafe . txt
40. Tucek, J., Newsome, J., Lu, S., Huang, C, Xanthos, S., Brumley, D., Zhou, Y., Song, D.: Sweeper: A lightweight end-to-end system for defending against fast worms. In: Proceedings of the EuroSys Conference (2007)
41. Valgrind, http :/ /valgrind.org
42. Yin, H., Liang, Z. Song, D.: HookFinder: Identifying and understanding malware hooking behaviors. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS 2008) (February 2008)
43. Yin, H., Song, D., Manuel, E., Kruegel, C, Kirda, E.: Panorama: Capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM Conferences on Computer and Communication Security (CCS 2007) (October 2007)