qualitative and quantitative evaluation of software
play

Qualitative and Quantitative Evaluation of Software Packers Mar a - PowerPoint PPT Presentation

Jun 15, 2023 •35 likes •505 views

Qualitative and Quantitative Evaluation of Software Packers Mar a Baz guez , Jos us, Ricardo J. Rodr e Merseguer All wrongs reversed rjrodriguez@unizar.es @RicardoJRdez www.ricardojrodriguez.es Department of Computer

  1. Qualitative and Quantitative Evaluation of Software Packers Mar´ ıa Baz´ ıguez , Jos´ us, Ricardo J. Rodr´ e Merseguer � All wrongs reversed rjrodriguez@unizar.es ※ @RicardoJRdez ※ www.ricardojrodriguez.es Department of Computer Science and Systems Engineering University of Zaragoza, Spain December 12, 2015 NoConName 2015 Barcelona (Spain)

  2. $ whoami Ph.D. on Comp. Sci. (Univ. of Zaragoza, Spain) (2013) Assistant Professor at University of Zaragoza Performance analysis on critical, complex systems Secure Software Engineering Advance malware analysis RFID/NFC Security Not prosecuted ¨ ⌣ Speaker at NcN, HackLU, RootedCON, STIC CCN-CERT, HIP , MalCON, HITB. . . M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 2 / 39

  3. Agenda Introduction 1 Contributions and Related Work 2 Previous Concepts 3 Software Protection Taxonomy 4 Software Packers Under Study 5 Qualitative and Quantitative Evaluation 6 Qualitative Evaluation Quantitative Evaluation Conclusions and Future Work 7 M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 3 / 39

  4. Agenda Introduction 1 Contributions and Related Work 2 Previous Concepts 3 Software Protection Taxonomy 4 Software Packers Under Study 5 Qualitative and Quantitative Evaluation 6 Qualitative Evaluation Quantitative Evaluation Conclusions and Future Work 7 M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 4 / 39

  5. Introduction (I): Reverse Engineering WTF? To analyse a binary program with machine-code vision Types of analysis: Static analysis ( ⇓ not executed, ⇑ all paths explored) Dynamic analysis ( ⇑ truly executed, ⇓ but just one path explored!) M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 5 / 39

  6. Introduction (I): Reverse Engineering WTF? To analyse a binary program with machine-code vision Types of analysis: Static analysis ( ⇓ not executed, ⇑ all paths explored) Dynamic analysis ( ⇑ truly executed, ⇓ but just one path explored!) RE uses: legitimate and illegitimate � Find software bugs � Get interoperability with legacy systems � Detect malicious software X Detect vulnerabilities to create/spread malware X Obtain (or avoid) software license duplication M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 5 / 39

  7. Introduction (II): RE Tools Dynamic analysis Debuggers Static analysis Trace execution Disassemblers Breakpoints Decompilers View internal data Dumpers M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 6 / 39

  8. Introduction (III): Anti-RE Techniques Definition, pros and cons of software packers Avoidance techniques for static and dynamic analysis into binaries Make RE tasks harder On the contrary, they have a strong impact on binary performance: execution time, memory consumption M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 7 / 39

  9. Introduction (III): Anti-RE Techniques Definition, pros and cons of software packers Avoidance techniques for static and dynamic analysis into binaries Make RE tasks harder On the contrary, they have a strong impact on binary performance: execution time, memory consumption They are used for. . . Binary protection before distribution (to keep the intellectual (?) property) Avoid a malware to be positively detected as malicious by an anti-virus M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 7 / 39

  10. Introduction (IV): Software Packers Software packer: What is it? Tools for binary protection (legitimately) Once upon a time. . . : just compressors They evolve to protectors, including anti-RE techniques Normally used in Windows environments M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 8 / 39

  11. Introduction (V): Software Packers How do they “protect” a binary? Packed executable = Original executable + unpacking routine Ejecutable Original Ejecutable Empacado Rutina desempacado Protector + (Rutina empacado) Ejecutable Original M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 9 / 39

  12. Introduction (V): Software Packers How do they “protect” a binary? Packed executable = Original executable + unpacking routine Ejecutable Original Ejecutable Empacado Rutina desempacado Protector + (Rutina empacado) Ejecutable Original How are they reversed? Find unpacking routine end ⇒ dump binary from memory to disk! M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 9 / 39

  13. Introduction (VI): Main Goals Analysing a bunch of software packers for. . . Create a taxonomy of protection techniques Create a benchmark for testing Evaluate the selected packers: Qualitatively: protection strength Quantitatively: reliability and performance M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 10 / 39

  14. Agenda Introduction 1 Contributions and Related Work 2 Previous Concepts 3 Software Protection Taxonomy 4 Software Packers Under Study 5 Qualitative and Quantitative Evaluation 6 Qualitative Evaluation Quantitative Evaluation Conclusions and Future Work 7 M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 11 / 39

  15. Related Work ∄ comparative analysis of current software packers Automation of malware unpacking ([RHD + 06], [KPY07], [MCJ07],[GFC08], [JCL + 10]) Using DBI to analyse malware ([RAG16]) Closest work: performance of software packers in Linux embedded systems ([KLC + 10]) Contributions Taxonomy of software packers Current software packers evaluation Qualitatively: protection strengths Quantitatively: reliability and performance (exec. time, memory consumption, binary size) M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 12 / 39

  16. Agenda Introduction 1 Contributions and Related Work 2 Previous Concepts 3 Software Protection Taxonomy 4 Software Packers Under Study 5 Qualitative and Quantitative Evaluation 6 Qualitative Evaluation Quantitative Evaluation Conclusions and Future Work 7 M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 13 / 39

  17. Previous Concepts (I): PE Header What is it? Windows standard format for binaries (.exe, .dll, .sys, . . . ) Header (characteristics) + Sections (data & code) Cabecera DOS MZ Cabecera PE DOS Header: Tabla de secciones e lfnew offset to PE Header Secciones PE Header: Sección 1 ImageBase … AddressOfEntryPoint DataDirectory[1] Sección n M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 14 / 39

  18. Previous Concepts (II): Loading Process En9Memoria Cabecera9DOS9MZ Cabecera9PE Tabla9de9secciones Secciones En9Disco Sección91 RUTINA9DESEMPACADO Cabecera9DOS9MZ … Cabecera9PE Tabla9de9secciones Sección9 n Secciones Cabecera9DOS9MZ Cabecera9PE Sección91 Tabla9de9secciones RUTINA9DESEMPACADO … Secciones Sección9 n AOABA8B9A4A3E857016B00CF19A50B Sección91 ……. … 57016B00CF19A50BAOABA8B9A4A3A0 Sección9 n M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 15 / 39

  19. Previous Concepts (III): Import Address Table IMAGE_OPTIONAL_HEADER IMAGE_OPTIONAL_HEADER En Memoria … (Sobreescrito por el DataDirectory [1 ] Windows Loader) IMAGE_THUNK_DATA IMAGE_THUNK_DATA IMAGE_THUNK_DATA IMAGE_THUNK_DATA IMAGE_IMPORT_DESCRIPTOR_0 … En Disco (ntdll.dll) 000..000 000…000 IMAGE_IMPORT_DESCRIPTOR _1 OriginalFirstThunk ReadFile TimeDateStamp WriteFile ForwardedChain Name Kernel32.dll FirstThunk … 77E55A68 IMAGE_IMPORT_DESCRIPTOR_n 77E52B38 0 … 0 M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 16 / 39

  20. Agenda Introduction 1 Contributions and Related Work 2 Previous Concepts 3 Software Protection Taxonomy 4 Software Packers Under Study 5 Qualitative and Quantitative Evaluation 6 Qualitative Evaluation Quantitative Evaluation Conclusions and Future Work 7 M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 17 / 39

  21. Software Protection (I): Static Analysis Copy protection Main aim: Avoid to illegitimately copy a software Techniques: License management, register keys, hardware dongles M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 18 / 39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Impact Evaluation of Takaful and Karama I. Quantitative Component II. Qualitative Component

Impact Evaluation of Takaful and Karama I. Quantitative Component II. Qualitative Component

Impact Evaluation of Takaful and Karama I. Quantitative Component II. Qualitative Component III. Synthesis Report World Bank SSNP Mission MOSS May 21, 2018 1. Qualitative Component 2. Synthesis Report 3. Final Updates on Quantitative

1.11k views • 95 slides
T-76.613 Software testing Analyzing Quantitative Data Mika Mntyl <mika.mantyla@hut.fi>

T-76.613 Software testing Analyzing Quantitative Data Mika Mntyl <mika.mantyla@hut.fi>

T-76.613 Software testing Analyzing Quantitative Data Mika Mntyl <mika.mantyla@hut.fi> HELSINKI UNIVERSITY OF TECHNOLOGY Qualitative vs. Quantitative (Coolican 1999) Qualitative Quantitative Information Subjective, Rich

297 views • 13 slides
From Qualitative to Quantitative Theories of Software Tom Henzinger IST Austria Qualitative

From Qualitative to Quantitative Theories of Software Tom Henzinger IST Austria Qualitative

From Qualitative to Quantitative Theories of Software Tom Henzinger IST Austria Qualitative Software Theories Property Program Analysis Yes/No Qualitative Software Theories Kripke Program Property ( R ) } G) Structure Analysis

937 views • 45 slides
Heuristic Evaluation (Pinelle) Heuristic evaluation is a method of qualitative evaluation of

Heuristic Evaluation (Pinelle) Heuristic evaluation is a method of qualitative evaluation of

Heuristic Evaluation (Pinelle) Heuristic evaluation is a method of qualitative evaluation of software. 449: A Design Space for Evaluation Open-ended Open-ended Formative Qualitative Methods Usability Breadth of Engineering question

634 views • 25 slides
From Qualitative to Quantitative Program Analysis: Permissive Enforcement of Secure Information

From Qualitative to Quantitative Program Analysis: Permissive Enforcement of Secure Information

Introduction Information Flow Qualitative IF Quantitative IF Conclusion From Qualitative to Quantitative Program Analysis: Permissive Enforcement of Secure Information Flow Mounir Assaf Software Security Lab, CEA LIST, Saclay CIDre,

1.28k views • 95 slides
Understanding Impact The role of qualitative methods of evaluation Aims of the workshop To

Understanding Impact The role of qualitative methods of evaluation Aims of the workshop To

Understanding Impact The role of qualitative methods of evaluation Aims of the workshop To explore what qualitative methods are and how they differ from quantitative methods To examine the advantages and disadvantages of qualitative

734 views • 16 slides
Keywords: Fig, qualitative and quantitative characteristic, diversity, productivity . Time of

Keywords: Fig, qualitative and quantitative characteristic, diversity, productivity . Time of

Keywords: Fig, qualitative and quantitative characteristic, diversity, productivity . Time of study: 2015-2019 Place of study: Collection of fruit tree, Agriculture University of Tirana, germplasm field in Valias. To evaluation, to

638 views • 62 slides
Localism Qualitative and Quantitative Research February 2019 1 Localism Qualitative and

Localism Qualitative and Quantitative Research February 2019 1 Localism Qualitative and

Localism Qualitative and Quantitative Research February 2019 1 Localism Qualitative and Quantitative Research February 2019 Topics Our approach Summary of findings Detailed data Levels of support for localism Types

954 views • 31 slides
What do we mean by scalability? Qualitative: Will this software work well for substantially

What do we mean by scalability? Qualitative: Will this software work well for substantially

What do we mean by scalability? Qualitative: Will this software work well for substantially larger problems? Semi-quantitative: Can you solve a problem n times as large in the same amount of time if you have n times as many resources?

364 views • 8 slides
Benefits and Challenges of Analyzing Qualitative Data Sheelagh Carpendale empirical research

Benefits and Challenges of Analyzing Qualitative Data Sheelagh Carpendale empirical research

Benefits and Challenges of Analyzing Qualitative Data Sheelagh Carpendale empirical research binary? qualitative or quantitative spectrum quantitative qualitative spectrum quantitative qualitative we will look at the qualitative part of

402 views • 17 slides
From Qualitative to Quantitative Dominance Pruning for Optimal Planning Alvaro Torralba

From Qualitative to Quantitative Dominance Pruning for Optimal Planning Alvaro Torralba

Qualitative Quantitative Finding Dominance Action Selection Pruning Experiments Conclusions From Qualitative to Quantitative Dominance Pruning for Optimal Planning Alvaro Torralba Saarland University HSDIP Workshop June 20, 2017

677 views • 43 slides
Quantitative Analysis J. Scott Hawker/R. Kuehl p. 1 R I T Software Engineering Tactics and

Quantitative Analysis J. Scott Hawker/R. Kuehl p. 1 R I T Software Engineering Tactics and

Quantitative Analysis J. Scott Hawker/R. Kuehl p. 1 R I T Software Engineering Tactics and Quantitative Analysis Selecting architectural patterns and tactics is largely qualitative decision making Need to evaluate design decisions and

716 views • 15 slides
Application of geospatial methods and remote sensing and for evaluation Blending quantitative

Application of geospatial methods and remote sensing and for evaluation Blending quantitative

Application of geospatial methods and remote sensing and for evaluation Blending quantitative with qualitative analysis in understanding change Anupam Anand Evaluation Officer GEF IEO Why do we need geospatial methods? Efficiency Analysis at

433 views • 24 slides
Qt Ql New People to New Groups S. Gladen licenced under CC BY 2.0 2 Dr. Pat Bazeley,

Qt Ql New People to New Groups S. Gladen licenced under CC BY 2.0 2 Dr. Pat Bazeley,

Keynote Address - MQIC 2019 Transcending the Qualitative - Quantitative Divide Dr. Pat Bazeley Adjunct Professor, TReSI group, Western Sydney University pat@researchsupport.com.au Dr. Pat Bazeley, Transcending the Qualitative-Quantitative

468 views • 15 slides
Introduction Best suited for initial explorations of a group or phenomenon. A powerful tool for

Introduction Best suited for initial explorations of a group or phenomenon. A powerful tool for

Stephen E. Brock, Ph.D., NCSP Qualitative Research: Overview and Data Collection/Analysis Stephen E. Brock, Ph.D., NCSP California State University, Sacramento 1 Qualitative vs. Quantitative Research (Gay et al., 2006, p. 400) Quantitative (

463 views • 12 slides
Qualitative Evaluation Food for Thought Nest thermostat

Qualitative Evaluation Food for Thought Nest thermostat

Qualitative Evaluation Food for Thought Nest thermostat http://www.youtube.com/watch?v=L8TkhHgkBsg Programmable thermostats are no longer LEEDS certified Why? And what is LEED? Evaluation overview Evaluation is concerned

797 views • 32 slides
Hacking Attacks The power of IPv6 driven malware m-r Mane Piperevski IT Security Researcher

Hacking Attacks The power of IPv6 driven malware m-r Mane Piperevski IT Security Researcher

Hacking Attacks The power of IPv6 driven malware m-r Mane Piperevski IT Security Researcher Ethical Hacker mane@piperevski.com Piperevski & Associates Skopje, Macedonia What's your favorite Malware? Who we are? A. Popup

297 views • 13 slides
Network Resilience Sanjeev Goyal Christs College University of Cambridge Latsis Symposium

Network Resilience Sanjeev Goyal Christs College University of Cambridge Latsis Symposium

Network Resilience Sanjeev Goyal Christs College University of Cambridge Latsis Symposium 2012 Zurich Franks `RESEARCH QUESTION Can economics as a scientific discipline that must extricate itself from its current conceptual crisis,

498 views • 34 slides
Killzones AI: dynamic procedural combat tactics Remco Straatman Guerrilla Games, Amsterdam,

Killzones AI: dynamic procedural combat tactics Remco Straatman Guerrilla Games, Amsterdam,

Killzones AI: dynamic procedural combat tactics Remco Straatman Guerrilla Games, Amsterdam, the Netherlands, remco.straatman@guerrilla-games.com William van der Sterren CGF-AI, Veldhoven, the Netherlands, william.van.der.sterren@cgf-ai.com

412 views • 17 slides
Outline Malicious Code Introduction CS 239 Viruses Trojan horses Security for

Outline Malicious Code Introduction CS 239 Viruses Trojan horses Security for

Outline Malicious Code Introduction CS 239 Viruses Trojan horses Security for Networks and Trap doors System Software Logic bombs May 12, 2002 Worms Examples Lecture 11 Lecture 11 Page 1 Page 2 CS 239,

234 views • 12 slides
Information Systems Asset Protection: Monitoring SYSTEM ATTACKS Kevin Henry CISA CISM CRISC

Information Systems Asset Protection: Monitoring SYSTEM ATTACKS Kevin Henry CISA CISM CRISC

Information Systems Asset Protection: Monitoring SYSTEM ATTACKS Kevin Henry CISA CISM CRISC CISSP Kevinmhenry@msn.com Asset Protection Monitoring Agenda: Security Testing Investigating Systems Attacks and Monitoring Incidents

813 views • 35 slides
Reversible Digital Watermarking Chang-Tsun Li Department of Computer Science University of

Reversible Digital Watermarking Chang-Tsun Li Department of Computer Science University of

Reversible Digital Watermarking Chang-Tsun Li Department of Computer Science University of Warwick Multimedia Security and Forensics 1 Reversible Watermarking Based on Difference Expansion (DE) In some medical, legal and military

827 views • 33 slides
Image Forensics and Steganalysis (Hans) Georg Schaathun Department of Computing University of

Image Forensics and Steganalysis (Hans) Georg Schaathun Department of Computing University of

Image Forensics and Steganalysis (Hans) Georg Schaathun Department of Computing University of Surrey 26 June 2009 (Hans) Georg Schaathun Image Forensics and Steganalysis 26 June 2009 1 / 47 Outline Examples 1 Tampering Different

1.15k views • 86 slides
Mobile VoIP Steganography From Framework to Implementation Marcus Nutzinger Rainer Poisel

Mobile VoIP Steganography From Framework to Implementation Marcus Nutzinger Rainer Poisel

Mobile VoIP Steganography From Framework to Implementation Marcus Nutzinger Rainer Poisel Jrgen Wurzer Institute of IT Security Research St. Plten University of Applied Sciences DeepSec 2010 November 25 th 2010 Mobile VoIP Steganography

528 views • 27 slides

More recommend