Presentation is loading. Please wait.

Presentation is loading. Please wait.

Embedded Lab. Park Yeongseong.  Introduction  State of the art  Core values  Design  Experiment  Discussion  Conclusion  Q&A.

Published byAgatha Alexander Modified over 9 years ago

Similar presentations

Presentation on theme: "Embedded Lab. Park Yeongseong.  Introduction  State of the art  Core values  Design  Experiment  Discussion  Conclusion  Q&A."— Presentation transcript:

1 Embedded Lab. Park Yeongseong

2  Introduction  State of the art  Core values  Design  Experiment  Discussion  Conclusion  Q&A

3

4  Identifying same or similar code is very important  Previous works ◦ Static source code comparison – C1 ◦ Static excutable code comparison – C2 ◦ Dynamic control flow based methods – C3 ◦ Dynamic API based methods – C4

5  Three highly desired requirements ◦ R1 – Resiliency ◦ R2 - Ability to directly work on binary executables ◦ R3 – Platform independence  BUT!!!! Not satisfy requirement ◦ Static source code comparison – C1 R1 R2 ◦ Static excutable code comparison – C2 R1 ◦ Dynamic control flow based methods – C3 R1 R3 ◦ Dynamic API based methods – C4 R3

6  Introduce new approach ◦ Core-values  5 optimization options (-O0 ~ -O3, -Os)  3 Compilers ( GCC, TCC, WCC )  KlassMaster, Thicket, Loco/Diablo Obfuscators

7  Code Obfuscation Techniques ◦ data obfuscation, control obfuscation, layout obfuscation and preventive transformations ◦ indirect branches, control-flow flattening, function- pointer aliasing  Static Analysis Based Plagiarism Detection ◦ String-based ◦ AST-based ◦ Token-based ◦ PDG-based ◦ Birthmark-based

8  Dynamic Analysis Based Plagiarism Detection ◦ Whole program path based (WPP) ◦ Sequence of API function calls birthmark(EXESEQ) ◦ Frequency of API function calls birthmark(EXEFREQ) ◦ System call based birthmark

9

10

11  Not all values associated with the execution of a program are core-values ◦ Value-updating instruction ◦ Related to the program’s semantics

12  To refine value sequences ◦ Sequential refinement – reduction rate 16%~34% ◦ Optimization-based refinement – 5 optimization ◦ Address removal – exclude pointer values

13

14  Intel Quad-Core 2.00 GHz CPU  4GB RAM  Linux machin  QEMU 0.9.1  Questions 1.resilient 2.false accusation 3.credible

15  Obfuscation techniques ◦ SandMark, KlassMaster : Java bytecode obfuscators  Test application : Jlex ◦ Lexical analyzer

16  Test Application ◦ 5 individual XML pasers:expat, libxml2, Parsifal, rxp,xercesc

17  Test application ◦ Bzip2, gzip, oggenc, 9 of 11 programs  Result ◦ Similarity scores between 0 and 0.27 ◦ zip and gzip similarity scores are 1.0  Same compression algorithm : deflate ◦ zip and bzip2 similarity scores are 0.01 to 0.03  Different compression algorithm : block sorting

18  introduce a novel approach to dynamic characterization of executable programs.  The value-based method successfully discriminates 34 plagiarisms by SandMark, KlassMaster, Thicket.

19

Download ppt "Embedded Lab. Park Yeongseong.  Introduction  State of the art  Core values  Design  Experiment  Discussion  Conclusion  Q&A."

Similar presentations

Code Optimization and Performance Chapter 5 CS 105 Tour of the Black Holes of Computing.

Code Optimization and Performance Chapter 5 CS 105 Tour of the Black Holes of Computing.
Binary Translation Using Peephole Superoptimizers Sorav Bansal, Alex Aiken Stanford University.

Binary Translation Using Peephole Superoptimizers Sorav Bansal, Alex Aiken Stanford University.
Software & Services Group, Developer Products Division Copyright© 2010, Intel Corporation. All rights reserved. *Other brands and names are the property.

Software & Services Group, Developer Products Division Copyright© 2010, Intel Corporation. All rights reserved. *Other brands and names are the property.
Chapter 10 Code Optimization. A main goal is to achieve a better performance Front End Code Gen Intermediate Code source Code target Code user Machine-

Chapter 10 Code Optimization. A main goal is to achieve a better performance Front End Code Gen Intermediate Code source Code target Code user Machine-
Control Flow Analysis (Chapter 7) Mooly Sagiv (with Contributions by Hanne Riis Nielson)

Control Flow Analysis (Chapter 7) Mooly Sagiv (with Contributions by Hanne Riis Nielson)
FSE’14 Semantics-Based Obfuscation-Resilient Binary Code Similarity Comparison with Application to Software Plagiarism Detection Lannan Luo, Jiang Ming,

FSE’14 Semantics-Based Obfuscation-Resilient Binary Code Similarity Comparison with Application to Software Plagiarism Detection Lannan Luo, Jiang Ming,
Overview Motivations Basic static and dynamic optimization methods ADAPT Dynamo.

Overview Motivations Basic static and dynamic optimization methods ADAPT Dynamo.
IBinHunt: Binary Hunting with Inter-Procedural Control Flow Jiang Ming, Meng Pan, and Debin Gao College of Information Sciences and Technology, Penn State.

IBinHunt: Binary Hunting with Inter-Procedural Control Flow Jiang Ming, Meng Pan, and Debin Gao College of Information Sciences and Technology, Penn State.
Code Compaction of an Operating System Kernel Haifeng He, John Trimble, Somu Perianayagam, Saumya Debray, Gregory Andrews Computer Science Department.

Code Compaction of an Operating System Kernel Haifeng He, John Trimble, Somu Perianayagam, Saumya Debray, Gregory Andrews Computer Science Department.
1 Cost Effective Dynamic Program Slicing Xiangyu Zhang Rajiv Gupta The University of Arizona.

1 Cost Effective Dynamic Program Slicing Xiangyu Zhang Rajiv Gupta The University of Arizona.
CS266 Software Reverse Engineering (SRE) Applying Anti-Reversing Techniques to Java Bytecode Teodoro (Ted) Cipresso,

CS266 Software Reverse Engineering (SRE) Applying Anti-Reversing Techniques to Java Bytecode Teodoro (Ted) Cipresso,
Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.

Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.
1 S. Tallam, R. Gupta, and X. Zhang PACT 2005 Extended Whole Program Paths Sriraman Tallam Rajiv Gupta Xiangyu Zhang University of Arizona.

1 S. Tallam, R. Gupta, and X. Zhang PACT 2005 Extended Whole Program Paths Sriraman Tallam Rajiv Gupta Xiangyu Zhang University of Arizona.
Cpeg421-08S/final-review1 Course Review Tom St. John.

Cpeg421-08S/final-review1 Course Review Tom St. John.
A Static Analysis Framework For Embedded Systems Nathan Cooprider John Regehr's Embedded Systems Group.

A Static Analysis Framework For Embedded Systems Nathan Cooprider John Regehr's Embedded Systems Group.
On Packetization of Embedded Multimedia Bitstreams Xiaolin Wu, Samuel Cheng, and Zixiang Xiong IEEE Transactions On Multimedia, March 2001.

On Packetization of Embedded Multimedia Bitstreams Xiaolin Wu, Samuel Cheng, and Zixiang Xiong IEEE Transactions On Multimedia, March 2001.
Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.

Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.
Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.

Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.
Detecting Software Theft via System Call Based Birthmarks Xinran Wang, Yoon-Chan Jhi, Sencun Zhu, Peng Liu ACSAC 2009.

Detecting Software Theft via System Call Based Birthmarks Xinran Wang, Yoon-Chan Jhi, Sencun Zhu, Peng Liu ACSAC 2009.
Introduction Overview Static analysis Memory analysis Kernel integrity checking Implementation and evaluation Limitations and future work Conclusions.

Introduction Overview Static analysis Memory analysis Kernel integrity checking Implementation and evaluation Limitations and future work Conclusions.

Similar presentations

Ads by Google