DOCSLIB.ORG

Decompilation As Search

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Decompilation As Search UCAM-CL-TR-844 Technical Report ISSN 1476-2986 Number 844 Computer Laboratory Decompilation as search Wei Ming Khoo November 2013 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 http://www.cl.cam.ac.uk/ c 2013 Wei Ming Khoo This technical report is based on a dissertation submitted August 2013 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Hughes Hall. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: http://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 Abstract Decompilation is the process of converting programs in a low-level representation, such as machine code, into high-level programs that are human readable, compilable and seman- tically equivalent. The current de facto approach to decompilation is largely modelled on compiler theory and only focusses on one or two of these desirable goals at a time. This thesis makes the case that decompilation is more effectively accomplished through search. It is observed that software development is seldom a clean slate process and much software is available in public repositories. To back this claim, evidence is presented from three categories of software development: corporate software development, open source projects and malware creation. Evidence strongly suggests that code reuse is prevalent in all categories. Two approaches to search-based decompilation are proposed. The first approach borrows inspiration from information retrieval, and constitutes the first contribution of this thesis. It uses instruction mnemonics, control-flow sub-graphs and data constants, which can be quickly extracted from a disassembly, and relies on the popular text search engine CLucene. The time taken to analyse a function is small enough to be practical and the technique achieves an F2 measure of above 83.0% for two benchmarks. The second approach and contribution of this thesis is perturbation analysis, which is able to differentiate between algorithms implementing the same functionality, e.g. bubblesort versus quicksort, and between different implementations of the same algorithm, e.g. quick- sort from Wikipedia versus quicksort from Rosetta code. Test-based indexing (TBI) uses random testing to characterise the input-output behaviour of a function; perturbation- based indexing (PBI) is TBI with additional input-output behaviour obtained through perturbation analysis. TBI/PBI achieves an F2 measure of 88.4% on five benchmarks involving different compilers and compiler options. To perform perturbation analysis, function prototyping is needed, the standard way com- prising liveness and reaching-definitions analysis. However, it is observed that in practice actual prototypes fall into one of a few possible categories, enabling the type system to be simplified considerably. The third and final contribution is an approach to prototype recovery that follows the principle of conformant execution, in the form of inlined data source tracking, to infer arrays, pointer-to-pointers and recursive data structures. Acknowledgments I gratefully acknowledge the financial support of DSO National Laboratories, which made it possible for me to pursue this PhD. I thank Tan Yang Meng and Chia Hock Teck, who first encouraged me to take this journey; Ross Anderson, for deciding to take a green and clueless individual under his wing as a PhD student in 2009; Alan Mycroft, for agreeing to co-advise this same green and clueless PhD student; Hassen Sa¨ıdi, for having me as a summer intern and for getting me started on the fascinating topic of decompilation. I thank my co-authors and collaborators Pietro Li´o, Hyoungshick Kim, Michael Meeks and Ed Robbins, for fruitful discussions that have given me new perspectives and have helped me grow as a researcher. For providing me with much-needed advice, help and encourage- ment along the way, I thank Saad Aloteibi, Jonathan Anderson, Joseph Bonneau, Omar Choudary, Richard Clayton, Saar Drimer, Christopher Gautier, Khilan Gudka, Markus Kuhn, Steven Murdoch, Frank Stajano, Raoul Urma, Robert Watson and Rubin Xu. I am grateful to Graham Titmus and Chris Hadley for help with setting up the Rendezvous server, and Laurent Simon for help with server testing. I am thankful to Andrew Bernat and Frank Eigler for help with the Dyninst API and the Dyninst team for creating a great tool. Thank you, Dad, Mum, Pa, Mi and Li Ying, for always being there, especially during times when I needed the most support and encouragement. To Grace, Natalie and Daniel: thank you for being my inspiration. You are a gift, and my joy. To my wife, Shea Lin: thank you for your steadfast support when I was running long experiments, writing or away, for being my comfort when the going was tough, and for your uncanny ability to see past setbacks. Thank you for being you. Soli Deo gloria Contents 1 Introduction 9 1.1 Decompilation.................................. 11 1.2 Chapteroutline ................................. 16 2 Models of decompilation: a survey 17 2.1 Heuristics-drivenmodel............................. 17 2.2 Compilermodel................................. 18 2.3 Formalmethodsmodel ............................. 19 2.4 Assembly-to-Ctranslationmodel . 20 2.5 Information-flowmodel............................. 21 3 Decompilation as search 23 3.1 Howprevalentiscodereuse?.. .. .. 24 3.2 Priorworkinsoftwarereuseresearch . .. 24 3.3 GNU Public License violations . 25 3.4 Proprietary software copyright infringement . .... 26 3.5 AstudyofcodereuseonGithub. 28 3.6 Code reuse in malicious software . 32 3.6.1 Analysis of “last modified” dates . 33 3.6.2 Searchfor“http://”string . 34 3.7 Summaryoffindings .............................. 37 3.8 Proposed approach: Search-based decompilation . ..... 37 3.8.1 Case study: Statistical machine translation . 38 3.8.2 Proposedresearchagenda . 39 3.9 Relatedwork .................................. 40 4 Token-based code indexing 43 4.1 Introduction................................... 43 4.2 Designspace................................... 44 4.3 Featureextraction ............................... 45 4.4 Instructionmnemonics ............................. 45 4.5 Control-flowsubgraphs ............................. 46 4.6 Dataconstants ................................. 48 4.7 Whatmakesagoodmodel? .......................... 49 4.8 Indexingandquerying ............................. 50 4.9 Implementation ................................. 52 4.10Evaluation.................................... 52 4.10.1 Optimal df threshold ........................... 53 4.10.2 Comparison of n-grams versus n-perms................ 54 4.10.3 Mixed n-grammodels ......................... 55 4.10.4 Control-flow k-graphs versus extended k-graphs ........... 56 4.10.5 Mixed k-graphmodels ......................... 56 4.10.6 Dataconstants ............................. 57 4.10.7 Compositemodels ........................... 57 4.10.8 Timing.................................. 59 4.11Discussion.................................... 60 4.11.1 Limitations . 60 4.11.2 Threatstovalidity ........................... 60 4.11.3 Mnemonic n-gramsandbasicblockboundaries. 60 4.12Relatedwork .................................. 60 5 Perturbation analysis 63 5.1 Overview..................................... 64 5.2 Assembly-to-Ctranslation . .. .. .. 65 5.3 Source-binarymatchingforfunctions . .. 65 5.4 Test-basedindexing............................... 66 5.5 Identifying structural similarity . 67 5.6 Perturbationanalysis.............................. 67 5.7 Guardfunctions................................. 69 5.8 Perturbation-basedindexing . 70 5.9 Implementation ................................. 70 6 5.10Evaluation.................................... 71 5.10.1 Perturbationandguardfunctions . 71 5.10.2 Comparison of different implementations . 72 5.10.3 Coreutils dataset............................ 73 5.10.4 Compilers and compiler options . 74 5.11Discussion.................................... 75 5.11.1 Undefinedbehaviour .. .. .. 75 5.11.2 Indirectjumpsandexternalcode . 76 5.11.3 Functionprototyping . 76 5.12Relatedwork .................................. 77 6 Prototype recovery via inlined data source tracking 79 6.1 Survey of prototypes in coreutils and linux .................. 80 6.2 Algorithmdesign ................................ 82 6.3 Conformantexecutionfortyperecovery. .... 82 6.4 Memory validity, Fmem ............................. 83 6.5 Address validity, Faddr ............................. 84 6.6 Inlineddatasourcetracking .. .. .. 86 6.7 Probabilistic branch negation . 89 6.8 Typesystem................................... 89 6.9 Distancemetric ................................. 90 6.10Implementation ................................. 91 6.11Evaluation.................................... 91 6.11.1 Basic inlined data source tracking . 92 6.11.2 Adding probabilistic branch negation . 92 6.11.3 Timing.................................. 94 6.12Discussion.................................... 94 6.13Relatedwork .................................. 96 7 Rendezvous: a prototype search engine 99 7.1 Systemarchitecture............................... 99 7.2 Resultsandperformance ............................ 99 7.2.1 Storagerequirements . .102 7.2.2 Performance...............................102 8 Conclusions and future work 103 8.1 Futurework...................................103 7 1 Introduction “You can’t trust code that you did not totally create yourself. (Especially code from companies that employ people like me.)” – Ken Thompson, Reflections
Load more

Recommended publications
  • BACHELOR PAPER Analysis of Mycroft and Rhasspy Open Source
    BACHELOR PAPER Term paper submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Engineering at the University of Applied Sciences Technikum Wien - Degree Program Smart Homes and Assistive Technologies Analysis of Mycroft and Rhasspy Open Source voice assistants By: Carlos Lumbreras Sádaba Supervisor 1: Ing. Martin Deinhofer, M.Sc. Vienna, 2020-22-06 Declaration of Authenticity “As author and creator of this work to hand, I confirm with my signature knowledge of the relevant copyright regulations governed by higher education acts (see Urheberrechtsgesetz/ Austrian copyright law as amended as well as the Statute on Studies Act Provisions / Examination Regulations of the UAS Technikum Wien as amended). I hereby declare that I completed the present work independently and that any ideas, whether written by others or by myself, have been fully sourced and referenced. I am aware of any consequences I may face on the part of the degree program director if there should be evidence of missing autonomy and independence or evidence of any intent to fraudulently achieve a pass mark for this work (see Statute on Studies Act Provisions / Examination Regulations of the UAS Technikum Wien as amended). I further declare that up to this date I have not published the work to hand nor have I presented it to another examination board in the same or similar form. I affirm that the version submitted matches the version in the upload tool.” Sesma, 2020-06-22 Place, Date Signature Kurzfassung Der technologische Fortschritt hat die Sprachsteuerung von Maschinen bzw. intelligenten Geräten für den Durchschnittskonsumenten zugänglich gemacht.
    [Show full text]
  • Ainix: an Open Platform for Natural Language Interfaces to Shell Commands
    AInix: An open platform for natural language interfaces to shell commands Turing Scholars Undergraduate Honors Thesis University of Texas at Austin David Gros Supervised By: Dr. Raymond Mooney Second Reader: Dr. Greg Durrett Departmental Reader: Dr. Robert van de Geijn May 2019 Contents 1 Abstract 3 2 Introduction 4 3 Background and Motivation 6 3.1 Relevant Terms and Concepts . .6 3.2 Currently Available Platforms and Tools . .6 3.2.1 Digital Assistant Platforms . .6 3.2.2 Semantic Parsing Frameworks . .7 3.2.3 Previous Natural Language to Shell Commands Work . .7 3.3 Why Unix Commands? . .8 3.3.1 Brief History of the Unix Shell Commands . .8 4 Platform Architecture 9 4.1 aish . 10 5 AInix Kernel Dataset 10 5.1 Key Features . 10 5.1.1 Many-to-many . 10 5.1.2 Replacers . 12 5.2 The Arche Release . 13 6 AInix Grammar Files 14 6.1 Challenges of Parsing Unix Commands . 16 6.2 Terminology . 16 6.3 Enabling Flexible Parsing . 17 6.4 Limitations . 18 7 Explored Models 19 7.1 Seq2Seq . 19 7.2 Grammar Guided Methods . 20 7.3 Retrieval Based Methods . 20 7.3.1 UNIX-focused contextual embedding . 21 7.3.2 Background . 21 7.3.3 Collecting a code-focused dataset . 21 7.3.4 CookieMonster Model . 22 7.3.4.1 CookieMonster Tokenization Scheme . 22 7.3.4.2 CookieMonster Architecture . 25 7.3.5 Nearest Neighbor Method . 25 1 8 Results and Discussion 26 8.1 Seq2Seq Results . 27 8.2 Grammar Guided Model Results .
    [Show full text]
  • Energy-Aware Interface for Memory Allocation in Linux
    Energy-Aware Interface for Memory Allocation in Linux Lars Rechter, Martin Jensen June 2021 10th Semester The Technical Faculty of IT and Design Department of Computer Science Selma Lagerlöfsvej 300 9220 Aalborg Øst https://www.cs.aau.dk Abstract: In this master thesis, we extend the Linux kernel to support grouping frequently ac- Title: Energy-Aware Interface for cessed (hot) and infrequently accessed Memory Allocation in Linux (cold) data on different memory hardware. By doing this, the memory hardware with Subject: Programming Technology cold data can reduce energy consumption Project period: by going into low power states. We man- Spring 2021 age this separation in the kernel by adding 01/02/2021 - 14/06/2021 an additional zone for cold data, which is adjustable at compile time. Processes can Group No: allocate memory in the cold zone with an pt103f21 extension to the mmap system call. We test the memory layout of our machine Group Members: with the benchmark STREAM, showing Lars Rechter that the modified kernel behaves as desired Martin Jensen in terms of memory separation. Addition- ally, we implement a proof of concept in- Supervisor: memory database to benchmark the power Bent Thomsen consumption and run time performance of Lone Leth Thomsen our modified kernel. The results show a Pages: 78 smaller overhead than expected, but no reduction in power usage. We attribute the unchanged power usage to the memory power management strategy of the mem- ory controller in our test machine. Publication of this report’s contents (including citation) without permission from the authors is prohibited. Summary Computers are faster and more common now than ever, rendering the need to optimise programs, specifically for speed, less prevalent.
    [Show full text]
  • Digole Serial Displays: Driving Digole’S Serial Display in UART, I2C, and SPI Modes with an ODROID-C1+  September 1, 2017
    ODROID-HC1 and ODROID-MC1: Aordable High-Performance And Cloud Computing At Home September 1, 2017 The ODROID-HC1 is a single board computer (SBC) which is an aordable solution for a network attached storage (NAS) server, and the ODROID-MC1 is a simple solution for those who need an aordable and powerful personal cluster. My ODROID-C2 Docker Swarm: Part 1 – Swarm Mode Features September 1, 2017 Docker Swarm mode provides cluster management and service orchestration capabilities including service discovery and service scaling, among other things, using overlay networks and an in-built load balancer respectively. ODROID-XU4 Mainline U-Boot September 1, 2017 Hardkernel is working on a new version of U-Boot for the ODROID-XU4, with many new features and improvements. ODROID Wall Display: Using An LCD Monitor And An ODROID To Show Helpful Information September 1, 2017 A wall monitor is an eective method of passively delivering a constant stream of information. Rather than purchasing a digital picture frame that is not only expensive, but is also small with limited functionality, why not use a computer monitor or TV screen with an ODROID to display photos, weather Linux Gaming: Fanboy Part 2 – I am a Sega Fanboy! September 1, 2017 In the 1980s and 1990s, Nintendo and Sega fought to dominate the console market. While both had similar products, there were still some major dierences. If you compare their earlier products, the Nintendo Entertainment System (NES) and Sega Master System (SMS), and Game Boy/Game Boy Color (GB/GBC) and Game Gear Home Assistant: Customization and Automations September 1, 2017 Advanced topics related to Home Assistant (HA) using in-depth steps, allowing you to maximize the use of Home Assistant, and also help with experimentation.
    [Show full text]
  • Reverse Software Engineering As a Project-Based Learning Tool
    Paper ID #33764 Reverse Software Engineering as a Project-Based Learning Tool Ms. Cynthia C. Fry, Baylor University CYNTHIA C. FRY is currently a Senior Lecturer of Computer Science at Baylor University. She worked at NASA’s Marshall Space Flight Center as a Senior Project Engineer, a Crew Training Manager, and the Science Operations Director for STS-46. She was an Engineering Duty Officer in the U.S. Navy (IRR), and worked with the Naval Maritime Intelligence Center as a Scientific/Technical Intelligence Analyst. She was the owner and chief systems engineer for Systems Engineering Services (SES), a computer systems design, development, and consultation firm. She joined the faculty of the School of Engineering and Computer Science at Baylor University in 1997, where she teaches a variety of engineering and computer science classes, she is the Faculty Advisor for the Women in Computer Science (WiCS), the Director of the Computer Science Fellows program, and is a KEEN Fellow. She has authored and co- authored over fifty peer-reviewed papers. Mr. Zachary Michael Steudel Zachary Steudel is a 2021 graduate of Baylor University’s computer science department. In his time at Baylor, he worked as a Teaching Assistant under Ms. Cynthia C. Fry. As part of the Teaching Assistant role, Zachary designed and created the group project for the Computer Systems course. Zachary Steudel worked as a Software Developer Intern at Amazon in the Summer of 2019, a Software Engineer Intern at Microsoft in the Summer of 2020, and begins his full-time career with Amazon in the summer of 2021 as a software engineer.
    [Show full text]
  • Reverse Engineering Digital Forensics Rodrigo Lopes October 22, 2006
    Reverse Engineering Digital Forensics Rodrigo Lopes October 22, 2006 Introduction Engineering is many times described as making practical application of the knowledge of pure sciences in the solution of a problem or the application of scientific and mathematical principles to develop economical solutions to technical problems, creating products, facilities, and structures that are useful to people. What if the opposite occurs? There is some product that may be a solution to some problem but the inner workings of the solution or even the problem it addresses may be unknown. Reverse engineering is the process of analyzing and understanding a product which functioning and purpose are unknown. In Computer Science in particular, reverse engineering may be defined as the process of analyzing a system's code, documentation, and behavior to identify its current components and their dependencies to extract and create system abstractions and design information. The subject system is not altered; however, additional knowledge about the system is produced. The definition of Reverse Engineering is not peaceful though, especially when it concerns to court and lawsuits. The Reverse Engineering of products protected by copyrighting may be a crime, even if no code is copied. From the software companies’ point of view, Reverse Engineering is many times defined as “Analyzing a product or other output of a process in order to determine how to duplicate the know-how which has been used to create a product or process”. Scope and Goals In the Digital Forensics’ scope, reverse engineering can directly be applied to analyzing unknown and suspicious code in the system, to understand both its goal and inner functioning.
    [Show full text]
  • X86 Disassembly Exploring the Relationship Between C, X86 Assembly, and Machine Code
    x86 Disassembly Exploring the relationship between C, x86 Assembly, and Machine Code PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information. PDF generated at: Sat, 07 Sep 2013 05:04:59 UTC Contents Articles Wikibooks:Collections Preface 1 X86 Disassembly/Cover 3 X86 Disassembly/Introduction 3 Tools 5 X86 Disassembly/Assemblers and Compilers 5 X86 Disassembly/Disassemblers and Decompilers 10 X86 Disassembly/Disassembly Examples 18 X86 Disassembly/Analysis Tools 19 Platforms 28 X86 Disassembly/Microsoft Windows 28 X86 Disassembly/Windows Executable Files 33 X86 Disassembly/Linux 48 X86 Disassembly/Linux Executable Files 50 Code Patterns 51 X86 Disassembly/The Stack 51 X86 Disassembly/Functions and Stack Frames 53 X86 Disassembly/Functions and Stack Frame Examples 57 X86 Disassembly/Calling Conventions 58 X86 Disassembly/Calling Convention Examples 64 X86 Disassembly/Branches 74 X86 Disassembly/Branch Examples 83 X86 Disassembly/Loops 87 X86 Disassembly/Loop Examples 92 Data Patterns 95 X86 Disassembly/Variables 95 X86 Disassembly/Variable Examples 101 X86 Disassembly/Data Structures 103 X86 Disassembly/Objects and Classes 108 X86 Disassembly/Floating Point Numbers 112 X86 Disassembly/Floating Point Examples 119 Difficulties 121 X86 Disassembly/Code Optimization 121 X86 Disassembly/Optimization Examples 124 X86 Disassembly/Code Obfuscation 132 X86 Disassembly/Debugger Detectors 137 Resources and Licensing 139 X86 Disassembly/Resources 139 X86 Disassembly/Licensing 141 X86 Disassembly/Manual of Style 141 References Article Sources and Contributors 142 Image Sources, Licenses and Contributors 143 Article Licenses License 144 Wikibooks:Collections Preface 1 Wikibooks:Collections Preface This book was created by volunteers at Wikibooks (http:/ / en.
    [Show full text]
  • Deliverable 2.2 Digital Intelligent Assistant Core for Manufacturing Demonstrator – Version 1
    Grant: 957296 Call: H2020-ICT-2020-1 Topic: ICT-38-2020 Type: RIA Duration: 01.10.2020 – 30.09.2023 Deliverable 2.2 Digital intelligent assistant core for manufacturing demonstrator – version 1 Lead Beneficiary: BIBA Type of Deliverable: Demonstrator Dissemination Level: Public Submission Date: 14.07.2021 Version: 1.0 This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 957296. PUBLIC Versioning and contribution history Version Description Contributions 0.1 Initial version BIBA 0.3 Initial descriptions BIBA 0.4 Security mechanisms for Mycroft core and Mobile App UBI 0.7 Component descriptions added and scenario outlined BIBA 0.9 First complete draft BIBA 1.0 Final version BIBA Reviewers Name Organisation Konstantinos Grevenitis Holonix Disclaimer This document contains only the author's view and that the Commission is not responsible for any use that may be made of the information it contains. Copyright COALA Consortium 2020-2023 Page 2 of 28 PUBLIC Table of Contents 1 Introduction .....................................................................................................................6 1.1 Purpose and Objectives ...........................................................................................6 1.2 Approach ..................................................................................................................6 1.3 Relation to other WPs and Tasks .............................................................................6
    [Show full text]
  • Binary Disassembly Block Coverage by Symbolic Execution Vs
    Air Force Institute of Technology AFIT Scholar Theses and Dissertations Student Graduate Works 3-22-2012 Binary Disassembly Block Coverage by Symbolic Execution vs. Recursive Descent Jonathan D. Miller Follow this and additional works at: https://scholar.afit.edu/etd Part of the Information Security Commons Recommended Citation Miller, Jonathan D., "Binary Disassembly Block Coverage by Symbolic Execution vs. Recursive Descent" (2012). Theses and Dissertations. 1138. https://scholar.afit.edu/etd/1138 This Thesis is brought to you for free and open access by the Student Graduate Works at AFIT Scholar. It has been accepted for inclusion in Theses and Dissertations by an authorized administrator of AFIT Scholar. For more information, please contact [email protected]. BINARY DISASSEMBLY BLOCK COVERAGE BY SYMBOLIC EXECUTION VS. RECURSIVE DESCENT THESIS Jonathan D. Miller, Second Lieutenant, USAF AFIT/GCO/ENG/12-09 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE INSTITUTE OF TECHNOLOGY Wright-Patterson Air Force Base, Ohio APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED The views expressed in this thesis are those of the author and do not reflect the official policy or position of the United States Air Force, the Department of Defense, or the United States Government. This material is declared a work of the U.S. Government and is not subject to copyright protection in the United States AFIT/GCO/ENG/12-09 BINARY DISASSEMBLY BLOCK COVERAGE BY SYMBOLIC EXECUTION VS. RECURSIVE DESCENT THESIS Presented to the Faculty Department of Electrical and Computer Engineering Graduate School of Engineering and Management Air Force Insitute of Technology Air University Air Education and Training Command in Partial Fulfillment of the Requirements for the Degree of Master of Science Jonathan D.
    [Show full text]
  • D2.1: State-Of-The-Art Survey
    CARP D2.1: State-of-the-Art Survey Grant Agreement: 287767 Project Acronym: CARP Project Name: Correct and Efficient Accelerator Programming Instrument: Small or medium scale focused research project (STREP) Thematic Priority: Alternative Paths to Components and Systems Start Date: 1 December 2011 Duration: 36 months Document Type1: D (Deliverable) Document Distribution2: PU (Public) Document Code3: CARP-ICL-RP-004 Version: v1.15 Editor (Partner): J. Ketema (ICL) Contributors: ARM, ENS, ICL, MONO, REAL, RIGHT, RWTHA, UT Workpackage(s): WP2 Reviewer(s): A. Cohen (ENS), J. Dubreil (MONO), M. Huisman (UT) Due Date: 31 May 2012 Submission Date: 31 May 2012 Number of Pages: 97 1MD = management document; TR = technical report; D = deliverable; P = published paper; CD = communication/dissemination. 2PU = Public; PP = Restricted to other programme participants (including the Commission Services); RE = Restricted to a group specified by the consortium (including the Commission Services); CO = Confidential, only for members of the consortium (including the Commission Services). 3This code is constructed as described in the Project Handbook. Copyright c 2012 by the CARP Consortium. D2.1: State-of-the-ArtCARP Survey J. Ketema3 (Editor) D. Mansell1, T. Glauert1, A. Lokhmotov1 (Chapter 3) A. Cohen2 (Chapter 4) A. Betts3 C. Dehnert7 D. Distefano4 F. Gretz7 J.-P. Katoen7 A. Lokhmotov1 (Chapter 5) A.F. Donaldson3 D. Distefano4 M. Huisman8 C. Jansen7 J. Ketema3 M. Mihelciˇ c´8 (Chapter 6) E. Hajiyev5 D. Takacs5 T. Virolainen6 (Chapter 7) 1ARM 2ENS 3ICL 4MONO 5REAL 6RIGHT 7RWTHA 8UT REVISION HISTORY Date Version Author Modification 2 May 2012 1.0 J. Ketema (ICL) Initial setup of LATEX document 10 May 2012 1.1 J.
    [Show full text]
  • Reverse Engineering of a Malware
    REVERSE ENGINEERING OF A MALWARE EYEING THE FUTURE OF SECURITY A Thesis Presented to The Graduate Faculty of The University of Akron In Partial Fulfillment of the Requirements for the Degree Master of Science Supreeth Burji August, 2009 REVERSE ENGINEERING OF A MALWARE EYEING THE FUTURE OF SECURITY Supreeth Burji Thesis Approved: Accepted: ________________________________ ________________________________ Advisor Department Chair Dr. Kathy J. Liszka Dr. Chien-Chung Chan ________________________________ ________________________________ Faculty Reader Dean of the College Dr. Timothy W. O'Neil Dr. Chand Midha ________________________________ ________________________________ Faculty Reader Dean of the Graduate School Dr. Wolfgang Pelz Dr. George R. Newkome ________________________________ Date ii ABSTRACT Reverse engineering malware has been an integral part of the world of security. At best it has been employed for signature logging malware until now. Since the evolution of new age technologies, this is now being researched as a robust methodology which can lead to more reactive and proactive solutions to the modern security threats that are growing stronger and more sophisticated. This research in its entirety has been an attempt to understand the in and outs of reverse engineering pertaining to malware analysis, with an eye to the future trends in security. Reverse engineering of malware was done with Nugache P2P malware as the target showing that signature based malware identification is ineffective. Developing a proactive approach to quickly identifying malware was the objective that guided this research work. Innovative malware analysis techniques with data mining and rough sets methodologies have been employed in this research work in the quest of a proactive and feasible security solution.
    [Show full text]
  • Linux Installation and Getting Started
    Linux Installation and Getting Started Copyright c 1992–1996 Matt Welsh Version 2.3, 22 February 1996. This book is an installation and new-user guide for the Linux system, meant for UNIX novices and gurus alike. Contained herein is information on how to obtain Linux, installation of the software, a beginning tutorial for new UNIX users, and an introduction to system administration. It is meant to be general enough to be applicable to any distribution of the Linux software. This book is freely distributable; you may copy and redistribute it under certain conditions. Please see the copyright and distribution statement on page xiii. Contents Preface ix Audience ............................................... ix Organization.............................................. x Acknowledgments . x CreditsandLegalese ......................................... xii Documentation Conventions . xiv 1 Introduction to Linux 1 1.1 About This Book ........................................ 1 1.2 A Brief History of Linux .................................... 2 1.3 System Features ......................................... 4 1.4 Software Features ........................................ 5 1.4.1 Basic commands and utilities ............................. 6 1.4.2 Text processing and word processing ......................... 7 1.4.3 Programming languages and utilities .......................... 9 1.4.4 The X Window System ................................. 10 1.4.5 Networking ....................................... 11 1.4.6 Telecommunications and BBS software .......................
    [Show full text]