dbi for computer security uses and comparative
play

DBI for Computer Security: Uses and Comparative Juan Antonio Artal , - PowerPoint PPT Presentation

DBI for Computer Security: Uses and Comparative Juan Antonio Artal , Ricardo J. Rodr guez , Jos e Merseguer All wrongs reversed jaartal@gmail.com , rjrodriguez@fi.upm.es, jmerse@unizar.es @RicardoJRdez


  1. DBI for Computer Security: Uses and Comparative Juan Antonio Artal ‡ , Ricardo J. Rodr´ ıguez † , Jos´ e Merseguer ‡ � All wrongs reversed jaartal@gmail.com , rjrodriguez@fi.upm.es, jmerse@unizar.es @RicardoJRdez ※ www.ricardojrodriguez.es ‡ Universidad de Zaragoza † Universidad Polit´ ecnica de Madrid Madrid, Spain Zaragoza, Spain June 21th, 2013 3 rd Edition of Hack in Paris Sequoia Lodge Hotel, Disneyland Paris

  2. $ whoami $ whoami J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 2 / 44

  3. $ whoami $ whoami J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 2 / 44

  4. $ whoami $ whoami J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 2 / 44

  5. $ whoami $ whoami J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 2 / 44

  6. $ whoami $ whoami J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 2 / 44

  7. $ whoami $ whoami CLS member since early beginnings (2000) Ph.D.student at University of Zaragoza Working currently for Technical University of Madrid Performance analysis of complex systems Secure software engineering Fault-Tolerant systems (design and analysis) Malware analysis (techniques and relative stuff) Safety analysis in component-based systems J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 2 / 44

  8. $ whoami $ whoami CLS member since early beginnings (2000) Ph.D.student at University of Zaragoza Working currently for Technical University of Madrid Performance analysis of complex systems Secure software engineering Fault-Tolerant systems (design and analysis) Malware analysis (techniques and relative stuff) Safety analysis in component-based systems My Ph.D. viva is next Monday! Cross fingers!! ¨ ⌣ J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 2 / 44

  9. Development Code License Development Code License GPL v3 ( http://gplv3.fsf.org/ ) Intel Open Source License ( http://opensource.org/licenses/ intel-open-source-license.html ) Specified in each source file Source available at http://webdiis.unizar.es/~ricardo/files/ HIP2013.tar.gz (VS2008 project + this slides) J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 3 / 44

  10. Development Code License Development Code License GPL v3 ( http://gplv3.fsf.org/ ) Intel Open Source License ( http://opensource.org/licenses/ intel-open-source-license.html ) Specified in each source file Source available at http://webdiis.unizar.es/~ricardo/files/ HIP2013.tar.gz (VS2008 project + this slides) no add-ons. . . trust me ¨ ⌣ J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 3 / 44

  11. Agenda Outline An Introduction to DBI 1 What (the hell) is Dynamic Binary Instrumentation (DBI)? How does DBI work? Uses of DBI in Computer Security DBI Frameworks 2 DBI Framework: What is? Types of DBI frameworks Analysis and Comparative Applying DBI to Computer Security. . . 3 Developing DBAs with Pin: Pintools DBI vulnerability search Taint analysis Reverse Engineering Conclusions and Acknowledgments 4 J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 4 / 44

  12. An Introduction to DBI Outline An Introduction to DBI 1 What (the hell) is Dynamic Binary Instrumentation (DBI)? How does DBI work? Uses of DBI in Computer Security DBI Frameworks 2 DBI Framework: What is? Types of DBI frameworks Analysis and Comparative Applying DBI to Computer Security. . . 3 Developing DBAs with Pin: Pintools DBI vulnerability search Taint analysis Reverse Engineering Conclusions and Acknowledgments 4 J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 5 / 44

  13. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (I) DBI: Dynamic Binary Instrumentation Main Words ?? Instrumentation ?? Dynamic ?? Binary J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 6 / 44

  14. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (I) DBI: Dynamic Binary Instrumentation Main Words ?? Instrumentation ?? Dynamic ?? Binary J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 6 / 44

  15. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (II) Instrumentation? Instrumentation “Being able to observe, monitor and modify the behaviour of a computer program” (Gal Diskin) Arbitrary addition of code in executables to collect some information J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 7 / 44

  16. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (II) Instrumentation? Instrumentation “Being able to observe, monitor and modify the behaviour of a computer program” (Gal Diskin) Arbitrary addition of code in executables to collect some information Analyse and control everything around an executable code Collect some information Arbitrary code insertion J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 7 / 44

  17. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (III) Instrumentation ?? ?? Dynamic ?? Binary J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 8 / 44

  18. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (III) Instrumentation What is happening. . . ?? Dynamic ?? Binary J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 8 / 44

  19. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (III) Instrumentation What is happening. . . ?? Dynamic ?? Binary J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 8 / 44

  20. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (IV) Dynamic? Code analysis Static BEFORE execution All possible execution paths are explored → not extremely good for performance Dynamic DURING the execution Just one execution path (it may depend on the input data!) J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 9 / 44

  21. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (V) Instrumentation What is happening. . . ?? Dynamic ?? Binary J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 10 / 44

  22. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (V) Instrumentation What is happening. . . DURING the execution. . . Dynamic ?? Binary J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 10 / 44

  23. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (V) Instrumentation What is happening. . . DURING the execution. . . Dynamic ?? Binary J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 10 / 44

  24. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (IV) Binary? Dynamic analysis Source code available Source code Compiler No source code (common case ¨ ⌣ ) Binary Static (i.e., creating a new binary – with extras) Dynamic Environment Emulation Virtual Debugging J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 11 / 44

  25. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (VI) Instrumentation What is happening. . . DURING the execution. . . Dynamic ?? Binary J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 12 / 44

  26. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (VI) Instrumentation What is happening. . . Dynamic DURING the execution. . . Binary of a binary (executable). . . J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 12 / 44

  27. An Introduction to DBI What (the hell) is Dynamic Binary Instrumentation (DBI)? DBI: What is? (VII) DBI advantages Binary instrumentation: advantages Programming language (totally) independent Machine-mode vision We can instrument proprietary software J.A. Artal, R.J. Rodr´ ıguez, J. Merseguer DBI for Computer Security: Uses and Comparative June 21th, 2013 13 / 44

Recommend


More recommend