Skip to main content
SpringerLink
Log in
Book cover

Automatic Malware Analysis pp 5–16Cite as

Dynamic Binary Analysis Platform

  • Chapter
  • First Online:

Part of the book series: SpringerBriefs in Computer Science ((BRIEFSCOMPUTER))

Abstract

Dynamic binary analysis has demonstrated its strength in solving a wide-spectrum of computer security problems, especially malware analysis. An extensible platform for dynamic binary analysis provides a foundation for solving these problems. To enable a variety of applications, we explore a unique design space. We aim to provide a whole-system view, take an external approach, facilitate fine-grained instrumentation, and have sufficient efficiency. These design goals bring about a new architecture, namely whole-system out-of-the-box fine-grained dynamic binary analysis. To further facilitate fine-grained dynamic binary analysis, we propose layered annotative execution as a core technique, which incorporates shadow flag analysis, taint analysis, and symbolic execution. We have implemented this new architecture and the core technique in an analysis platform called TEMU. Because of its extensibility and versatility, TEMU serves as the foundation for numerous malware analysis techniques.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP’03, pp. 164–177 (2003)

    Google Scholar 

  2. Bellard, F.: QEMU, a fast and portable dynamic translator. In: USENIX 2005 Annual Technical Conference, FREENIX Track, pp. 41–46 (2005)

    Google Scholar 

  3. Bhansali, S., Chen, W.K., de Jong, S., Edwards, A., Murray, R., Drinić, M., Mihočka, D., Chau, J.: Framework for instruction-level tracing and analysis of program executions. In: Proceedings of the 2nd International Conference on Virtual Execution Environments (VEE’06), pp. 154–163 (2006)

    Google Scholar 

  4. Bruening, D., Garnett, T., Amarasinghe, S.: An infrastructure for adaptive dynamic optimization. In: International Symposium on Code Generation and Optimization (CGO’03) (2003)

    Google Scholar 

  5. Bungale, P.P., Luk, C.K.: PinOS: A programmable framework for whole-system dynamic instrumentation. In: Proceedings of the 3rd international conference on Virtual Execution Environments (VEE’07), pp. 137–147 (2007)

    Google Scholar 

  6. Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding data lifetime via whole system simulation. In: Proceedings of the 13th USENIX Security Symposium (Security’03) (2004)

    Google Scholar 

  7. Clause, J., Li, W., Orso, A.: Dytan: a generic dynamic taint analysis framework. In: Proceedings of the 2007 international symposium on Software testing and analysis (ISSTA’07), pp. 196–206 (2007)

    Google Scholar 

  8. Crandall, J.R., Chong, F.T.: Minos: Control data attack prevention orthogonal to memory model. In: Proceedings of the 37th International Symposium on Microarchitecture (MICRO’04) (2004)

    Google Scholar 

  9. Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: malware analysis via hardware virtualization extensions. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 51–62 (2008)

    Google Scholar 

  10. Ferrie, P.: Attacks on virtual machine emulators. Symantec Security Response (2006)

    Google Scholar 

  11. Ganesh, V.: STP: A decision procedure for bitvectors and arrays. http://theory.stanford.edu/~vganesh/stp.html (2007)

  12. Ganesh, V., Dill, D.L.: A decision procedure for bit-vectors and arrays. In: W. Damm, H. Hermanns (eds.) Computer Aided Verification (CAV ’07), Lecture Notes in Computer Science, vol. 4590, pp. 524–536. Springer-Verlag, Berlin, Germany (2007)

    Google Scholar 

  13. Luk, C.K., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V.J., Hazelwood, K.: Pin: Building customized program analysis tools with dynamic instrumentation. In: Proc. of 2005 Programming Language Design and Implementation (PLDI) conference (2005)

    Google Scholar 

  14. Martignoni, L., Paleari, R., Roglia, G.F., Bruschi, D.: Testing cpu emulators. In: Proceedings of the 18th International Symposium on Software Testing and Analysis (ISSTA’09), pp. 261–272 (2009)

    Google Scholar 

  15. Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy(Oakland’07) (2007)

    Google Scholar 

  16. Nethercote, N., Seward, J.: How to shadow every byte of memory used by a program. In: Proceedings of the 3rd international conference on Virtual Execution Environments (VEE ’07), pp. 65–74 (2007)

    Google Scholar 

  17. Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. In: PLDI, pp. 89–100 (2007)

    Google Scholar 

  18. Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS) (2005)

    Google Scholar 

  19. Raffetseder, T., Krügel, C., Kirda, E.: Detecting system emulators. In: Information Security, 10th International Conference, ISC 2007, pp. 1–18 (2007)

    Google Scholar 

  20. Scott, K., Kumar, N., Velusamy, S., Childers, B., Davidson, J.W., Soffa, M.L.: Retargetable and reconfigurable software dynamic translation. In: Proceedings of the international symposium on Code generation and optimization (CGO’03), pp. 36–47. Washington, DC, USA (2003)

    Google Scholar 

  21. Suh, G.E., Lee, J.W., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. In: Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’04) (2004)

    Google Scholar 

  22. Vasudevan, A., Yerraballi, R.: Cobra: Fine-grained malware analysis using stealth localized-executions. In: SP ’06: Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P’06), pp. 264–279. IEEE Computer Society, Washington, DC, USA (2006). DOI http://dx.doi.org/10.1109/SP.2006.9

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical Engineering and Computer Science, Syracuse University, Syracuse, NY, USA

    Heng Yin

  2. Computer Science Division, University of California, Berkeley, Berkeley, CA, USA

    Dawn Song

Authors
  1. Heng Yin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dawn Song
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2013 The Author(s)

About this chapter

Cite this chapter

Yin, H., Song, D. (2013). Dynamic Binary Analysis Platform. In: Automatic Malware Analysis. SpringerBriefs in Computer Science. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-5523-3_2

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-5523-3_2

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-5522-6

  • Online ISBN: 978-1-4614-5523-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation