Researches - Binary Analysis in Progress
 rakish <therakish gmail com> |
Thursday, March 27 2008 15:38.13 CDT |
Hi, i'm new here and in RCE world!
Since i have started my little experience i found a great project at UC Berkley.That project is BitBlaze, i guess that someone here already saw it.
"The BitBlaze project aims to design and develop a powerful binary analysis platform and employ the platform in order to (1) analyze and develop novel COTS protection and diagnostic mechanisms and (2) analyze, understand, and develop defenses against malicious code. The BitBlaze project also strives to open new application areas of binary analysis, which provides sound and effective solutions to applications beyond software security and malicious code defense, such as protocol reverse engineering and fingerprint generation."
http://bitblaze.cs.berkeley.edu
In my experience i have found some automated tools but just inside heuristic analysis in anti-malwares.
What do you guys think about it become reality?
Already exist some automated frameworks at this "level" of analysis?
Note: English is not my native language.
Comments
 MohammadHosein |
Posted: Thursday, March 27 2008 15:53.19 CDT |
| what is "novel" about it ? | |
|
MFox |
Posted: Thursday, March 27 2008 17:50.20 CDT |
|
ERESI project !? http://www.eresi-project.org/ |
|
 RolfRolles |
Posted: Thursday, March 27 2008 18:20.46 CDT |
|
When I first went professional, I thought that academia (with the exception of cryptography and program analysis) was missing the point when it came to computer security, and so I mostly ignored it (modulo some interesting results from time to time) in favor of what the hard-core sector of the industry was producing (e.g. what you see at the major conferences). I was wrong; BitBlaze is proof. About BitBlaze, the first and (IMO) most accessible publication in the BitBlaze series was 2005's TaintCheck, a system built on top of Valgrind/DynamoRIO (using so-called dynamic taint analysis) to automatically detect exploitation conditions at run-time, and furthermore generate an IDS signature from whatever triggered the vulnerability (not as easy). The dynamic binary instrumentation framework evolved into TEMU, an instrumented version of QEMU, which allows for system-wide analysis. The project also includes static and mixed static/dynamic components, linked below. Some spin-off papers for those interested: * Renovo is an automatic unpacker which is powerful yet simple in concept; * Panorama is a tool that detects malicious browser-helper objects; * Polyglot is a tool that produces WireShark protocol definitions based on dynamic binary analysis. If I had to take a stab at what was "novel" about the BitBlaze project, I'd say it's a combination of innovative ideas, keen insight into security issues on the binary level, sophisticated technologies only accessible to those with advanced degrees, and most importantly its track record. But this is all just my opinion; read the papers and form your own. If you want to see some related projects, check out LibFlayer and Argos, both of which come with source. |
|
 sovietskicpu |
Posted: Thursday, March 27 2008 19:38.37 CDT |
| Hi Rolf ;) | |
|
RabidCicada |
Posted: Friday, March 28 2008 10:10.56 CDT |
| I'd also note the wording where it states that they intend to use the platform to develop novel protections....not that the platform itself is novel. | |
 rakish |
Posted: Friday, March 28 2008 12:58.46 CDT |
|
be careful that is a malformed expression that exploited your minds, use some taint analysis to detect the behavior, maybe nothing has occur! maybe its a rootkit to control you later ... jk is so far more easy you control me =p hey guys, thanks for reply, i'll keep my eyes on this project, about the ERESI seems to be a nice framework too well i'm just newbie, i have so much things to learn ... |
|
|
RolfRolles |
Posted: Monday, March 31 2008 03:03.49 CDT |
| Here's something else interesting from the BitBlaze crowd (at least, three-fourths of the authors are members of that project), some more evidence that academia has surpassed the industry: a paper entitled "Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications". | |