2019年1月7日学术报告——Dongpeng Xu
报告题目:VMHunt: A Verifiable Approach to Partially-Virtualized Binary Code Simplification
报告人:Dongpeng Xu
时间:2019年1月7日上午9:00
地点:计算机学科楼338
报告人简介:
Dr. Dongpeng Xu is an assistant professor in the computer science department at the University of New Hampshire. He received his Ph.D. in Information Sciences and Technology from the Pennsylvania State University. His research interest is software security, especially program analysis on binary code, malware analysis and detection, program protection, and program similarity analysis. His research work has been published in top security conferences including IEEE S&P, CCS, and USENIX Security.
报告摘要:
Code virtualization is a highly sophisticated obfuscation technique adopted by malware authors to stay under the radar. However, due to its performance limitations and compatibility problems, code virtualization is seldom used on an entire program. Rather, it is mainly used only to safeguard the key parts of code such as security checks and encryption keys. In this talk, Dongpeng Xu will present a new method to extract and simplify virtualized binary code. Our key insight is that code virtualization is a process-level virtual machine (VM), and the context switch patterns when entering and exiting the VM can be used to detect the VM boundaries. We further simplify the virtualized code based on the scope of VM boundary. Our method also transforms the virtualized code to concise symbolic formulas, which facilitate the correctness testing of the simplification results.