BitBlaze: A New Approach to Computer Security via Binary Analysis

Song, Dawn; Brumley, David; Yin, Heng; Caballero, Juan; Jager, Ivan; Kang, Min Gyung; Liang, Zhenkai; Newsome, James; Poosankam, Pongsin; Saxena, Prateek

doi:10.1007/978-3-540-89862-7_1

Cited by 551 publications

(331 citation statements)

References 17 publications

Supporting

Mentioning

320

Contrasting

Unclassified

Order By: Relevance

“…For example, CodeSurfer [11] can perform program slicing to support a better understanding of the code behavior. BitBlaze [10] combines dynamic and static analysis components to extract information from malware. Other tools like Coverity [12], Path Finder [14] or CoreDet [13] rely either on C or Java language constructs and LLVM compilers [15] to transform the source code to their analysis format.…”

Section: Related Workmentioning

confidence: 99%

Intercept: Profiling Windows Network Device Drivers

Mendonça¹,

Neves²

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Device drivers account for a substantial part of the operating system (OS), since they implement the code that interfaces the components connected to a computer system. Unfortunately, in the large majority of cases, hardware vendors do not release their code, making the analysis of failures attributed to device drivers extremely difficult. Although several instrumentation tools exist, most of them are useless to study device drivers as they work at user level. This paper presents Intercept, a tool that profiles Windows Device Drivers (WDD) and logs the driver interactions with the OS core at function level. The tool helps to understand how a WDD works and can provide support for several activities, such as debugging, robustness testing, or reverse engineering. Experiments using Ethernet, Wi-Fi and Bluetooth device drivers show that Intercept is able to record function calls, parameters and return values, with small overheads even when the device driver under test is subject to a heavy workload.

show abstract

Section: Related Workmentioning

confidence: 99%

Intercept: Profiling Windows Network Device Drivers

Mendonça¹,

Neves²

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…To obtain a fully over-approximate CFG without additional preconditions, the missing two indirect branches could be covered using dynamic test generation [9,10,17]. Note that complete control flow reconstruction by dynamic test generation alone requires full branch coverage, therefore it would need to create at least 5 tests.…”

Section: Overviewmentioning

confidence: 99%

“…We recorded concrete execution traces on a single-processor 32-bit Windows XP guest system running in the BitBlaze [17] version of QEMU. As soon as the target process is started, all user-mode instructions (including libraries) are recorded to a file.…”

Section: Implementation and Setupmentioning

confidence: 99%

See 1 more Smart Citation

Alternating Control Flow Reconstruction

Kinder

Kravchenko

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Unresolved indirect branch instructions are a major obstacle for statically reconstructing a control flow graph (CFG) from machine code. If static analysis cannot compute a precise set of possible targets for a branch, the necessary conservative over-approximation introduces a large amount of spurious edges, leading to even more imprecision and a degenerate CFG. In this paper, we propose to leverage under-approximation to handle this problem. We provide an abstract interpretation framework for control flow reconstruction that alternates between over-and under-approximation. Effectively, the framework imposes additional preconditions on the program on demand, allowing to avoid conservative over-approximation of indirect branches. We give an example instantiation of our framework using dynamically observed execution traces and constant propagation. We report preliminary experimental results confirming that our alternating analysis yields CFGs closer to the concrete CFG than pure over-or under-approximation.

show abstract

“…BitBlaze [29] presents a novel fusion of static and dynamic taint analysis techniques to track implicit and explicit flow. DTA++ [20], based on the Bitblaze approach, presents an enhancement of dynamic taint analysis to limit the under-tainting problem.…”

Section: Related Workmentioning

confidence: 99%

Detecting Control Flow in Smarphones: Combining Static and Dynamic Analyses

Graa

Cuppens-Boulahia

Cuppens

et al. 2012

Cyberspace Safety and Security

View full text Add to dashboard Cite

Abstract. Security in embedded systems such as smartphones requires protection of confidential data and applications. Many of security mechanisms use dynamic taint analysis techniques for tracking information flow in software. But these techniques cannot detect control flows that use conditionals to implicitly transfer information from objects to other objects. In particular, malicious applications can bypass Android system and get privacy sensitive information through control flows. We propose an enhancement of dynamic taint analysis that propagates taint along control dependencies by using the static analysis in embedded system such as Google Android operating system. By using this new approach, it becomes possible to protect sensitive information and detect most types of software exploits without reporting too many false positives.

show abstract

BitBlaze: A New Approach to Computer Security via Binary Analysis

Cited by 551 publications

References 17 publications

Intercept: Profiling Windows Network Device Drivers

Intercept: Profiling Windows Network Device Drivers

Alternating Control Flow Reconstruction

Detecting Control Flow in Smarphones: Combining Static and Dynamic Analyses

Contact Info

Product

Resources

About