OFFDTAN: A New Approach of Offline Dynamic Taint Analysis for Binaries

Wang, Xiajing; Ma, Rui; Dou, Bowen; Jian, Zefeng; Chen, Hongzhou

doi:10.1155/2018/7693861

Cited by 3 publications

(2 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…On the basis of decoupling techniques, it constructs the straight-line instructions by the lightweight instrumentation and accelerates the symbolic analysis by multiple worker threads. After that, the similar offline scheme StraightTaint is also proposed [26], and Wang et al also proposed another offline analysis method [27]. Recently, Banerjee et al proposed the new analysis tool Iodine [28], which can avoid the frequent rollbacks in the optimistic dynamic analysis.…”

Section: Related Workmentioning

confidence: 99%

“…(11) Check and mark the loops in the traversed nodes. (12) end (13) else (14) Disassemble and parse block (15) while Get instruction ins from block successfully do (16) if ins is a system call instruction or has memory operations then (17) Mark block as abort (18) break (19) else if ins is a direct unconditional jump instruction then (20) Construct the node of target block, and push it to stack_dfs (21) break (22) else if ins is a conditional branch instruction then (23) Construct all successor nodes of block, and push them to stack_dfs (24) break (25) else if ins is an indirect branch instruction or other transfers then (26) Mark block as pending, and save the traversed nodes and execution paths (27) break (28) else if ins is the end_ins then (29) Mark block as the end (30) break (31) else (32) Save the parse result to block en we still need to reexecute part of the instructions in the paths to obtain the real execution path. For two possible…”

Section: Intercepting All Memory Reads and Writesmentioning

confidence: 99%

See 1 more Smart Citation

BAHK: Flexible Automated Binary Analysis Method with the Assistance of Hardware and System Kernel

Pan

Zhuang

Sun

2020

Security and Communication Networks

View full text Add to dashboard Cite

To protect core functions, applications often utilize the countermeasure techniques such as antidebugging to avoid analysis by outsiders, especially the malware. Dynamic binary instrumentation is commonly used in the analysis of binary programs. However, it can be easily detected and has stability and applicability problems as it involves program rewriting and just-in-time compilation. This paper proposes a new lightweight analysis method for binary programs with the assistance of hardware features and the operating system kernel, named BAHK, which can automatically analyze the target program by stealth and has wide applicability. With the support of underlying infrastructures, this paper designs several optimization strategies and specific analysis approaches at instruction level to reduce the impact of fine-grained analysis on the performance of target program so that it can be well applied in practice. The experimental results show that the proposed method has good stealthiness, low memory consumption, and positive user experience. In some cases, it shows better analysis performance than the traditional dynamic binary instrumentation method. Finally, the real case studies further show its feasibility and effectiveness.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Intercepting All Memory Reads and Writesmentioning

confidence: 99%

BAHK: Flexible Automated Binary Analysis Method with the Assistance of Hardware and System Kernel

Pan

Zhuang

Sun

2020

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

Model of Execution Trace Obfuscation Between Threads

Sha¹,

Shu²,

Xiong³

et al. 2022

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Challenges in Firmware Re-Hosting, Emulation, and Analysis

et al. 2021

View full text Add to dashboard Cite

System emulation and firmware re-hosting have become popular techniques to answer various security and performance related questions, such as determining whether a firmware contain security vulnerabilities or meet timing requirements when run on a specific hardware platform. While this motivation for emulation and binary analysis has previously been explored and reported, starting to either work or research in the field is difficult. To this end, we provide a comprehensive guide for the practitioner or system emulation researcher. We layout common challenges faced during firmware re-hosting, explaining successive steps and surveying common tools used to overcome these challenges. We provide classification techniques on five different axes, including emulator methods, system type, fidelity, emulator purpose, and control. These classifications and comparison criteria enable the practitioner to determine the appropriate tool for emulation. We use our classifications to categorize popular works in the field and present 28 common challenges faced when creating, emulating, and analyzing a system from obtaining firmwares to post emulation analysis.

show abstract

OFFDTAN: A New Approach of Offline Dynamic Taint Analysis for Binaries

Cited by 3 publications

References 10 publications

BAHK: Flexible Automated Binary Analysis Method with the Assistance of Hardware and System Kernel

BAHK: Flexible Automated Binary Analysis Method with the Assistance of Hardware and System Kernel

Model of Execution Trace Obfuscation Between Threads

Challenges in Firmware Re-Hosting, Emulation, and Analysis

Contact Info

Product

Resources

About