Hardware-Assisted Malware Analysis
Resumo
Malicious software (malware) are persistent threats to modern computer systems and the development of countermeasures to them becomes harder each day due to the emergence of anti-analysis and anti-forensics techniques, able to evade software-based monitoring solutions. In this scenario, hardware-assisted solutions are effective alternatives, but still present development gaps. The presented dissertation surveyed the limits of software-based solutions, pinpointed the existing development gaps on hardware-assisted solutions and introduced a lightweight, hardware-based alternative for malware analysis. The developed framework was released as open-source and is being used on further research developments.
Referências
Botacin, Falcão, Geus, and Grégio (2017a). Analysis, anti-analysis, antianti-analysis: An overview of the evasive malware scenario. [link].
Botacin, Geus, and Grégio (2015). Uma visão geral do malware ativo no espaço nacional da internet entre 2012 e 2015. [link].
Botacin, Geus, and Grégio (2016a). Análise transparente de malware com suporte por hardware. [link].
Botacin, Geus, and Grégio (2016b). Detecção de ataques por rop em tempo real assistida por hardware. [link].
Botacin, Geus, and Grégio (2016c). Voidbg: Projeto e implementação de um debugger transparente para inspeção de aplicações protegidas. [link].
Botacin, M., Geus, P. L. D., and Grégio, A. (2018a). Enhancing branch monitoring for security purposes: From control flow integrity to malware analysis and debugging. ACM Trans. Priv. Secur., 21(1):4:1–4:30.
Botacin, M., Geus, P. L. D., and Grégio, A. (2018b). Who watches the watchmen: A security-focused review on current state-of-the-art techniques, tools and methods for systems and binary analysis on modern platforms. To be published.
Botacin, M. F., de Geus, P. L., and Grégio, A. R. A. (2017b). The other guys: automated analysis of marginalized malware. Journal of Computer Virology and Hacking Techniques.
Intel (2011). Intel 64 and ia-32 architectures software developer’s manual. [link]. Access Date: July/2016.
Marpaung, J., Sain, M., and Lee, H.-J. (2012). Survey on malware evasion techniques: State of the art and challenges. In IEEE ICACT, 14th Intl. Conf. Advanced Comm. Technology, pages 744–749.
Shi, H., Alwabel, A., and Mirkovic, J. (2014). Cardinal pill testing of system virtual machines. In 23rd USENIX Security Symp. (USENIX Security 14), pages 271–285, San Diego, CA. USENIX Association.
Sikorski, M. and Honig, A. (2012). Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press, San Francisco, CA, USA, 1st edition.
Botacin, Geus, and Grégio (2015). Uma visão geral do malware ativo no espaço nacional da internet entre 2012 e 2015. [link].
Botacin, Geus, and Grégio (2016a). Análise transparente de malware com suporte por hardware. [link].
Botacin, Geus, and Grégio (2016b). Detecção de ataques por rop em tempo real assistida por hardware. [link].
Botacin, Geus, and Grégio (2016c). Voidbg: Projeto e implementação de um debugger transparente para inspeção de aplicações protegidas. [link].
Botacin, M., Geus, P. L. D., and Grégio, A. (2018a). Enhancing branch monitoring for security purposes: From control flow integrity to malware analysis and debugging. ACM Trans. Priv. Secur., 21(1):4:1–4:30.
Botacin, M., Geus, P. L. D., and Grégio, A. (2018b). Who watches the watchmen: A security-focused review on current state-of-the-art techniques, tools and methods for systems and binary analysis on modern platforms. To be published.
Botacin, M. F., de Geus, P. L., and Grégio, A. R. A. (2017b). The other guys: automated analysis of marginalized malware. Journal of Computer Virology and Hacking Techniques.
Intel (2011). Intel 64 and ia-32 architectures software developer’s manual. [link]. Access Date: July/2016.
Marpaung, J., Sain, M., and Lee, H.-J. (2012). Survey on malware evasion techniques: State of the art and challenges. In IEEE ICACT, 14th Intl. Conf. Advanced Comm. Technology, pages 744–749.
Shi, H., Alwabel, A., and Mirkovic, J. (2014). Cardinal pill testing of system virtual machines. In 23rd USENIX Security Symp. (USENIX Security 14), pages 271–285, San Diego, CA. USENIX Association.
Sikorski, M. and Honig, A. (2012). Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press, San Francisco, CA, USA, 1st edition.
Publicado
25/10/2018
Como Citar
BOTACIN, Marcus Felipe; GEUS, Paulo Lício de; GRÉGIO, André.
Hardware-Assisted Malware Analysis. In: CONCURSO DE TESES E DISSERTAÇÕES - SIMPÓSIO BRASILEIRO DE CIBERSEGURANÇA (SBSEG), 18. , 2018, Natal.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2018
.
p. 9-16.
DOI: https://doi.org/10.5753/sbseg_estendido.2018.4136.
