qualitative and quantitative evaluation of software
play

Qualitative and Quantitative Evaluation of Software Packers Mar a - PowerPoint PPT Presentation

Jun 15, 2023 •35 likes •505 views

Qualitative and Quantitative Evaluation of Software Packers Mar a Baz guez , Jos us, Ricardo J. Rodr e Merseguer All wrongs reversed rjrodriguez@unizar.es @RicardoJRdez www.ricardojrodriguez.es Department of Computer

  1. Qualitative and Quantitative Evaluation of Software Packers Mar´ ıa Baz´ ıguez , Jos´ us, Ricardo J. Rodr´ e Merseguer � All wrongs reversed rjrodriguez@unizar.es ※ @RicardoJRdez ※ www.ricardojrodriguez.es Department of Computer Science and Systems Engineering University of Zaragoza, Spain December 12, 2015 NoConName 2015 Barcelona (Spain)

  2. $ whoami Ph.D. on Comp. Sci. (Univ. of Zaragoza, Spain) (2013) Assistant Professor at University of Zaragoza Performance analysis on critical, complex systems Secure Software Engineering Advance malware analysis RFID/NFC Security Not prosecuted ¨ ⌣ Speaker at NcN, HackLU, RootedCON, STIC CCN-CERT, HIP , MalCON, HITB. . . M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 2 / 39

  3. Agenda Introduction 1 Contributions and Related Work 2 Previous Concepts 3 Software Protection Taxonomy 4 Software Packers Under Study 5 Qualitative and Quantitative Evaluation 6 Qualitative Evaluation Quantitative Evaluation Conclusions and Future Work 7 M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 3 / 39

  4. Agenda Introduction 1 Contributions and Related Work 2 Previous Concepts 3 Software Protection Taxonomy 4 Software Packers Under Study 5 Qualitative and Quantitative Evaluation 6 Qualitative Evaluation Quantitative Evaluation Conclusions and Future Work 7 M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 4 / 39

  5. Introduction (I): Reverse Engineering WTF? To analyse a binary program with machine-code vision Types of analysis: Static analysis ( ⇓ not executed, ⇑ all paths explored) Dynamic analysis ( ⇑ truly executed, ⇓ but just one path explored!) M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 5 / 39

  6. Introduction (I): Reverse Engineering WTF? To analyse a binary program with machine-code vision Types of analysis: Static analysis ( ⇓ not executed, ⇑ all paths explored) Dynamic analysis ( ⇑ truly executed, ⇓ but just one path explored!) RE uses: legitimate and illegitimate � Find software bugs � Get interoperability with legacy systems � Detect malicious software X Detect vulnerabilities to create/spread malware X Obtain (or avoid) software license duplication M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 5 / 39

  7. Introduction (II): RE Tools Dynamic analysis Debuggers Static analysis Trace execution Disassemblers Breakpoints Decompilers View internal data Dumpers M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 6 / 39

  8. Introduction (III): Anti-RE Techniques Definition, pros and cons of software packers Avoidance techniques for static and dynamic analysis into binaries Make RE tasks harder On the contrary, they have a strong impact on binary performance: execution time, memory consumption M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 7 / 39

  9. Introduction (III): Anti-RE Techniques Definition, pros and cons of software packers Avoidance techniques for static and dynamic analysis into binaries Make RE tasks harder On the contrary, they have a strong impact on binary performance: execution time, memory consumption They are used for. . . Binary protection before distribution (to keep the intellectual (?) property) Avoid a malware to be positively detected as malicious by an anti-virus M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 7 / 39

  10. Introduction (IV): Software Packers Software packer: What is it? Tools for binary protection (legitimately) Once upon a time. . . : just compressors They evolve to protectors, including anti-RE techniques Normally used in Windows environments M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 8 / 39

  11. Introduction (V): Software Packers How do they “protect” a binary? Packed executable = Original executable + unpacking routine Ejecutable Original Ejecutable Empacado Rutina desempacado Protector + (Rutina empacado) Ejecutable Original M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 9 / 39

  12. Introduction (V): Software Packers How do they “protect” a binary? Packed executable = Original executable + unpacking routine Ejecutable Original Ejecutable Empacado Rutina desempacado Protector + (Rutina empacado) Ejecutable Original How are they reversed? Find unpacking routine end ⇒ dump binary from memory to disk! M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 9 / 39

  13. Introduction (VI): Main Goals Analysing a bunch of software packers for. . . Create a taxonomy of protection techniques Create a benchmark for testing Evaluate the selected packers: Qualitatively: protection strength Quantitatively: reliability and performance M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 10 / 39

  14. Agenda Introduction 1 Contributions and Related Work 2 Previous Concepts 3 Software Protection Taxonomy 4 Software Packers Under Study 5 Qualitative and Quantitative Evaluation 6 Qualitative Evaluation Quantitative Evaluation Conclusions and Future Work 7 M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 11 / 39

  15. Related Work ∄ comparative analysis of current software packers Automation of malware unpacking ([RHD + 06], [KPY07], [MCJ07],[GFC08], [JCL + 10]) Using DBI to analyse malware ([RAG16]) Closest work: performance of software packers in Linux embedded systems ([KLC + 10]) Contributions Taxonomy of software packers Current software packers evaluation Qualitatively: protection strengths Quantitatively: reliability and performance (exec. time, memory consumption, binary size) M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 12 / 39

  16. Agenda Introduction 1 Contributions and Related Work 2 Previous Concepts 3 Software Protection Taxonomy 4 Software Packers Under Study 5 Qualitative and Quantitative Evaluation 6 Qualitative Evaluation Quantitative Evaluation Conclusions and Future Work 7 M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 13 / 39

  17. Previous Concepts (I): PE Header What is it? Windows standard format for binaries (.exe, .dll, .sys, . . . ) Header (characteristics) + Sections (data & code) Cabecera DOS MZ Cabecera PE DOS Header: Tabla de secciones e lfnew offset to PE Header Secciones PE Header: Sección 1 ImageBase … AddressOfEntryPoint DataDirectory[1] Sección n M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 14 / 39

  18. Previous Concepts (II): Loading Process En9Memoria Cabecera9DOS9MZ Cabecera9PE Tabla9de9secciones Secciones En9Disco Sección91 RUTINA9DESEMPACADO Cabecera9DOS9MZ … Cabecera9PE Tabla9de9secciones Sección9 n Secciones Cabecera9DOS9MZ Cabecera9PE Sección91 Tabla9de9secciones RUTINA9DESEMPACADO … Secciones Sección9 n AOABA8B9A4A3E857016B00CF19A50B Sección91 ……. … 57016B00CF19A50BAOABA8B9A4A3A0 Sección9 n M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 15 / 39

  19. Previous Concepts (III): Import Address Table IMAGE_OPTIONAL_HEADER IMAGE_OPTIONAL_HEADER En Memoria … (Sobreescrito por el DataDirectory [1 ] Windows Loader) IMAGE_THUNK_DATA IMAGE_THUNK_DATA IMAGE_THUNK_DATA IMAGE_THUNK_DATA IMAGE_IMPORT_DESCRIPTOR_0 … En Disco (ntdll.dll) 000..000 000…000 IMAGE_IMPORT_DESCRIPTOR _1 OriginalFirstThunk ReadFile TimeDateStamp WriteFile ForwardedChain Name Kernel32.dll FirstThunk … 77E55A68 IMAGE_IMPORT_DESCRIPTOR_n 77E52B38 0 … 0 M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 16 / 39

  20. Agenda Introduction 1 Contributions and Related Work 2 Previous Concepts 3 Software Protection Taxonomy 4 Software Packers Under Study 5 Qualitative and Quantitative Evaluation 6 Qualitative Evaluation Quantitative Evaluation Conclusions and Future Work 7 M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 17 / 39

  21. Software Protection (I): Static Analysis Copy protection Main aim: Avoid to illegitimately copy a software Techniques: License management, register keys, hardware dongles M. Baz´ us, R.J. Rodr´ ıguez, J. Merseguer Qualitative and Quantitative Evaluation of Software Packers NcN 2015 18 / 39

Recommend

Impact Evaluation of Takaful and Karama I. Quantitative Component II. Qualitative Component

Impact Evaluation of Takaful and Karama I. Quantitative Component II. Qualitative Component

Impact Evaluation of Takaful and Karama I. Quantitative Component II. Qualitative Component III. Synthesis Report World Bank SSNP Mission MOSS May 21, 2018 1. Qualitative Component 2. Synthesis Report 3. Final Updates on Quantitative

1.11k views • 95 slides
T-76.613 Software testing Analyzing Quantitative Data Mika Mntyl <mika.mantyla@hut.fi>

T-76.613 Software testing Analyzing Quantitative Data Mika Mntyl <mika.mantyla@hut.fi>

T-76.613 Software testing Analyzing Quantitative Data Mika Mntyl <mika.mantyla@hut.fi> HELSINKI UNIVERSITY OF TECHNOLOGY Qualitative vs. Quantitative (Coolican 1999) Qualitative Quantitative Information Subjective, Rich

297 views • 13 slides
From Qualitative to Quantitative Theories of Software Tom Henzinger IST Austria Qualitative

From Qualitative to Quantitative Theories of Software Tom Henzinger IST Austria Qualitative

From Qualitative to Quantitative Theories of Software Tom Henzinger IST Austria Qualitative Software Theories Property Program Analysis Yes/No Qualitative Software Theories Kripke Program Property ( R ) } G) Structure Analysis

937 views • 45 slides
Heuristic Evaluation (Pinelle) Heuristic evaluation is a method of qualitative evaluation of

Heuristic Evaluation (Pinelle) Heuristic evaluation is a method of qualitative evaluation of

Heuristic Evaluation (Pinelle) Heuristic evaluation is a method of qualitative evaluation of software. 449: A Design Space for Evaluation Open-ended Open-ended Formative Qualitative Methods Usability Breadth of Engineering question

634 views • 25 slides
From Qualitative to Quantitative Program Analysis: Permissive Enforcement of Secure Information

From Qualitative to Quantitative Program Analysis: Permissive Enforcement of Secure Information

Introduction Information Flow Qualitative IF Quantitative IF Conclusion From Qualitative to Quantitative Program Analysis: Permissive Enforcement of Secure Information Flow Mounir Assaf Software Security Lab, CEA LIST, Saclay CIDre,

1.28k views • 95 slides
Understanding Impact The role of qualitative methods of evaluation Aims of the workshop To

Understanding Impact The role of qualitative methods of evaluation Aims of the workshop To

Understanding Impact The role of qualitative methods of evaluation Aims of the workshop To explore what qualitative methods are and how they differ from quantitative methods To examine the advantages and disadvantages of qualitative

735 views • 16 slides
Keywords: Fig, qualitative and quantitative characteristic, diversity, productivity . Time of

Keywords: Fig, qualitative and quantitative characteristic, diversity, productivity . Time of

Keywords: Fig, qualitative and quantitative characteristic, diversity, productivity . Time of study: 2015-2019 Place of study: Collection of fruit tree, Agriculture University of Tirana, germplasm field in Valias. To evaluation, to

638 views • 62 slides
Localism Qualitative and Quantitative Research February 2019 1 Localism Qualitative and

Localism Qualitative and Quantitative Research February 2019 1 Localism Qualitative and

Localism Qualitative and Quantitative Research February 2019 1 Localism Qualitative and Quantitative Research February 2019 Topics Our approach Summary of findings Detailed data Levels of support for localism Types

954 views • 31 slides
What do we mean by scalability? Qualitative: Will this software work well for substantially

What do we mean by scalability? Qualitative: Will this software work well for substantially

What do we mean by scalability? Qualitative: Will this software work well for substantially larger problems? Semi-quantitative: Can you solve a problem n times as large in the same amount of time if you have n times as many resources?

364 views • 8 slides
Benefits and Challenges of Analyzing Qualitative Data Sheelagh Carpendale empirical research

Benefits and Challenges of Analyzing Qualitative Data Sheelagh Carpendale empirical research

Benefits and Challenges of Analyzing Qualitative Data Sheelagh Carpendale empirical research binary? qualitative or quantitative spectrum quantitative qualitative spectrum quantitative qualitative we will look at the qualitative part of

402 views • 17 slides
From Qualitative to Quantitative Dominance Pruning for Optimal Planning Alvaro Torralba

From Qualitative to Quantitative Dominance Pruning for Optimal Planning Alvaro Torralba

Qualitative Quantitative Finding Dominance Action Selection Pruning Experiments Conclusions From Qualitative to Quantitative Dominance Pruning for Optimal Planning Alvaro Torralba Saarland University HSDIP Workshop June 20, 2017

677 views • 43 slides
Quantitative Analysis J. Scott Hawker/R. Kuehl p. 1 R I T Software Engineering Tactics and

Quantitative Analysis J. Scott Hawker/R. Kuehl p. 1 R I T Software Engineering Tactics and

Quantitative Analysis J. Scott Hawker/R. Kuehl p. 1 R I T Software Engineering Tactics and Quantitative Analysis Selecting architectural patterns and tactics is largely qualitative decision making Need to evaluate design decisions and

716 views • 15 slides
Application of geospatial methods and remote sensing and for evaluation Blending quantitative

Application of geospatial methods and remote sensing and for evaluation Blending quantitative

Application of geospatial methods and remote sensing and for evaluation Blending quantitative with qualitative analysis in understanding change Anupam Anand Evaluation Officer GEF IEO Why do we need geospatial methods? Efficiency Analysis at

433 views • 24 slides
Qt Ql New People to New Groups S. Gladen licenced under CC BY 2.0 2 Dr. Pat Bazeley,

Qt Ql New People to New Groups S. Gladen licenced under CC BY 2.0 2 Dr. Pat Bazeley,

Keynote Address - MQIC 2019 Transcending the Qualitative - Quantitative Divide Dr. Pat Bazeley Adjunct Professor, TReSI group, Western Sydney University pat@researchsupport.com.au Dr. Pat Bazeley, Transcending the Qualitative-Quantitative

468 views • 15 slides
Introduction Best suited for initial explorations of a group or phenomenon. A powerful tool for

Introduction Best suited for initial explorations of a group or phenomenon. A powerful tool for

Stephen E. Brock, Ph.D., NCSP Qualitative Research: Overview and Data Collection/Analysis Stephen E. Brock, Ph.D., NCSP California State University, Sacramento 1 Qualitative vs. Quantitative Research (Gay et al., 2006, p. 400) Quantitative (

463 views • 12 slides
Qualitative Evaluation Food for Thought Nest thermostat

Qualitative Evaluation Food for Thought Nest thermostat

Qualitative Evaluation Food for Thought Nest thermostat http://www.youtube.com/watch?v=L8TkhHgkBsg Programmable thermostats are no longer LEEDS certified Why? And what is LEED? Evaluation overview Evaluation is concerned

797 views • 32 slides
Quantitative Evaluation Research Questions Quantitative Data Controlled Studies Experimental

Quantitative Evaluation Research Questions Quantitative Data Controlled Studies Experimental

Quantitative Evaluation Research Questions Quantitative Data Controlled Studies Experimental Methods Role of Statistics Quantitative Evaluation What is experimental design? What is an experimental hypothesis? How do I plan an experiment?

432 views • 16 slides
Quantitative Evaluation Research Questions Quantitative Data Controlled Studies Experimental

Quantitative Evaluation Research Questions Quantitative Data Controlled Studies Experimental

Quantitative Evaluation Research Questions Quantitative Data Controlled Studies Experimental Methods Role of Statistics Quantitative Evaluation What is experimental design? What is an experimental hypothesis? How do I plan an experiment?

213 views • 17 slides
When Numbers Arent Enough: Supplementing Quantitative Data Collection with Qualitative

When Numbers Arent Enough: Supplementing Quantitative Data Collection with Qualitative

When Numbers Arent Enough: Supplementing Quantitative Data Collection with Qualitative Insights Jennifer Hunter Childs U.S. Census Bureau American Association for Public Opinion Research Disclaimer : Any views expressed are those of the

702 views • 42 slides
Modeling Energy Regimes: A Quantitative and Qualitative Study

Modeling Energy Regimes: A Quantitative and Qualitative Study

Modeling Energy Regimes: A Quantitative and Qualitative Study of Energy Choice Across Countries By Julien Philipp Sebas1an Gaertner Primary Thesis Advisor:

201 views • 16 slides
A case at the meeting point between quantitative and qualitative approaches: accessibility to

A case at the meeting point between quantitative and qualitative approaches: accessibility to

A case at the meeting point between quantitative and qualitative approaches: accessibility to health care services for haemophiliacs he 15 th E T me r ging Ne w Re se ar c he r s in the Ge ogr aphy of He alth and Impair me nt Confe r e

344 views • 19 slides
Quantitative and Qualitative Profiling of Mitochondrial DNA Length Heteroplasmy Ukhee Chung,

Quantitative and Qualitative Profiling of Mitochondrial DNA Length Heteroplasmy Ukhee Chung,

Quantitative and Qualitative Profiling of Mitochondrial DNA Length Heteroplasmy Ukhee Chung, Hwan Young Lee, Ji-Eun Yoo, Myung Jin Park, Jong-Hoon Choi, Woo-Ick Yang, Sang-Ho Cho, Chong-Youl Kim and Kyoung-Jin Shin Department of Forensic

359 views • 8 slides
Bounded Model Checking of Hybrid Systems From Qualitative to Quantitative Certificates and from

Bounded Model Checking of Hybrid Systems From Qualitative to Quantitative Certificates and from

Bounded Model Checking of Hybrid Systems From Qualitative to Quantitative Certificates and from Falsification to Verification Martin Frnzle 1 joint work with A. Eggers, C. Herde, T. Teige (all Oldenburg), N. Kalinnik, S. Kupferschmid, T.

919 views • 71 slides
Qualitative Research Theoretical Orientations ScWk 240 Week 10 Slides 1 Why Qualitative

Qualitative Research Theoretical Orientations ScWk 240 Week 10 Slides 1 Why Qualitative

Qualitative Research Theoretical Orientations ScWk 240 Week 10 Slides 1 Why Qualitative Research? Unlike quantitative research, qualitative research relies on reasons behind various aspects of behavior. Simply put, it

269 views • 16 slides

More recommend