Deterministic Replay of System's Execution with Multi-target QEMU Simulator for Dynamic Analysis and Reverse Debugging

Dovgalyuk, Pavel

doi:10.1109/csmr.2012.74

Cited by 21 publications

(6 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Базовая часть ELF -эмулятор QEMU. В текущей версии ELF для фаззинга и символьных вычислений поддерживаются две версии QEMU: 1) специализированная версия QEMU ИСП РАН [4], в которую внесены изменения для поддержки фаззинга (patchTCG) и 2) эмулятор на базе QEMU 3.0 из проекта S2E [5,6]  набор тестов для ряда известных уязвимостей;  тест для штатного HTTP-сервера IoT-устройства. Функционал анализируемого консольного приложения -отображение текущей версии устройства при запуске с параметром «-v».…”

Section: драйверы фаззинга + Guesttoolss2eunclassified

ELF dynamic analysis tool for IoT systems with symbolic execution

Kovalenko¹,

Makarov²

2022

Proceedings of ISP RAS

View full text Add to dashboard Cite

As a result of background work on analysis in embedded Linux OS, the authors created the ELF (embedded linux fuzzing) tool that provides functionality for use in conventional dynamic analysis tools working with IoT devices. The article discusses the use of full-system symbolic execution for the analysis of IoT systems based on Linux kernels, describes how to integrate S2E full-system symbolic execution frameworks into the ELF tool environment, as well as the possibility of applicability of the resulting toolchain to the implementation of distributed hybrid IoT fuzzing.

show abstract

Section: драйверы фаззинга + Guesttoolss2eunclassified

ELF dynamic analysis tool for IoT systems with symbolic execution

Kovalenko¹,

Makarov²

2022

Proceedings of ISP RAS

View full text Add to dashboard Cite

show abstract

“…Natch представляет собой набор плагинов [6] для Qemu, которые инструментируют выполняемый код и этим замедляют работу эмулятора. В связи с этим, анализ предлагается проводить с использованием детерминированного воспроизведения [7]. Это минимизирует воздействие средств анализа на изучаемую программу.…”

Section: общая схема работы Natchunclassified

Natch: using virtual machine introspection and taint analysis for detection attack surface of the software

Dovgalyuk¹,

Климушенкова²,

Fursova³

et al. 2022

Proceedings of ISP RAS

View full text Add to dashboard Cite

Natch is a tool that provides a convenient way of obtaining an attack surface. By attack surface we mean a list of executable files, dynamic libraries and functions that are responsible for input data processing (such as: files, network packets) during task execution. Functions that end up in the attack surface are possible sources of software vulnerabilities, so they should be given an increased attention during an analysis. At the heart of the Natch tool lay improved methods of tainted data tracking and virtual machines introspection. Natch is built on the basis of the full-system QEMU emulator, so it allows you to analyze any system components, including even the OS kernel and system drivers. The collected attack surface data is visualized by SNatch, which is tool for data post-processing and GUI implementation. SNatch comes with Natch tool by default. Attack surface obtaining can be built into CI/CD for integrational and system testing. A refined attack surface will increase the effectiveness of functional testing and fuzzing in the life cycle of secure software.

show abstract

“…The full-system simulator Simics supports reverse-execution debugging via deterministic reexecution [23]. There have been efforts to add some record-and-replay support to QEMU [18,19,40] and Xen [21,13]. Whole-system recordand-replay can be useful, but it is often inconvenient to hoist the application into a virtual machine.…”

Section: Whole-system Replaymentioning

confidence: 99%

Engineering Record And Replay For Deployability: Extended Technical Report

O'Callahan,

Jones,

Froyd

et al. 2017

Preprint

View full text Add to dashboard Cite

The ability to record and replay program executions with low overhead enables many applications, such as reverse-execution debugging, debugging of hard-toreproduce test failures, and "black box" forensic analysis of failures in deployed systems. Existing record-andreplay approaches limit deployability by recording an entire virtual machine (heavyweight), modifying the OS kernel (adding deployment and maintenance costs), requiring pervasive code instrumentation (imposing significant performance and complexity overhead), or modifying compilers and runtime systems (limiting generality). We investigated whether it is possible to build a practical record-and-replay system avoiding all these issues. The answer turns out to be yes -if the CPU and operating system meet certain non-obvious constraints. Fortunately modern Intel CPUs, Linux kernels and user-space frameworks do meet these constraints, although this has only become true recently. With some novel optimizations, our system RR records and replays real-world lowparallelism workloads with low overhead, with an entirely user-space implementation, using stock hardware, compilers, runtimes and operating systems. RR forms the basis of an open-source reverse-execution debugger seeing significant use in practice. We present the design and implementation of RR, describe its performance on a variety of workloads, and identify constraints on hardware and operating system design required to support our approach. * Majority of work carried out while supported by Mozilla Research.

show abstract

Deterministic Replay of System's Execution with Multi-target QEMU Simulator for Dynamic Analysis and Reverse Debugging

Cited by 21 publications

References 5 publications

ELF dynamic analysis tool for IoT systems with symbolic execution

ELF dynamic analysis tool for IoT systems with symbolic execution

Natch: using virtual machine introspection and taint analysis for detection attack surface of the software

Engineering Record And Replay For Deployability: Extended Technical Report

Contact Info

Product

Resources

About