Who Watches the Watchmen: A Security-focused Review on Current State-of-the-art Techniques, Tools, and Methods for Systems and Binary Analysis on Modern Platforms

Botacin Marcus; de Geus Paulo Licio; Gregio Andre

首页> 外文期刊>ACM Computing Surveys >Who Watches the Watchmen: A Security-focused Review on Current State-of-the-art Techniques, Tools, and Methods for Systems and Binary Analysis on Modern Platforms

【24h】

Who Watches the Watchmen: A Security-focused Review on Current State-of-the-art Techniques, Tools, and Methods for Systems and Binary Analysis on Modern Platforms

机译：谁来监视守望者：有关当前系统的最新技术，工具和方法以及现代平台上的二进制分析的以安全为中心的评论

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Malicious software, a threat users face on a daily basis, have evolved from simple bankers based on social engineering to advanced persistent threats. Recent research and discoveries reveal that malware developers have been using a wide range of anti-analysis and evasion techniques, in-memory attacks, and system subversion, including BIOS and hypervisors. In addition, code-reuse attacks like Returned Oriented Programming emerge as highly potential remote code execution threats. To counteract the broadness of malicious codes, distinct techniques and tools have been proposed, such as transparent malware tracers, system-wide debuggers, live forensics tools, and isolated execution rings. In this work, we present a survey on state-of-the-art techniques that detect, mitigate, and analyze the aforementioned attacks. We show approaches based on Hardware Virtual Machines introspection, System Management Mode instrumentation, Hardware Performance Counters, isolated rings (e.g., Software Guard eXtensions), as well as others based on external hardware. We also discuss upcoming threats based on the very same technologies used for defense. Our main goal is to provide the reader with a broader, more comprehensive understanding of recently surfaced tools and techniques aiming at binary analysis for modern platforms.

机译：恶意软件（用户每天要面对的威胁）已经从基于社会工程的简单银行家演变为高级持续威胁。最近的研究和发现表明，恶意软件开发人员一直在使用各种各样的反分析和规避技术，内存中的攻击以及包括BIOS和虚拟机管理程序的系统颠覆。此外，诸如“返回定向编程”之类的代码重用攻击是高度潜在的远程代码执行威胁。为了抵消恶意代码的广泛性，已经提出了不同的技术和工具，例如透明的恶意软件跟踪器，系统范围的调试器，实时取证工具和隔离的执行环。在这项工作中，我们提供了有关检测，缓解和分析上述攻击的最新技术的调查。我们展示了基于硬件虚拟机自省，系统管理模式检测，硬件性能计数器，隔离环（例如Software Guard eXtensions）以及基于外部硬件的其他方法。我们还将基于用于防御的相同技术来讨论即将到来的威胁。我们的主要目标是为读者提供更广泛，更全面的了解，以针对现代平台进行二进制分析为目的，最近出现的工具和技术。

著录项

来源
《ACM Computing Surveys》 |2018年第4期|69.1-69.34|共34页
作者
Botacin Marcus; de Geus Paulo Licio; Gregio Andre;
展开▼
作者单位

Univ Estadual Campinas Campinas SP Brazil|Ave Albert Einstein 1251 Cidade Univ Zeferino Vaz BR-13083852 Campinas SP Brazil;

Univ Fed Parana Curitiba Parana Brazil|Rua Evaristo FF da Costa 383-391 Jardim Amer BR-80050540 Curitiba PR Brazil;

展开▼
收录信息美国《科学引文索引》(SCI);美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
Binary analysis; malware; security; HVM; SMM; introspection;

机译：二元分析;恶意软件;安全;HVM;SMM;内省;

相似文献

外文文献
专利

1. Open Systems Pharmacology: An open source platform for joint development, exchange, review, qualification, and application of state-of-the-art tools and models for PBPK and Systems Pharmacology [J] . Hobe Martin Journal of pharmacokinetics and pharmacodynamics . 2017,第Suppla期

机译：开放系统药理学：用于联合开发，交换，审查，资格和最先进的工具和PBPK和系统药理学的模型的开源平台
2. The State-of-the-Art Review on Applications of Intrusive Sensing,Image Processing Techniques,and Machine Learning Methods in Pavement Monitoring and Analysis [J] . Yue Hou, Qiuhan Li, Chen Zhang, 工程（英文） . 2021,第006期

机译：The State-of-the-Art Review on Applications of Intrusive Sensing,Image Processing Techniques,and Machine Learning Methods in Pavement Monitoring and Analysis
3. The State-of-the-Art Review on Applications of Intrusive Sensing,Image Processing Techniques,and Machine Learning Methods in Pavement Monitoring and Analysis [J] . Yue Hou, Qiuhan Li, Chen Zhang, 工程（英文） . 2021,第006期

机译：The State-of-the-Art Review on Applications of Intrusive Sensing,Image Processing Techniques,and Machine Learning Methods in Pavement Monitoring and Analysis
4. State-of-the-art tools and techniques for quantitative modeling and analysis of embedded systems [C] . Bozga M. Design, Automation amp; Test in Europe Conference amp; Exhibition (DATE), 2012 . 2012

机译：用于嵌入式系统定量建模和分析的最新工具和技术
5. Landslide Detection Using Remote Sensing Methods A Review of Current Techniques [D] . Byrraju, Sumanth Varma. 2019

机译：基于遥感的滑坡检测技术综述
6. State-of-the-Art Methods for Skeletal Muscle Glycogen Analysis in Athletes—The Need for Novel Non-Invasive Techniques [O] . Jacob Greene, Julien Louis, Olga Korostynska, 2017

机译：运动员骨骼肌糖原原分析的最新方法—对新型无创技术的需求
7. State-of-the-art tools and techniques for quantitative modeling and analysis of embedded systems [O] . Bozga, Marius, David, Alexandre, Hartmanns, Arnd, 2012

机译：用于嵌入式系统定量建模和分析的最新工具和技术
8. State-of-the-Art Review and Annotated Bibliography of Systems Analysis Techniques Applied to Reservoir Operation [R] . Wurbs, R. A. , Tibbets, M. N. , Cabezas, L. M. , 1985

机译：应用于水库运行的系统分析技术的最新评论和注释书目

Who Watches the Watchmen: A Security-focused Review on Current State-of-the-art Techniques, Tools, and Methods for Systems and Binary Analysis on Modern Platforms

摘要

著录项

相似文献

相关主题

期刊订阅