Repeatable Reverse Engineering for the Greater Good with PANDA

Dolan-Gavitt, Brendan; Hodosh, Josh; Hulin, Patrick; Leek, Tim; Whelan, Ryan

doi:10.7916/d8wm1c1p

Cited by 3 publications

(2 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…PANDA (Dolan-Gavitt et al 2014 is an open source framework for full-system analysis based on execution record and replay. It is based on the QEMU emulator (Bellard 2005).…”

Section: The Panda Analysis Frameworkmentioning

confidence: 99%

“…Toward this end, we first focus on the cost of recording an execution trace, as this is the primary limiting factor in whether the technique is applicable. Previous work (Dolan-Gavitt et al 2014 already provides some ad hoc figures on the expected recording performance of PANDA. However, these figures are not easy to reuse, because they are not associated with a specific workload.…”

Section: Recording Performance Evaluationmentioning

confidence: 99%

See 1 more Smart Citation

PROV _2R

Stamatogiannakis

Αθανασόπουλος

Bos

et al. 2017

ACM Trans. Internet Technol.

View full text Add to dashboard Cite

Information produced by Internet applications is inherently a result of processes that are executed locally. Think of a web server that makes use of a CGI script, or a content management system where a post was first edited using a word processor. Given the impact of these processes to the content published online, a consumer of that information may want to understand what those impacts were. For example, understanding from where text was copied and pasted to make a post, or if the CGI script was updated with the latest security patches, may all influence the confidence on the published content. Capturing and exposing this information provenance is thus important to ascertaining trust to online content. Furthermore, providers of internet applications may wish to have access to the same information for debugging or audit purposes. For processes following a rigid structure (such as databases or workflows), disclosed provenance systems have been developed that efficiently and accurately capture the provenance of the produced data. However, accurately capturing provenance from unstructured processes, for example, user-interactive computing used to produce web content, remains a problem to be tackled. In this article, we address the problem of capturing and exposing provenance from unstructured processes. Our approach, called PROV 2R ( PROV enance R ecord and R eplay) is composed of two parts: (a) the decoupling of provenance analysis from its capture; and (b) the capture of high-fidelity provenance from unmodified programs. We use techniques originating in the security and reverse engineering communities, namely, record and replay and taint tracking . Taint tracking fundamentally addresses the data provenance problem but is impractical to apply at runtime due to extremely high overhead. With a number of case studies, we demonstrate that PROV 2R enables the use of taint analysis for high-fidelity provenance capture, while keeping the runtime overhead at manageable levels. In addition, we show how captured information can be represented using the W3C PROV provenance model for exposure on the Web.

show abstract

“…PANDA (Dolan-Gavitt et al 2014 is an open source framework for full-system analysis based on execution record and replay. It is based on the QEMU emulator (Bellard 2005).…”

Section: The Panda Analysis Frameworkmentioning

confidence: 99%

Section: Recording Performance Evaluationmentioning

confidence: 99%

PROV _2R

Stamatogiannakis

Αθανασόπουλος

Bos

et al. 2017

ACM Trans. Internet Technol.

View full text Add to dashboard Cite

show abstract

FAROS: Illuminating In-memory Injection Attacks via Provenance-Based Whole-System Dynamic Information Flow Tracking

Arefi¹,

Alexander²,

Rokham³

et al. 2018

2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

View full text Add to dashboard Cite

PANDAcap

Stamatogiannakis

Bos

Groth

2020

Proceedings of the 13th European Workshop on Systems Security

View full text Add to dashboard Cite

and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights.• Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal ? Take down policyIf you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim.

show abstract

Repeatable Reverse Engineering for the Greater Good with PANDA

Cited by 3 publications

References 10 publications

PROV _2R

PROV _2R

FAROS: Illuminating In-memory Injection Attacks via Provenance-Based Whole-System Dynamic Information Flow Tracking

PANDAcap

Contact Info

Product

Resources

About