Cyberspace Safety and Security pp 450-457 | Cite as
An Out-of-the-Box Dynamic Binary Analysis Tool for ARM-Based Linux
Abstract
Dynamic binary analysis has demonstrated its strength in solving a wide-spectrum of computer security problems. However, existing DBA tools don’t support ARM-based OS. The latest version of Valgrind can support ARM executable, but it can’t perform the whole-system analysis. The other DBA/DBI frameworks, such as TEMU, PIN and DynamoRIO, do not support ARM architecture. This paper presents a dynamic analysis tool that can extract the whole- system view and analyze the behaviors in ARM-based OS in a whole-system out-of-the-box way. An exploitation analysis module is given to demonstrate how to develop an application module based on this DBA tools. The application example shows this DBA tool has the features of good feasibility and scalability.
Keywords
Dynamic Binary Analysis ARM Embedded OS Exploitation AnalysisPreview
Unable to display preview. Download preview PDF.
References
- 1.Avraham, (Zuk) I.: Non-Executable Stack ARM Exploitation Research Paper. Blackhat (2011)Google Scholar
- 2.Ridley, S.A.: ARM exploitation and Hardware Hacking convergence memoirs. NoSuchCon 2013, Paris (2013)Google Scholar
- 3.Luk, C.-K., et al.: Pin: building customized program analysis tools with dynamic instrumentation. ACM Sigplan Notices 40(6) (2005)Google Scholar
- 4.Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. ACM Sigplan Notices 42(6), 89–100 (2007)CrossRefGoogle Scholar
- 5.Yin, H., Song, D.: Temu: Binary code analysis via whole-system layered annotative execution. Submitted to VEE 10 (2010)Google Scholar
- 6.DynamoRIO: Dynamic Instrumentation Tool Platform, http://dynamorio.org/
- 7.Bellard, F.: QEMU, A Fast and Portable Dynamic Translator. In: USENIX Annual Technical Conference, FREENIX Track (2005)Google Scholar
- 8.Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: NDSS (2003)Google Scholar
- 9.Liu, L., et al.: Exploitation and threat analysis of open mobile devices. In: Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems. ACM (2009)Google Scholar
- 10.Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android. In: SecureComm 2013 (in press, September 2013)Google Scholar
- 11.Yan, L.K., Yin, H.: Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX Security Symposium (2012)Google Scholar
- 12.Felt, A.P., et al.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, ACM (2011)Google Scholar
- 13.Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium, NDSS 2005 (2005)Google Scholar
- 14.Chen, S., et al.: Defeating memory corruption attacks via pointer taintedness detection. In: Proceedings of the International Conference on Dependable Systems and Networks, DSN 2005. IEEE (2005)Google Scholar
- 15.Yin, H., Song, D., Manuel, E., Kruegel, C., Kirda, E.: Panorama: capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security. ACM (2007)Google Scholar
- 16.Zhang, M., Prakash, A., Li, X., Liang, Z., Yin, H.: Identifying and analyzing pointer misuses for sophisticated memory-corruption exploit diagnosis. In: Proceedings of 19th Annual Network & Distributed System Security Symposium (2012)Google Scholar
- 17.Prakash, A., Yin, H., Liang, Z.: Enforcing system-wide control flow integrity for exploit detection and diagnosis. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. ACM (2013)Google Scholar