SPIDER: Stealthy binary program instrumentation and debugging via hardware virtualization

ACM International Conference Proceeding Series

Volumn , Issue , 2013, Pages 289-298

  Deng, Zhui ^a   Zhang, Xiangyu ^a   Xu, Dongyan ^a  

^a Purdue University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANTI-DEBUGGING; BINARY PROGRAMS; HARDWARE VIRTUALIZATION; INSTRUCTION-LEVEL; INSTRUMENTATION TOOLS; MALWARE ANALYSIS; PROGRAM INSTRUMENTATIONS; SECURITY APPLICATION;

COMPUTER DEBUGGING; HARDWARE; INSTRUMENTS; SECURITY OF DATA; SECURITY SYSTEMS; VIRTUAL REALITY;

PROGRAM DEBUGGING;

EID: 84893231124     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2523649.2523675     Document Type: Conference Paper

References (40)

1. Gdb. http://www.gnu.org/software/gdb/.
2. Ida pro. http://www.hex-rays.com/idapro/.
3. Kvm. http://www.linux-kvm.org/.
4. O. Agesen, J. Mattson, R. Rugina, and J. Sheldon. Software techniques for avoiding hardware virtualization exits. In USENIX ATC'12.
5. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. SOSP'03.
6. U. Bayer, C. Kruegel, and E. Kirda. Ttanalyze: A tool for analyzing malware. In EICAR'06.
7. F. Bellard. Qemu, a fast and portable dynamic translator. In USENIX ATC'05.
8. S. Bhansali, W.-K. Chen, S. De Jong, A. Edwards, R. Murray, M. Drinić, D. Mihočka, and J. Chau. Framework for instruction-level tracing and analysis of program executions. In VEE'06.
9. R. R. Branco, G. N. Barbosa, and P. D. Neto. Scientific but not academical overview of malware anti-debugging, anti-disassembly and anti-vm technologies. Blackhat USA'12.
10. D. Bruening. Efficient, transparent, and comprehensive runtime code manipulation. PhD thesis, 2004.
11. D. Bruening, Q. Zhao, and S. Amarasinghe. Transparent dynamic instrumentation. In VEE'12.
12. P. P. Bungale and C.-K. Luk. Pinos: a programmable framework for whole-system dynamic instrumentation. In VEE'07.
13. Z. Deng, D. Xu, X. Zhang, and X. Jiang. Introlib: Efficient and transparent library call introspection for malware forensics. In DFRWS'12.
14. A. Dinaburg, P. Royal, M. Sharif, and W. Lee. Ether: malware analysis via hardware virtualization extensions. In CCS'08.
15. P. Feiner, A. D. Brown, and A. Goel. Comprehensive kernel instrumentation via dynamic binary translation. In ASPLOS'12.
16. P. Ferrie. Attacks on virtual machine emulators. Symantec Advanced Threat Research, 2006.
17. P. Ferrie. Attacks on more virtual machine emulators. Symantec Technology Exchange, 2007.
18. T. Garfinkel and M. Rosenblum. A virtual machine introspection based architecture for intrusion detection. In NDSS'03.
19. M. Grace, Z. Wang, D. Srinivasan, J. Li, X. Jiang, Z. Liang, and S. Liakh. Transparent protection of commodity os kernels using hardware virtualization. In SecureComm'10.
20. F. Guo, P. Ferrie, and T.-C. Chiueh. A study of the packer problem and its solutions. In RAID'08.
21. Intel. Intel 64 and IA-32 Architectures Software Developer's Manual, Volume 3C.
22. M. G. Kang, H. Yin, S. Hanna, S. McCamant, and D. Song. Emulating emulation-resistant malware. In VMSec'09.
23. M. A. Laurenzano, M. M. Tikir, L. Carrington, and A. Snavely. Pebil: Efficient static binary instrumentation for linux. In ISPASS'10.
24. K. P. Lawton. Bochs: A portable pc emulator for unix/x. Linux Journal, 1996.
25. K. H. Lee, X. Zhang, and D. Xu. High accuracy attack provenance via binary-based execution partition. In NDSS'13.
26. C. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. Reddi, and K. Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In PLDI'05.
27. N. Nethercote and J. Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation.
28. A. Nguyen, N. Schear, H. Jung, A. Godiyal, S. King, and H. Nguyen. Mavmm: Lightweight and purpose built vmm for malware analysis. In ACSAC'09.
29. T. Raffetseder, C. Krügel, and E. Kirda. Detecting system emulators. In ISC'07.
30. N. Riva and F. Falćon. Dynamic binary instrumentation frameworks: I know you're there spying on me. REcon'12.
31. J. Rutkowska. Subverting vista kernel for fun and profit. Blackhat USA'06.
32. K. Scott, N. Kumar, S. Velusamy, B. Childers, J. Davidson, and M. Soffa. Retargetable and reconfigurable software dynamic translation. In CGO'03.
33. D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. G. Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena. Bitblaze: A new approach to computer security via binary analysis. In ICISS'08.
34. A. Vasudevan. Re-inforced stealth breakpoints. In CRiSIS'09.
35. A. Vasudevan and R. Yerraballi. Cobra: Fine-grained malware analysis using stealth localized-executions. In IEEE S&P'06.
36. A. Vasudevan and R. Yerraballi. Stealth breakpoints. In ACSAC'05.
37. S. Vogl and C. Eckert. Using hardware performance events for instruction-level monitoring on the x86 architecture. In EuroSec'12.
38. C. Willems, R. Hund, A. Fobian, D. Felsch, T. Holz, and A. Vasudevan. Down to the bare metal: Using processor features for binary analysis. In ACSAC'12.
39. L.-K. Yan, M. Jayachandra, M. Zhang, and H. Yin. V2e: combining hardware virtualization and softwareemulation for transparent and extensible malware analysis. In VEE'12.
40. O. Yuschuk. Ollydbg. http://www.ollydbg.de/.