A practical off-line taint analysis framework and its application in reverse engineering of file format. Issue 51 (June 2015)
- Record Type:
- Journal Article
- Title:
- A practical off-line taint analysis framework and its application in reverse engineering of file format. Issue 51 (June 2015)
- Main Title:
- A practical off-line taint analysis framework and its application in reverse engineering of file format
- Authors:
- Cui, Baojiang
Wang, Fuwei
Guo, Tao
Dong, Guowei - Abstract:
- Abstract: This paper presents FlowWalker, a novel dynamic taint analysis framework that aims to extract the complete taint data flow while eliminating the bottlenecks that occur in existing tools, with applications to file-format reverse engineering. The framework proposes a multi-taint-tag assembly-level taint propagation strategy. FlowWalker separates taint tracking operations from execution with an off-line structure, utilizes memory-mapped files to enhance I/O efficiency, processes taint paths during virtual execution playback, and uses parallelization and pipelining mechanisms to achieve speedup. Based on the semantic correlations implied by the taint path information, this paper presents an algorithm for extracting the structures of unknown file formats. According to test data, the overall program runtime ranges from 92.98% to 208.01% of the length of the underlying instrumentation alone, while the speed enhancement is 60% compared to another well-featured tool in Windows. Medium-complexity file formats are correctly partitioned, and the constant fields are extracted. Due to its efficiency and scalability, FlowWalker can address the needs of further security-related research. Highlights: A novel off-line dynamic taint analysis framework with efficiency an pre-cision. And over 60% enhancement of execution speed compared to existing tools. Fine-grained analysis with parallelization during simulated playback. Application to reverse engineering of file formats with overAbstract: This paper presents FlowWalker, a novel dynamic taint analysis framework that aims to extract the complete taint data flow while eliminating the bottlenecks that occur in existing tools, with applications to file-format reverse engineering. The framework proposes a multi-taint-tag assembly-level taint propagation strategy. FlowWalker separates taint tracking operations from execution with an off-line structure, utilizes memory-mapped files to enhance I/O efficiency, processes taint paths during virtual execution playback, and uses parallelization and pipelining mechanisms to achieve speedup. Based on the semantic correlations implied by the taint path information, this paper presents an algorithm for extracting the structures of unknown file formats. According to test data, the overall program runtime ranges from 92.98% to 208.01% of the length of the underlying instrumentation alone, while the speed enhancement is 60% compared to another well-featured tool in Windows. Medium-complexity file formats are correctly partitioned, and the constant fields are extracted. Due to its efficiency and scalability, FlowWalker can address the needs of further security-related research. Highlights: A novel off-line dynamic taint analysis framework with efficiency an pre-cision. And over 60% enhancement of execution speed compared to existing tools. Fine-grained analysis with parallelization during simulated playback. Application to reverse engineering of file formats with over 85% cognition rate. … (more)
- Is Part Of:
- Computers & security. Issue 51(2015)
- Journal:
- Computers & security
- Issue:
- Issue 51(2015)
- Issue Display:
- Volume 51, Issue 51 (2015)
- Year:
- 2015
- Volume:
- 51
- Issue:
- 51
- Issue Sort Value:
- 2015-0051-0051-0000
- Page Start:
- 1
- Page End:
- 15
- Publication Date:
- 2015-06
- Subjects:
- Taint analysis -- Data flow tracking -- Binary instrumentation -- Format reverse engineering -- Fuzzing test -- Virtualized execution -- Parallelization
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2015.02.006 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 14573.xml