Collaborative Reversing of Input Formats and Program Data Structures for Security Applications
Reversing the syntactic structure of program inputs and data structures of binary executables plays a vital role for understand the program behaviors in software security applications.In this paper,we propose a collaborative reversing technique by capturing the mapping relationship between input fields and program data structures.The key insight is that program uses different data structures as references for different input fields,which could be a reliable pattern to reverse both input formats and program data structures.In details,we use a fine-grained dynamic taint analysis to monitor the propagation of inputs.Then we could collaboratively reverse input fields and program data structures by identify the base pointers for each byte in the input to reverse data structures referencing inputs,and conversely identifying fields based on their referenced data structures.We construct several experiments to evaluate the effectiveness on precise reversed structures,and security applications,and the experiment results show that our approach could effectively reverse precise input formats,and provides unique benefits to two applications,exploit diagnosis and malware analysis.
Software security Reversing Engineering Fine-grained dynamic tainting
国内会议
湖北恩施
英文
1-10
2014-09-13(万方平台首次上网日期,不代表论文的发表时间)