dbi for computer security uses and comparative
play

DBI for Computer Security: Uses and Comparative Juan Antonio Artal , - PowerPoint PPT Presentation

Feb 19, 2023 •44 likes •1.04k views

DBI for Computer Security: Uses and Comparative Juan Antonio Artal , Ricardo J. Rodr guez , Jos e Merseguer All wrongs reversed jaartal@gmail.com , rjrodriguez@fi.upm.es, jmerse@unizar.es @RicardoJRdez

  1. DBI for Computer Security: Uses and Comparative Juan Antonio Artal ‡ , Ricardo J. Rodr´ ıguez † , Jos´ e Merseguer ‡ � All wrongs reversed jaartal@gmail.com , rjrodriguez@fi.upm.es, jmerse@unizar.es @RicardoJRdez ※ www.ricardojrodriguez.es ‡ Universidad de Zaragoza † Universidad Polit´ ecnica de Madrid Madrid, Spain Zaragoza, Spain June 21th, 2013 3 rd Edition of Hack in Paris Sequoia Lodge Hotel, Disneyland Paris

  2. $ whoami $ whoami J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 2 / 44

  3. $ whoami $ whoami J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 2 / 44

  4. $ whoami $ whoami J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 2 / 44

  5. $ whoami $ whoami J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 2 / 44

  6. $ whoami $ whoami J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 2 / 44

  7. $ whoami $ whoami CLS member since early beginnings (2000) Ph.D.student at University of Zaragoza Working currently for Technical University of Madrid Performance analysis of complex systems Secure software engineering Fault-Tolerant systems (design and analysis) Malware analysis (techniques and relative stuff) Safety analysis in component-based systems J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 2 / 44

  8. $ whoami $ whoami CLS member since early beginnings (2000) Ph.D.student at University of Zaragoza Working currently for Technical University of Madrid Performance analysis of complex systems Secure software engineering Fault-Tolerant systems (design and analysis) Malware analysis (techniques and relative stuff) Safety analysis in component-based systems My Ph.D. viva is next Monday! Cross fingers!! ¨ ⌣ J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 2 / 44

  9. Development Code License Development Code License GPL v3 ( http://gplv3.fsf.org/ ) Intel Open Source License ( http://opensource.org/licenses/ intel-open-source-license.html ) Specified in each source file Source available at http://webdiis.unizar.es/~ricardo/files/ HIP2013.tar.gz (VS2008 project + this slides) J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 3 / 44

  10. Development Code License Development Code License GPL v3 ( http://gplv3.fsf.org/ ) Intel Open Source License ( http://opensource.org/licenses/ intel-open-source-license.html ) Specified in each source file Source available at http://webdiis.unizar.es/~ricardo/files/ HIP2013.tar.gz (VS2008 project + this slides) no add-ons. . . trust me ¨ ⌣ J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 3 / 44

  11. Agenda Outline An Introduction to DBI 1 What (the hell) is Dynamic Binary Instrumentation (DBI)? How does DBI work? Uses of DBI in Computer Security DBI Frameworks 2 DBI Framework: What is? Types of DBI frameworks Analysis and Comparative Applying DBI to Computer Security. . . 3 Developing DBAs with Pin: Pintools DBI vulnerability search Taint analysis Reverse Engineering Conclusions and Acknowledgments 4 J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 4 / 44

  12. An Introduction to DBI Outline An Introduction to DBI 1 What (the hell) is Dynamic Binary Instrumentation (DBI)? How does DBI work? Uses of DBI in Computer Security DBI Frameworks 2 DBI Framework: What is? Types of DBI frameworks Analysis and Comparative Applying DBI to Computer Security. . . 3 Developing DBAs with Pin: Pintools DBI vulnerability search Taint analysis Reverse Engineering Conclusions and Acknowledgments 4 J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 5 / 44

  13. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (I) DBI: Dynamic Binary Instrumentation Main Words ?? Instrumentation ?? Dynamic ?? Binary J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 6 / 44

  14. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (I) DBI: Dynamic Binary Instrumentation Main Words ?? Instrumentation ?? Dynamic ?? Binary J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 6 / 44

  15. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (II) Instrumentation? Instrumentation “Being able to observe, monitor and modify the behaviour of a computer program” (Gal Diskin) Arbitrary addition of code in executables to collect some information J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 7 / 44

  16. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (II) Instrumentation? Instrumentation “Being able to observe, monitor and modify the behaviour of a computer program” (Gal Diskin) Arbitrary addition of code in executables to collect some information Analyse and control everything around an executable code Collect some information Arbitrary code insertion J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 7 / 44

  17. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (III) Instrumentation ?? ?? Dynamic ?? Binary J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 8 / 44

  18. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (III) Instrumentation What is happening. . . ?? Dynamic ?? Binary J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 8 / 44

  19. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (III) Instrumentation What is happening. . . ?? Dynamic ?? Binary J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 8 / 44

  20. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (IV) Dynamic? Code analysis Static BEFORE execution All possible execution paths are explored → not extremely good for performance Dynamic DURING the execution Just one execution path (it may depend on the input data!) J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 9 / 44

  21. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (V) Instrumentation What is happening. . . ?? Dynamic ?? Binary J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 10 / 44

  22. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (V) Instrumentation What is happening. . . DURING the execution. . . Dynamic ?? Binary J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 10 / 44

  23. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (V) Instrumentation What is happening. . . DURING the execution. . . Dynamic ?? Binary J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 10 / 44

  24. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (IV) Binary? Dynamic analysis Source code available Source code Compiler No source code (common case ¨ ⌣ ) Binary Static (i.e., creating a new binary – with extras) Dynamic Environment Emulation Virtual Debugging J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 11 / 44

  25. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (VI) Instrumentation What is happening. . . DURING the execution. . . Dynamic ?? Binary J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 12 / 44

  26. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (VI) Instrumentation What is happening. . . Dynamic DURING the execution. . . Binary of a binary (executable). . . J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 12 / 44

  27. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (VII) DBI advantages Binary instrumentation: advantages Programming language (totally) independent Machine-mode vision We can instrument proprietary software J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 13 / 44

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Security By Default A Comparative Security Evaluation of Default Configurations Bernardus A.

Security By Default A Comparative Security Evaluation of Default Configurations Bernardus A.

Security By Default A Comparative Security Evaluation of Default Configurations Bernardus A. Jansen, BSc MSc System and Network Engineering Universiteit van Amsterdam July 3, 2018 B.A. Jansen, BSc (UvA) Security By Default July 3, 2018 1 /

286 views • 15 slides
Quick Intro to Computer Security What is computer security? Securing communication

Quick Intro to Computer Security What is computer security? Securing communication

Carnegie Mellon Quick Intro to Computer Security What is computer security? Securing communication Cryptographic tools Access control User authentication Computer security and usability Thanks to Mike Reiter for the

412 views • 38 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer Security? Generally concerned with protection of computer related assets Risk analysis and management! Manage could mean prevention of

537 views • 26 slides
Efficiency, Security and Portability A comparative study of C++ and Java 1 Layout Of Class

Efficiency, Security and Portability A comparative study of C++ and Java 1 Layout Of Class

Efficiency, Security and Portability A comparative study of C++ and Java 1 Layout Of Class Objects OO abstractions are compound data types, so they need to be stored in memory Needs to extend layout of C structs with Table to

228 views • 19 slides
Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

IN3210 Network Security Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure Computer Security Security of computers and networks Protection of digital assets Axioms of Computer Security:

240 views • 23 slides
Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak

Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak

8.10.2019 Information Security Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak Can Network Security: Hacettepe University Ensure security of communication over insecure medium

267 views • 10 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #2 Aug 25 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Economist Survey Please read it Main points Security is a MUCH

600 views • 27 slides
CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human

CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human

Overview CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human Security 3.Program Security Security Computer security threats Unintentional: - Coding faults - Operational faults -

238 views • 8 slides
CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL:

CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL:

CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 OS Security An secure OS should provide the

873 views • 28 slides
Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives Confidentiality

553 views • 39 slides
Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3:

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3:

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives

839 views • 38 slides
Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives Confidentiality

1.08k views • 42 slides
CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL:

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL:

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Mandatory Access Control Is about administration

462 views • 19 slides
6 WHY DYNAMIC UI ** app

6 WHY DYNAMIC UI ** app

www.itsci.mju.ac.th/sayan DYNAMIC USER INTERFACE SAYAN UNANKARD 6 WHY DYNAMIC UI ** app * User interface Dynamic *

547 views • 11 slides
Mobile Interface Design Patterns J.Serrat 102759 Software Design June 18, 2014 Index UI

Mobile Interface Design Patterns J.Serrat 102759 Software Design June 18, 2014 Index UI

Mobile Interface Design Patterns J.Serrat 102759 Software Design June 18, 2014 Index UI patterns 1 Navigation 2 Invitations 3 Sorting 4 Antipatterns 5 Slides sources Mobile Design Pattern Gallery: UI Patterns for Mobile Applications

738 views • 19 slides
CSE 262 Lecture 12 Communication overlap Announcements A problem set has been posted, due

CSE 262 Lecture 12 Communication overlap Announcements A problem set has been posted, due

CSE 262 Lecture 12 Communication overlap Announcements A problem set has been posted, due next Thursday Scott B. Baden / CSE 262 / UCSD, Wi '15 2 Technological trends of scalable HPC systems Growth: cores/socket rather than sockets

549 views • 42 slides
Paper 4 Statistics & Research Statistics & Research Methodology - BK SAVITRI, Pandav

Paper 4 Statistics & Research Statistics & Research Methodology - BK SAVITRI, Pandav

Paper 4 Statistics & Research Statistics & Research Methodology - BK SAVITRI, Pandav Bhawan, Mt. Abu Email-bksavitrimadhuban@gmail.com Mo. No.: 09414331060 Unit 1 Meaning of Statistics , functions , usefulness Frequency

1.26k views • 56 slides
taste buds for the Bible Calvin on Knowing the Bible is Gods Word by the inward testimony of

taste buds for the Bible Calvin on Knowing the Bible is Gods Word by the inward testimony of

Asking John Calvin about taste buds for the Bible Calvin on Knowing the Bible is Gods Word by the inward testimony of the Holy Spirit, and the place of evidences From Calvins Institutes, Book 1: The Knowledge of God the Creator, Chapters

314 views • 8 slides
Develop Your Data Mindset Module 9 - Periodic Assessment for Differentiation Part 2 - Absorb,

Develop Your Data Mindset Module 9 - Periodic Assessment for Differentiation Part 2 - Absorb,

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Develop Your Data Mindset Module 9 - Periodic Assessment for Differentiation Part 2 - Absorb, Ask, Accumulate, Access By Nathan

736 views • 58 slides
Chemical Reactions and is intended for the non-commercial use of students and teachers. These

Chemical Reactions and is intended for the non-commercial use of students and teachers. These

Slide 1 / 75 Slide 2 / 75 New Jersey Center for Teaching and Learning Progressive Science Initiative This material is made freely available at www.njctl.org Chemical Reactions and is intended for the non-commercial use of students and

612 views • 13 slides
Team Mumbai Emma Finkbeiner, Taylor Pecko-Reid, & Sashwatha Sridhar Mumbai, The Gateway to

Team Mumbai Emma Finkbeiner, Taylor Pecko-Reid, & Sashwatha Sridhar Mumbai, The Gateway to

Team Mumbai Emma Finkbeiner, Taylor Pecko-Reid, & Sashwatha Sridhar Mumbai, The Gateway to India. Mumbai: Background Humid and muggy weatherAn experience that sticks with you, literally! Known as The city that never

803 views • 47 slides

More recommend