scholarly journals DrPin: A dynamic binary instumentator for multiple processor architectures

2020 ◽  
Author(s):  
Luis Fernando Antonioli ◽  
Ricardo Pannain ◽  
Rodolfo Azevedo
Keyword(s):  
Dynamic Analysis ◽  
Static Analysis ◽  
Binary Code ◽  
Binary Analysis ◽  
Linux Kernel ◽  
Processor Architectures ◽  
Backward Compatibility ◽  
Analysis Tools ◽  
Multiple Processor ◽  
Dynamic Binary Analysis

Modern applications rely heavily on dynamically loaded shared libraries, making static analysis tools used to debug and understand applications no longer sufficient. As a consequence, dynamic analysis tools are being adopted and integrated into the development and study of modern applications. Building tools that manipulate and instrument binary code at runtime is difficult and error-prone. Because of that, Dynamic Binary Instrumentation (DBI) frameworks have become increasingly popular. Those frameworks provide means of building dynamic binary analysis tools with low effort. Among them, Pin 2 has been by far the most popular and easy to use one. However, since the release of the Linux Kernel 4 series, it became unsupported, and Pin 3 broke backward compatibility. In this work we focus on studying the challenges faced when building a new DBI (DrPin) that seeks to be compatible with Pin 2 API, without the restrictions of Pin 3, that also runs multiple architectures (x86-64, x86, Arm, Aarch64), and on modern Linux systems.

scholarly journals Hypervisor-assisted dynamic malware analysis

Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Roee S. Leon ◽  
Michael Kiperberg ◽  
Anat Anatey Leon Zabag ◽  
Nezer Jacob Zaidenberg
Keyword(s):  
Dynamic Analysis ◽  
Static Analysis ◽  
Cyber Security ◽  
Malware Analysis ◽  
Analysis Tools ◽  
Significant Performance

AbstractMalware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.

scholarly journals Static Analysis: An Introduction

Queue ◽  
2021 ◽  
Vol 19 (4) ◽  
pp. 29-41
Author(s):  
Patrick Thomson
Keyword(s):  
Computer Science ◽  
Static Analysis ◽  
Source Code ◽  
Theory And Practice ◽  
Analysis Tool ◽  
Linux Kernel ◽  
Analysis Tools ◽  
The Future ◽  
Static Analysis Tool

Modern static-analysis tools provide powerful and specific insights into codebases. The Linux kernel team, for example, developed Coccinelle, a powerful tool for searching, analyzing, and rewriting C source code; because the Linux kernel contains more than 27 million lines of code, a static-analysis tool is essential both for finding bugs and for making automated changes across its many libraries and modules. Another tool targeted at the C family of languages is Clang scan-build, which comes with many useful analyses and provides an API for programmers to write their own analyses. Like so many things in computer science, the utility of static analysis is self-referential: To write reliable programs, we must also write programs for our programs. But this is no paradox. Static-analysis tools, complex though their theory and practice may be, are what will enable us, and engineers of the future, to overcome this challenge and yield the knowledge and insights that we practitioners deserve.

Static analysis tools for security checking in code at Motorola

2008 ◽  
Vol XXVIII (1) ◽  
pp. 76-82 ◽  
Author(s):  
R Krishnan ◽  
Margaret Nadworny ◽  
Nishil Bharill
Keyword(s):  
Static Analysis ◽  
Analysis Tools

An empirical study on combining diverse static analysis tools for web security vulnerabilities based on development scenarios

Computing ◽  
2018 ◽  
Vol 101 (2) ◽  
pp. 161-185 ◽  
Author(s):  
Paulo Nunes ◽  
Ibéria Medeiros ◽  
José Fonseca ◽  
Nuno Neves ◽  
Miguel Correia ◽  
...  
Keyword(s):  
Empirical Study ◽  
Static Analysis ◽  
Web Security ◽  
Security Vulnerabilities ◽  
Development Scenarios ◽  
Analysis Tools

scholarly journals Investigation of Data Dependencies by Dynamic Analysis of Sapfor

2020 ◽  
Vol 23 (3) ◽  
pp. 473-493
Author(s):  
Nikita Andreevich Kataev ◽  
Alexander Andreevich Smirnov ◽  
Andrey Dmitrievich Zhukov
Keyword(s):  
Dynamic Analysis ◽  
Programming Languages ◽  
Static Analysis ◽  
Automatic Parallelization ◽  
Parallel Execution ◽  
Control Flow ◽  
Analysis Tool ◽  
Data Dependencies ◽  
Program Parallelization ◽  
Memory Accesses

The use of pointers and indirect memory accesses in the program, as well as the complex control flow are some of the main weaknesses of the static analysis of programs. The program properties investigated by this analysis are too conservative to accurately describe program behavior and hence they prevent parallel execution of the program. The application of dynamic analysis allows us to expand the capabilities of semi-automatic parallelization. In the SAPFOR system (System FOR Automated Parallelization), a dynamic analysis tool has been implemented, based on on the instrumentation of the LLVM representation of an analyzed program, which allows the system to explore programs in both C and Fortran programming languages. The capabilities of the static analysis implemented in SAPFOR are used to reduce the overhead program execution, while maintaining the completeness of the analysis. The use of static analysis allows to reduce the number of analyzed memory accesses and to ignore scalar variables, which can be explored in a static way. The developed tool was tested on performance tests from the NAS Parallel Benchmarks package for C and Fortran languages. The implementation of dynamic analysis, in addition to traditional types of data dependencies (flow, anit, output), allows us to determine privitizable variables and a possibility of pipeline execution of loops. Together with the capabilities of DVM and OpenMP these greatly facilitates program parallelization and simplify insertion of the appropriate compiler directives.

Sign in / Sign up

Export Citation Format

Share Document