a gpu based x86 disassembler
play

A GPU-based x86 Disassembler ISC 2015 Evangelos Ladakis , Giorgos - PowerPoint PPT Presentation

Feb 01, 2023 •210 likes •513 views

GPU-Disasm: A GPU-based x86 Disassembler ISC 2015 Evangelos Ladakis , Giorgos Vasiliadis, Michalis Polychronakis, Sotiris Ioannidis, George Portokalidis First Impressions Evangelos Ladakis - FORTH 2 First Impressions Evangelos Ladakis -

  1. GPU-Disasm: A GPU-based x86 Disassembler ISC 2015 Evangelos Ladakis , Giorgos Vasiliadis, Michalis Polychronakis, Sotiris Ioannidis, George Portokalidis

  2. First Impressions Evangelos Ladakis - FORTH 2

  3. First Impressions Evangelos Ladakis - FORTH 3

  4. First Impressions Evangelos Ladakis - FORTH 4

  5. Outline • Background • Architecture • Optimization • Evaluation • Conclusion Evangelos Ladakis - FORTH 5

  6. Disassembly Software Reverse Engineering • Mandatory when source code is not available o Bad guys • Find vulnerabilities • Bypass protection mechanisms o Good guys • Find malicious code • Debug and patching • Apply protection mechanisms • Techniques o Linear o Recursive Evangelos Ladakis - FORTH 6

  7. Binary Stores • Large number of binaries • 1.6 million Google play • 1.5 million app store • Updated occasionally From a security aspect: • Analysis time and cost are essential Evangelos Ladakis - FORTH 7

  8. Motivation • How can we build a fast and cheap Disassembler for large scale analysis? • Can we use GPU’s to accelerate the decoding process? • Why GPUs? Evangelos Ladakis - FORTH 8

  9. General-Purpose Programming on GPUs (GPGPU) • Powerful co-processors for General Purpose Programming • Commodity hardware, relative cheap • Compute capabilities increasing • Familiar API CUDA and OpenCl Evangelos Ladakis - FORTH 9

  10. GPU memory model Evangelos Ladakis - FORTH 10

  11. X86-ISA • CISC architecture • 1~15 Bytes instructions Why x86? • Widely used • More challenges to address • Applying to RISC is easier Evangelos Ladakis - FORTH 11

  12. GPU-Disasm Arch. GPU-based Disassembler of the x86 architecture Two modes: • Linear disassembly o Each thread is assigned a binary • Exhaustive disassembly o Each thread decodes one instruction of the same binary but from a different offset Evangelos Ladakis - FORTH 12

  13. Challenges • Arbitrary accesses to Global o X86 nature • Load balancing and correctness o Utilize threads fairly with same size buffers o Start disassembling where we left • Large number of static and constant values o Fast memory interfaces are small in capacity o Store the most frequently used Evangelos Ladakis - FORTH 13

  14. GPU-Disasm Arch. GPU-Disasm Components: How to achieve high performance:  Optimize transfers  Optimize the Disassembly process  Pipeline the operations Evangelos Ladakis - FORTH 14

  15. PCI Throughput • PCI 3.0 throughput evaluation Evangelos Ladakis - FORTH 15

  16. PCI Throughput • Maximum throughput on 16MB of data Evangelos Ladakis - FORTH 16

  17. Optimize Transfers 1. Pre-allocate page-locked I/O buffers to the host ( cudaMallocHost) 2. Place I/O to single buffers o Greater of 16 MB for PCI max throughput 3. Minimize the PCI transfer API calls Evangelos Ladakis - FORTH 17

  18. Optimize Disassembly • Store Look-up-tables to Constant & Shared mem. • Pre-fetch input data to registers • Improve cache hits in L2 o Divide input into small buffers o Move threads as groups inside memory Evangelos Ladakis - FORTH 18

  19. Correctness • We keep a copy of old decoded bytes and the upcomming bytes • So that we can continue decoding where we left Evangelos Ladakis - FORTH 19

  20. Evaluation • Implementation in CUDA • System: o GPU: NVIDIA GTX 770 $396 o CPU: intel i7 $305 o Total cost $1120 • Dataset from usr of ubuntu 12.04 • Performance measured in Lines/sec Evangelos Ladakis - FORTH 20

  21. Disassemblers Evaluation • Single threaded, discard disk I/O • Performance divergence due to output construction Evangelos Ladakis - FORTH 21

  22. GPU-Disasm on crafted bins Buffer Size (Bytes) Average Hit Rate % (L1 to L2) 16 58.7 32 53.65 64 45.26 • Decode 2 Bytes Instructions • Impact of L2 optimization o 25.85 % more performance Evangelos Ladakis - FORTH 22

  23. GPU-Disasm on Binaries Comparing only the disassembly process Evangelos Ladakis - FORTH 23

  24. GPU-Disasm on Binaries Comparing only the disassembly process • Linear disassembly 2 times faster • Exhaustive average 4.4 times faster Evangelos Ladakis - FORTH 24

  25. Pipeline Components • After 1024 batch size, disassembly becomes the bottleneck Evangelos Ladakis - FORTH 25

  26. Hybrid (CPU & GPU) • Hybrid has 7 CPU threads and the GPU o 1 thread is needed as the GPU controller Evangelos Ladakis - FORTH 26

  27. Power evaluation • Metrics include CPU, RAM, and peripherals power consumption o Measured internally with sensors Evangelos Ladakis - FORTH 27

  28. Conclusion • Presented a GPU-based implementation of an x86 disassembler • 2 times faster in linear disassembly and 4.4 in exhaustive • Similar power consumption with the CPU implementation Evangelos Ladakis - FORTH 28

  29. Thank you Evangelos Ladakis - FORTH 29

Recommend

Medusa A disassembler and something more... Angelin Njakasoa BOOZ LSE Summer Week 2016

Medusa A disassembler and something more... Angelin Njakasoa BOOZ LSE Summer Week 2016

Medusa A disassembler and something more... Angelin Njakasoa BOOZ LSE Summer Week 2016 Quarkslab Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 1 / 20 Presentation Whoami? Where do I work? What do I do? Angelin

453 views • 20 slides
Binarylevel program analysis: Static Disassembly Gang Tan CSE 597 Spring 2019 Penn State

Binarylevel program analysis: Static Disassembly Gang Tan CSE 597 Spring 2019 Penn State

Binarylevel program analysis: Static Disassembly Gang Tan CSE 597 Spring 2019 Penn State University 3 Disassemblers Disassembler Convert machine code in a binary file into assembly code or code in an equivalent IR Assume a

514 views • 26 slides
Simulation of OpenCL and APUs on Multi2Sim 4.1 Rafael Ubal, David Kaeli Conference title 1

Simulation of OpenCL and APUs on Multi2Sim 4.1 Rafael Ubal, David Kaeli Conference title 1

Simulation of OpenCL and APUs on Multi2Sim 4.1 Rafael Ubal, David Kaeli Conference title 1 Outline Introduction Simulation methodology Part 1 Simulation of an x86 CPU Part 2 Simulation of a Southern Islands GPU Disassembler OpenCL

913 views • 73 slides
HITB 2009 Metasm Debugger Analysis of a protection Compiler Decompilation Disassembler Plan

HITB 2009 Metasm Debugger Analysis of a protection Compiler Decompilation Disassembler Plan

Binary deprotection with metasm and stuff Alexandre Gazet Yoann Guillot Sogeti / ESEC R&D Sogeti / ESEC R&D alexandre.gazet(at)sogeti.com yoann.guillot(at)sogeti.com HITB 2009 Metasm Debugger Analysis of a protection Compiler

767 views • 59 slides
Lecture 3: reflex-based, model-based, goal-based, utility-based, learning-based Systematic

Lecture 3: reflex-based, model-based, goal-based, utility-based, learning-based Systematic

CS440/ECE448: Intro to Artificial Intelligence Review Different kinds of agents: Lecture 3: reflex-based, model-based, goal-based, utility-based, learning-based Systematic search How do we evaluate agents? External

522 views • 13 slides
Landmark Landmark-based routing based routing Landmark Landmark-based routing based routing

Landmark Landmark-based routing based routing Landmark Landmark-based routing based routing

Landmark Landmark-based routing based routing Landmark Landmark-based routing based routing [Kleinberg04] J. Kleinberg, A. Slivkins, T. Wexler. Triangulation and Embedding using Small Sets of Beacons. Proc. 45th IEEE Symposium on Foundations of

450 views • 32 slides
Detecting Attacks Anomaly-based Detection Signature-based Signature-based (Misuse)

Detecting Attacks Anomaly-based Detection Signature-based Signature-based (Misuse)

Detecting Attacks Anomaly-based Detection Signature-based Signature-based (Misuse) Detection Intrusion Detection Host-based Network-based Boriana Ditcheva and Lisa Fowler Active/Passive University of North Carolina at

401 views • 12 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
Designing and Developing Person-Based and Topic-Based Person-Based and Topic-Based Data

Designing and Developing Person-Based and Topic-Based Person-Based and Topic-Based Data

Designing and Developing Person-Based and Topic-Based Person-Based and Topic-Based Data Collection Instruments Emily A. Johnson Thomas C Melaney Thomas C. Melaney US Census Bureau, USA Summary The American Community Survey (ACS) tests

202 views • 16 slides
Integrated Approach of Risk-based Compliance-based Performance-based Audit and Surveillance

Integrated Approach of Risk-based Compliance-based Performance-based Audit and Surveillance

Civil Aviation Department The Government of the Hong Kong Special Administrative Region Integrated Approach of Risk-based Compliance-based Performance-based Audit and Surveillance Programme George WAI, Airworthiness Officer Flight Standards

394 views • 26 slides
Example-Based Skeleton Extraction Scott Schaefer Can Yuksel Example-Based Deformation Examples

Example-Based Skeleton Extraction Scott Schaefer Can Yuksel Example-Based Deformation Examples

Example-Based Skeleton Extraction Scott Schaefer Can Yuksel Example-Based Deformation Examples Previous Work Mesh-based Inverse Kinematics [Sumner et al. 2005], [Der et al. 2006] Example-based deformation method Non-linear

773 views • 59 slides
<draft-lee-ce-based-vpl-00.txt> 54 th IETF PPVPN WG Cheng-Yin.Lee@alcatel.com

<draft-lee-ce-based-vpl-00.txt> 54 th IETF PPVPN WG Cheng-Yin.Lee@alcatel.com

<draft-lee-ce-based-vpl-00.txt> 54 th IETF PPVPN WG Cheng-Yin.Lee@alcatel.com Mitsuru.Higashiyama@yy.anritsu.co.jp <draft-lee-ce-based-vpl-00.txt> Martini RFC2547 PE-based Kompella VPLS VR CE-based site-to-site CE-based VPL

233 views • 10 slides
Approaches Based on guided code generation Based on exploring existing code Based on

Approaches Based on guided code generation Based on exploring existing code Based on

Approaches Based on guided code generation Based on exploring existing code Based on spreadsheet interaction Using R for teaching statistics to nonmajors: Comparing experiences of 2.5 different approaches Thomas Baier University of

639 views • 7 slides
Integrating Workload Specification and Extraction for Model- Based and Measurement-Based

Integrating Workload Specification and Extraction for Model- Based and Measurement-Based

Stuttgart, Germany, 2014-11-27 Integrating Workload Specification and Extraction for Model- Based and Measurement-Based Performance Evaluation An Approach for Session-Based Software Systems Andr van Hoorn, Christian Vgele Eike Schulz,

1.02k views • 29 slides
Why Use Performance Based Contracting Performance Measure vs Performance Based Contracting

Why Use Performance Based Contracting Performance Measure vs Performance Based Contracting

Why Use Performance Based Contracting Performance Measure vs Performance Based Contracting Used to Achieve Agency Goals & Objectives Outcome Based Service Intended to Drive Contractor Behavior Penalties Must be Reasonable:

52 views • 4 slides
Reuse-based & Choreography-based Distributed Systems Reuse-based Software Engineering

Reuse-based & Choreography-based Distributed Systems Reuse-based Software Engineering

Reuse-based & Choreography-based Distributed Systems Reuse-based Software Engineering Distributed Systems Mar Marco Autili BPMN2 Choreographies basics University of LAquila Invited Seminar Lecture 1 Course: Advanced

724 views • 59 slides
Knowledge Based Bio-based Products' Pre-Standardization Stakeholder Workshop

Knowledge Based Bio-based Products' Pre-Standardization Stakeholder Workshop

Knowledge Based Bio-based Products' Pre-Standardization Stakeholder Workshop Expectations, hurdles and acceptance of bio-based certification methodologies nova-Institut GmbH 1 Certification system for chemicals produced

55 views • 5 slides
Risk-Based Coding and Reimbursement What is Risk-Based Coding? Risk-Based Coding Overview A

Risk-Based Coding and Reimbursement What is Risk-Based Coding? Risk-Based Coding Overview A

Risk-Based Coding and Reimbursement What is Risk-Based Coding? Risk-Based Coding Overview A diagnosis coding methodology utilized in risk adjustment models to adjust cost for all patients within a health plan or group Risk

385 views • 23 slides
Work-based Learning Why Now and Where to? Work rk-based Le Learnin ing: : Why Now? Interest

Work-based Learning Why Now and Where to? Work rk-based Le Learnin ing: : Why Now? Interest

Work-based Learning Why Now and Where to? Work rk-based Le Learnin ing: : Why Now? Interest in work-based learning driven by research suggesting potential to benefit. Individuals Firms States Higher earnings

457 views • 11 slides
Why attribute-based signatures? The kind of authentication required in an attribute-based system

Why attribute-based signatures? The kind of authentication required in an attribute-based system

Attribute-Based Signatures Hemanta K. Maji Manoj Prabhakaran Mike Rosulek November 22, 2010 Abstract We introduce Attribute-Based Signatures (ABS) , a versatile primitive that allows a party to sign a message with fine-grained

864 views • 35 slides
SDR-BASED APRS TRACKER SDR-BASED APRS TRACKER INTRODUCTION What APRS application to aid

SDR-BASED APRS TRACKER SDR-BASED APRS TRACKER INTRODUCTION What APRS application to aid

EOSS PRESENTATION SDR-BASED APRS TRACKER SDR-BASED APRS TRACKER INTRODUCTION What APRS application to aid trackers in payload recovery Primary Features Software based (no traditional radios) Simultaneous reception of multiple

649 views • 5 slides
Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based

Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based

Contents Background Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based Signature Conclusion Manik Lal Das DA-IICT, Gandhinagar, India About DA-IICT and Our Group DA-IICT is a private university,

563 views • 35 slides
What is a good pen based application? The windows desktop and browser are HCI For Pen Based

What is a good pen based application? The windows desktop and browser are HCI For Pen Based

What is a good pen based application? The windows desktop and browser are HCI For Pen Based Computing NOT good pen based apps! Richard Anderson CSE 481 B Winter 2007 What is a good UI? How do you measure it? Mechanical Properties

208 views • 8 slides
Why Use Portfolios / Rubric Based Projects and Project Based Learning? Activities are tailored

Why Use Portfolios / Rubric Based Projects and Project Based Learning? Activities are tailored

Rachel Schles NCDB 7/18/2018 Handout 1 Page 1 of 6 Raschles@gmail.com Why Use Portfolios / Rubric Based Projects and Project Based Learning? Activities are tailored to student needs (based on data collected in EA/ECC Screening Tools,

185 views • 6 slides

More recommend