发布求助
文献互助 智能选刊 最新文献

Proceedings 2023 Workshop on Binary Analysis Research最新文献

筛选
英文 中文
Accurate Compiler and Optimization Independent Function Identification Using Program State Transformations 使用程序状态转换的精确编译和优化独立函数识别
Proceedings 2023 Workshop on Binary Analysis Research Pub Date : 1900-01-01 DOI: 10.14722/bar.2023.23003
D. McKee, N. Burow, Mathias Payer
{"title":"Accurate Compiler and Optimization Independent Function Identification Using Program State Transformations","authors":"D. McKee, N. Burow, Mathias Payer","doi":"10.14722/bar.2023.23003","DOIUrl":"https://doi.org/10.14722/bar.2023.23003","url":null,"abstract":"","PeriodicalId":411073,"journal":{"name":"Proceedings 2023 Workshop on Binary Analysis Research","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115195888","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
PISE: Protocol Inference using Symbolic Execution and Automata Learning 使用符号执行和自动机学习的协议推理
Proceedings 2023 Workshop on Binary Analysis Research Pub Date : 1900-01-01 DOI: 10.14722/bar.2023.23002
Ron Marcovich, O. Grumberg, Gabi Nakibly
{"title":"PISE: Protocol Inference using Symbolic Execution and Automata Learning","authors":"Ron Marcovich, O. Grumberg, Gabi Nakibly","doi":"10.14722/bar.2023.23002","DOIUrl":"https://doi.org/10.14722/bar.2023.23002","url":null,"abstract":"—Protocol Inference is the process of gaining informa- tion about a protocol from a binary code that implements it. This process is useful in cases such as extraction of the command and control protocol of a malware, uncovering security vulnerabilities in a network protocol implementation or verifying conformance to the protocol’s standard. Protocol inference usually involves time-consuming work to manually reverse engineer the binary code. We present a novel method to automatically infer state machine of a network protocol and its message formats directly from the binary code. To the best of our knowledge, this is the first method to achieve this solely based on a binary code of a single peer. We do not assume any of the following: access to a remote peer, access to captures of the protocol’s traffic, and prior knowledge of message formats. The method leverages extensions to symbolic execution and novel modifications to automata learning. We validate the proposed method by inferring real-world protocols including the C&C protocol of Gh0st RAT, a well-known malware.","PeriodicalId":411073,"journal":{"name":"Proceedings 2023 Workshop on Binary Analysis Research","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131704747","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
podft: On Accelerating Dynamic Taint Analysis with Precise Path Optimization 用精确路径优化加速动态污点分析
Proceedings 2023 Workshop on Binary Analysis Research Pub Date : 1900-01-01 DOI: 10.14722/bar.2023.23010
Zhiyou Tian, Cong Sun, Dongrui Zeng, Gang Tan
{"title":"podft: On Accelerating Dynamic Taint Analysis with Precise Path Optimization","authors":"Zhiyou Tian, Cong Sun, Dongrui Zeng, Gang Tan","doi":"10.14722/bar.2023.23010","DOIUrl":"https://doi.org/10.14722/bar.2023.23010","url":null,"abstract":"—Dynamic taint analysis (DTA) has been widely used in security applications, including exploit detection, data provenance, fuzzing improvement, and information flow control. Meanwhile, the usability of DTA is argued on its high runtime overhead, causing a slowdown of more than one magnitude on large binaries. Various approaches have used preliminary static analysis and introduced parallelization or higher-granularity abstractions to raise the scalability of DTA. In this paper, we present a dynamic taint analysis framework podft that defines and enforces different fast paths to improve the efficiency of DBI-based dynamic taint analysis. podft uses a value-set analysis (VSA) to differentiate the instructions that must not be tainted from those potentially tainted. Combining the VSA-based analysis results with proper library function abstractions, we develop taint tracking policies for fast and slow paths and implement the tracking policy enforcement as a Pin-based taint tracker. The experimental results show that podft is more efficient than the state-of-the-art fast path-based DTA approach and competitive with the static binary rewriting approach. podft has a high potential to integrate basic block-level deep neural networks to simplify fast path enforcement and raise tracking efficiency.","PeriodicalId":411073,"journal":{"name":"Proceedings 2023 Workshop on Binary Analysis Research","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122728714","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Understanding MPU Usage in Microcontroller-based Systems in the Wild 了解基于微控制器的系统中MPU的使用情况
Proceedings 2023 Workshop on Binary Analysis Research Pub Date : 1900-01-01 DOI: 10.14722/bar.2023.23007
Wei Zhou, Zhou Jiang, Le Guan
{"title":"Understanding MPU Usage in Microcontroller-based Systems in the Wild","authors":"Wei Zhou, Zhou Jiang, Le Guan","doi":"10.14722/bar.2023.23007","DOIUrl":"https://doi.org/10.14722/bar.2023.23007","url":null,"abstract":"—As more and more microcontroller-based embedded devices are connected to the Internet, as part of the Internet-of-Things (IoT), previously less tested (and insecure) devices are exposed to miscreants. To prevent them from being compromised, the memory protection unit (MPU), which is readily available on many of these devices, has the potential to play an important role in enforcing defense mechanisms. In this work, we comprehensively studied the MPU adoption in top operating systems for microcontrollers. Specifically, we investigate whether MPU is supported, how it is used, and whether the claimed security requirement has been effectively achieved by using it. We conclude that due to the added complexities, incompatibility, and fragmented programming interface, MPUs have not received wide adoption in real products. Moreover, although the MPU was developed for security purposes, it rarely fulfills its designed functionality and can be easily circumvented in many settings. We showcase concrete attacks to FreeRTOS and RIoT in this regard. Finally, we discussed fundamental causes to explain this situation. We hope our findings can inspire research on novel usage of MPU in microcontrollers.","PeriodicalId":411073,"journal":{"name":"Proceedings 2023 Workshop on Binary Analysis Research","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115378492","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
FCGAT: Interpretable Malware Classification Method using Function Call Graph and Attention Mechanism 基于函数调用图和注意机制的可解释恶意软件分类方法
Proceedings 2023 Workshop on Binary Analysis Research Pub Date : 1900-01-01 DOI: 10.14722/bar.2023.23005
Minami Someya, Yuhei Otsubo, Akira Otsuka
{"title":"FCGAT: Interpretable Malware Classification Method using Function Call Graph and Attention Mechanism","authors":"Minami Someya, Yuhei Otsubo, Akira Otsuka","doi":"10.14722/bar.2023.23005","DOIUrl":"https://doi.org/10.14722/bar.2023.23005","url":null,"abstract":"—Malware classification facilitates static analysis, which is manually intensive but necessary work to understand the inner workings of unknown malware. Machine learning based approaches have been actively studied and have great potential. However, their drawback is that their models are considered black boxes and are challenging to explain their classification results and thus cannot provide patterns specific to malware. To address this problem, we propose FCGAT, the first malware classification method that provides interpretable classification reasons based on program functions. FCGAT applies natural language processing techniques to create function features and updates them to reflect the calling relationships between functions. Then, it applies attention mechanism to create malware feature by emphasizing the functions that are important for classification with attention weights. FCGAT provides an importance ranking of functions based on attention weights as an explanation. We evaluate the performance of FCGAT on two datasets. The results show that the F1-Scores are 98.15% and 98.18%, which are competitive with the cutting-edge methods. Furthermore, we examine how much the functions emphasized by FCGAT contribute to the classification. Surprisingly, our result show that only top 6 (average per sample) highly-weighted functions yield as much as 70% accuracy. We also show that these functions reflect the characteristics of malware by analyzing them. FCGAT can provide analysts with reliable explanations using a small number of functions. These explanations could bring various benefits, such as improved efficiency in malware analysis and comprehensive malware trend analysis.","PeriodicalId":411073,"journal":{"name":"Proceedings 2023 Workshop on Binary Analysis Research","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129805325","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Blaze: A Framework for Interprocedural Binary Analysis 程序间二进制分析的框架
Proceedings 2023 Workshop on Binary Analysis Research Pub Date : 1900-01-01 DOI: 10.14722/bar.2023.23009
Matthew Revelle, Matt Parker, Kevin Orr
{"title":"Blaze: A Framework for Interprocedural Binary Analysis","authors":"Matthew Revelle, Matt Parker, Kevin Orr","doi":"10.14722/bar.2023.23009","DOIUrl":"https://doi.org/10.14722/bar.2023.23009","url":null,"abstract":"—Blaze is an open-source binary analysis framework that supports the construction and manipulation of interprocedural control-flow graphs (ICFGs) and type checking on a lifted representation of program binaries. All analyses in Blaze are implemented in terms of a typed intermediate language—Path Intermediate Language (PIL). Blaze includes a unification-based type checker for PIL which is used to support the generation of SMT formulas and type inference. Blaze has been used to develop tools for reverse engineering and vulnerability discovery and provides a foundation for exploring the use of type systems and higher-level abstractions in the analysis of program binaries. This paper provides an overview of Blaze’s implementation, capabilities, and applications.","PeriodicalId":411073,"journal":{"name":"Proceedings 2023 Workshop on Binary Analysis Research","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128821419","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信