Towards automatic reverse engineering of software security configurations

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2008, Pages 245-255

  Wang, Rui ^a   Wang, XiaoFeng ^a   Zhang, Kehuan ^a,b   Li, Zhuowei ^c  

^a INDIANA UNIVERSITY   (United States)

^b HUNAN UNIVERSITY   (China)

^c MICROSOFT   (United States)

Author keywords

Access control; Configuration; Context free language; Reserse engineering; Taint analysis

Indexed keywords

ACCESS CONTROL POLICIES; CONFIGURATION; CONFIGURATION FILES; CONTROL CONFIGURATION; GRAPHIC USER INTERFACE; MISCONFIGURATIONS; PARSER GENERATORS; REAL APPLICATIONS; RESERSE ENGINEERING; SECURITY POLICY; SEMANTIC RELATIONS; SOFTWARE SECURITY; TAINT ANALYSIS;

ACCESS CONTROL; LINGUISTICS; REENGINEERING; REVERSE ENGINEERING; SECURITY SYSTEMS; SOFTWARE ENGINEERING; SPECIFICATION LANGUAGES; SPECIFICATIONS; USER INTERFACES; XML;

CONTEXT FREE LANGUAGES;

EID: 70349276979     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1455770.1455802     Document Type: Conference Paper

References (33)

1. flex: The Fast Lexical Analyzer. http://flex.sourceforge.net/, as of 2008.
2. bftpd. http://freshmeat.net/projects/bftpd/, as of April, 2008.
3. Microsoft baseline security analyzer, http://www.microsoft.com/technet/ security/tools/MBSAHome.mspx,as of April, 2008.
4. P. Anderson, P. Goldsack, and J. Paterson. Smartfrog meets lcfg: Autonomous reconfiguration with central policy control. In LISA '03: Proceedings of the 17th USENIX conference on System administration, pages 213-222, 2003.
5. D. Brumley, J. Newsome, D. X. Song, H. Wang, and S. Jha. Towards automatic generation of vulnerability-based signatures. In S&P, pages 2-16, 2006.
6. M. Burgess. Cfengine: A site configuration engine. USENIX Computing systems, 8(3):309-337, Summer 1995.
7. J. Caballero, H. Yin, Z. Liang, and D. Song. Polyglot: automatic extraction of protocol message format using dynamic binary analysis. In CCS '07: Proceedings of the 14th ACM conference on Computer and communications security, pages 317-329, 2007.
8. W. Cheng, Q. Zhao, B. Yu, and S. Hiroshige. Tainttrace: Efficient flow tracing with dynamic binary rewriting. In ISCC, pages 749-754, 2006.
9. J. Clause, W. Li, and A. Orso. Dytan: a generic dynamic taint analysis framework. In ISSTA '07: Proceedings of the 2007 international symposium on Software testing and analysis, pages 196-206, 2007.
10. J. R. Crandall, Z. Su, and S. F. Wu. On deriving unknown vulnerabilities from zero-day polymorphic and metamorphie worm exploits. In CCS '05: Proceedings of the 12th ACM conference on Computer and communications security, pages 235-248, New York, NY, USA, 2005. ACM Press.
11. W. Cui, J. Kannan, and H. J. Wang. Discoverer: Automatic protocol reverse engineering from network traces. In Proceedings of the 16th USENIX Security Symposium, August 2007.
12. C. Donnelly and R. Stallman. Bison: The Yacc-Compatible Parser Generator. Luniverse Inc, Bloomington, Indiana, 2000.
13. M. Egele, C. Kruegel, E. Kirda, H. Yin, and D. Song. Dynamic spyware analysis. In Proceedings of the 2007 USENIX Annual Technical Conference (Usenix'07), June 2007.
14. J. C. King. Symbolic execution and program testing. Commun. ACM, 19(7):385-394, 1976.
15. E. Kycyman and Y.-M. Wang. Discovering correctness constraints for self-management of system configuration. In ICAC '04: Proceedings of the Eirst International Conference on Autonomic Computing, pages 28-35, 2004.
16. T. Lengauer and R. E. Tarjan. A fast algorithm for finding dominators in aflowgraph. ACM Trans. Program. Lang. Syst., 1(1): 121-141, 1979.
17. Z. Lin, X. Jiang, D. Xu, and X. Zhang. Automatic protocol format reverse engineering through context-aware monitored execution. In NDSS, 2008.
18. C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In PLDI '05: Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, pages 190-200, 2005.
19. A. Moser, C. Kriigei, and E. Kirda. Exploring multiple execution paths for malware analysis. In IEEE Symposium on Security and Privacy, pages 231-245, 2007.
20. K. Nagaraja, F. Oliveira, R. Bianchini, R. P. Martin, and T. D. Nguyen. Understanding and dealing with operator mistakes in internet services. In OSDI'04: Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation, pages 5-5, 2004.
21. J. Newsome, D. Brumley, J. Franklin, and D. X. Song. Replayer: automatic protocol replay by binary analysis. In ACM Conference on Computer and Communications Security, pages 311-321, 2006.
22. J. Newsome and D. X. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In NDSS, 2005.
23. D. Oppenheimer, A. Ganapathi, and D. Patterson. Why do internet services fail, and what can be done about it? In Proceedings of the 4th USENIX Symposium on Internet Technologies and System (USITS '03), 2003.
24. F. Qin, C. Wang, Z. Li, H.-S. Kim, Y. Zhou, and Y Wu. Lift: A low-overhead practical information flow tracking system for detecting security attacks. In MICRO, pages 135-148, 2006.
25. J. Seward and N. Nethercote. Using valgrind to detect undefined value errors with bit-precision. In USENIX Annual Technical Conference, General Track, pages 17-30, 2005.
26. N. Vachharajani, M. J. Bridges, J. Chang. R. Rangan, G. Ottoni, J. A. Blome, G. A. Reis, M. Vachharajani, and D. I. August. RIFLE: An architectural framework for user-centric information-flow security. In MICRO, pages 243-254. IEEE Computer Society, 2004.
27. H. J. Wang, J. C. Platt, Y. Chen, R. Zhang, and Y.-M. Wang. Automatic misconfiguration troubleshooting with peerpressure. In OSDI, pages 245-258, 2004.
28. R. Wang, X. Wang, K. Zhang, and Z. Li. Towards automatics reverse engineering of software security configurations. Technical Report IUCS-TR667, Indiana University, 2008.
29. Y.-M. Wang, C. Verbowski, J. Dunagan, Y. Chen, H. J. Wang, C. Yuan, and Z. Zhang. Strider: A black-box, state-based approach to change and configuration management and support. In LISA, pages 159-172, 2003.
30. A. Whitaker, R. S. Cox, and S. D. Gribble. Configuration debugging as search: finding the needle in the haystack. In OSDI'04: Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation, pages 6-6, 2004.
31. G. Wondracek, P. M. Comparetti, C. Kruegel, and E. Kirda. Automatic network protocol analysis. In NDSS, 2008.
32. H. Yin, D. Song, E. Manuel, C. Kruegel, and E. Kirda. Panorama: Capturing system-wide information flow for malware detection and analysis. In Proceedings of the 14th ACM Conferences on Computer and Communication Security (CCS'07), October 2007.
33. W. Zheng, R. Bianchini, and T. D. Nguyen. Automatic configuration of internet services. In EuroSys '07: Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007, pages 219-229," New York, NY, USA, 2007. ACM.