BIRD: Binary Interpretation using Runtime Disassembly
作者: S. Nanda , Wei Li , Lap-Chung Lam , Tzi-cker Chiueh
DOI: 10.1109/CGO.2006.6
关键词:
摘要: The majority of security vulnerabilities published in the literature is due to software bugs. Many researchers have developed program transformation and analysis techniques automatically detect or eliminate such vulnerabilities. So far, most them cannot be applied commercially distributed applications on Windows/x86 platform, because it almost impossible disassemble a binary file with 100% accuracy coverage that platform. This paper presents design, implementation, evaluation instrumentation infrastructure for platform called BIRD (binary interpretation using runtime disassembly), which provides two services developers security-enhancing tools: converting code into assembly language instructions further analysis, inserting at specific places given without affecting its execution semantics. Instead requiring high-fidelity instruction set architectural emulator, combines static disassembly an on-demand dynamic approach guarantee each analyzed transformed before executed. It takes 12 student months develop first prototype, can successfully work all Microsoft office suite as well Internet explorer IIS Web server, including DLLs they use. Moreover, additional throughput penalty prototype production server Apache, IIS, BIND uniformly below 4%.
acm.org
ieeecomputersociety.org
researchgate.net 参考文章(27)
Saumya Debray, Gregory Andrews, Matthew Legendre, Benjamin Schwarz, PLTO: A Link-Time Optimizer for the Intel IA-32 Architecture ,(2007)
Sandeep Phadke, Milind Borate, Prasad Dabak, Undocumented Windows NT ,(1999)
Mike Van Emmerik, David Ung, Doug Simon, Cristina Cifuentes, Trent Waddington, Preliminary experience with the use of the UQBT binary translation framework international conference on parallel architectures and compilation techniques. pp. 12- 22 ,(1999)
Nicholas Nethercote, Julian Seward, Valgrind: A Program Supervision Framework Electronic Notes in Theoretical Computer Science. ,vol. 89, pp. 44- 66 ,(2003) , 10.1016/S1571-0661(04)81042-9
Kevin Skadron, Jack Davidson, Kevin Scott, Low-overhead Software Dynamic Translation Low-overhead Software Dynamic Translation. ,(2001)
David W. Wall, Amitabh Srivastava, A Practical System for Intermodule Code Optimization at Link-Time ,(1999)
Tzi-cker Chiueh, Manish Prasad, A Binary Rewriting Defense Against Stack based Buffer Overflow Attacks. usenix annual technical conference. pp. 211- 224 ,(2003)
Fredrik Valeur, Christopher Kruegel, Giovanni Vigna, William Robertson, Static disassembly of obfuscated binaries usenix security symposium. pp. 18- 18 ,(2004)
Jack Davidson, Kevin Scott, Strata: A Software Dynamic Translation Infrastructure University of Virginia. ,(2001)
Perry Wagle, Jonathan Walpole, Calton Pu, Steve Beattie, Aaron Grier, Crispin Cowan, Heather Hintony, Qian Zhang, Peat Bakke, Dave Maier, StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks usenix security symposium. pp. 5- 5 ,(1998)