Abstract
Dynamic binary analysis has demonstrated its strength in solving a wide-spectrum of computer security problems, especially malware analysis. An extensible platform for dynamic binary analysis provides a foundation for solving these problems. To enable a variety of applications, we explore a unique design space. We aim to provide a whole-system view, take an external approach, facilitate fine-grained instrumentation, and have sufficient efficiency. These design goals bring about a new architecture, namely whole-system out-of-the-box fine-grained dynamic binary analysis. To further facilitate fine-grained dynamic binary analysis, we propose layered annotative execution as a core technique, which incorporates shadow flag analysis, taint analysis, and symbolic execution. We have implemented this new architecture and the core technique in an analysis platform called TEMU. Because of its extensibility and versatility, TEMU serves as the foundation for numerous malware analysis techniques.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP’03, pp. 164–177 (2003)
Bellard, F.: QEMU, a fast and portable dynamic translator. In: USENIX 2005 Annual Technical Conference, FREENIX Track, pp. 41–46 (2005)
Bhansali, S., Chen, W.K., de Jong, S., Edwards, A., Murray, R., Drinić, M., Mihočka, D., Chau, J.: Framework for instruction-level tracing and analysis of program executions. In: Proceedings of the 2nd International Conference on Virtual Execution Environments (VEE’06), pp. 154–163 (2006)
Bruening, D., Garnett, T., Amarasinghe, S.: An infrastructure for adaptive dynamic optimization. In: International Symposium on Code Generation and Optimization (CGO’03) (2003)
Bungale, P.P., Luk, C.K.: PinOS: A programmable framework for whole-system dynamic instrumentation. In: Proceedings of the 3rd international conference on Virtual Execution Environments (VEE’07), pp. 137–147 (2007)
Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding data lifetime via whole system simulation. In: Proceedings of the 13th USENIX Security Symposium (Security’03) (2004)
Clause, J., Li, W., Orso, A.: Dytan: a generic dynamic taint analysis framework. In: Proceedings of the 2007 international symposium on Software testing and analysis (ISSTA’07), pp. 196–206 (2007)
Crandall, J.R., Chong, F.T.: Minos: Control data attack prevention orthogonal to memory model. In: Proceedings of the 37th International Symposium on Microarchitecture (MICRO’04) (2004)
Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: malware analysis via hardware virtualization extensions. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 51–62 (2008)
Ferrie, P.: Attacks on virtual machine emulators. Symantec Security Response (2006)
Ganesh, V.: STP: A decision procedure for bitvectors and arrays. http://theory.stanford.edu/~vganesh/stp.html (2007)
Ganesh, V., Dill, D.L.: A decision procedure for bit-vectors and arrays. In: W. Damm, H. Hermanns (eds.) Computer Aided Verification (CAV ’07), Lecture Notes in Computer Science, vol. 4590, pp. 524–536. Springer-Verlag, Berlin, Germany (2007)
Luk, C.K., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V.J., Hazelwood, K.: Pin: Building customized program analysis tools with dynamic instrumentation. In: Proc. of 2005 Programming Language Design and Implementation (PLDI) conference (2005)
Martignoni, L., Paleari, R., Roglia, G.F., Bruschi, D.: Testing cpu emulators. In: Proceedings of the 18th International Symposium on Software Testing and Analysis (ISSTA’09), pp. 261–272 (2009)
Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy(Oakland’07) (2007)
Nethercote, N., Seward, J.: How to shadow every byte of memory used by a program. In: Proceedings of the 3rd international conference on Virtual Execution Environments (VEE ’07), pp. 65–74 (2007)
Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. In: PLDI, pp. 89–100 (2007)
Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS) (2005)
Raffetseder, T., Krügel, C., Kirda, E.: Detecting system emulators. In: Information Security, 10th International Conference, ISC 2007, pp. 1–18 (2007)
Scott, K., Kumar, N., Velusamy, S., Childers, B., Davidson, J.W., Soffa, M.L.: Retargetable and reconfigurable software dynamic translation. In: Proceedings of the international symposium on Code generation and optimization (CGO’03), pp. 36–47. Washington, DC, USA (2003)
Suh, G.E., Lee, J.W., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. In: Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’04) (2004)
Vasudevan, A., Yerraballi, R.: Cobra: Fine-grained malware analysis using stealth localized-executions. In: SP ’06: Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P’06), pp. 264–279. IEEE Computer Society, Washington, DC, USA (2006). DOI http://dx.doi.org/10.1109/SP.2006.9
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2013 The Author(s)
About this chapter
Cite this chapter
Yin, H., Song, D. (2013). Dynamic Binary Analysis Platform. In: Automatic Malware Analysis. SpringerBriefs in Computer Science. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-5523-3_2
Download citation
DOI: https://doi.org/10.1007/978-1-4614-5523-3_2
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-5522-6
Online ISBN: 978-1-4614-5523-3
eBook Packages: Computer ScienceComputer Science (R0)