欢迎访问bdapp体育 、半岛app应用 、半岛电子官网 !
当前位置:网站首页> 半岛综合体育官方app手机 > 文章详情

2019年1月7日学术报告——Dongpeng Xu

来源: bd手机版官网登录ios | 发表时间: 2018-12-28 | 浏览次数: 1542

报告题目:VMHunt: A Verifiable Approach to Partially-Virtualized Binary Code Simplification

报告人:Dongpeng Xu

时间:201917日上午9:00

地点:计算机学科楼338

报告人简介:

Dr. Dongpeng Xu is an assistant professor in the computer science department at the University of New Hampshire. He received his Ph.D. in Information Sciences and Technology from the Pennsylvania State University. His research interest is software security, especially program analysis on binary code, malware analysis and detection, program protection, and program similarity analysis. His research work has been published in top security conferences including IEEE S&P, CCS, and USENIX Security.




报告摘要:

Code virtualization is a highly sophisticated obfuscation technique adopted by malware authors to stay under the radar. However, due to its performance limitations and compatibility problems, code virtualization is seldom used on an entire program. Rather, it is mainly used only to safeguard the key parts of code such as security checks and encryption keys. In this talk, Dongpeng Xu will present a new method to extract and simplify virtualized binary code. Our key insight is that code virtualization is a process-level virtual machine (VM), and the context switch patterns when entering and exiting the VM can be used to detect the VM boundaries. We further simplify the virtualized code based on the scope of VM boundary. Our method also transforms the virtualized code to concise symbolic formulas, which facilitate the correctness testing of the simplification results.


Baidu
map