来源： 计算机学院 | 发表时间： 2018-12-28 | 浏览次数： 13
报告题目：VMHunt: A Verifiable Approach to Partially-Virtualized Binary Code Simplification
Dr. Dongpeng Xu is an assistant professor in the computer science department at the University of New Hampshire. He received his Ph.D. in Information Sciences and Technology from the Pennsylvania State University. His research interest is software security, especially program analysis on binary code, malware analysis and detection, program protection, and program similarity analysis. His research work has been published in top security conferences including IEEE S&P, CCS, and USENIX Security.
Code virtualization is a highly sophisticated obfuscation technique adopted by malware authors to stay under the radar. However, due to its performance limitations and compatibility problems, code virtualization is seldom used on an entire program. Rather, it is mainly used only to safeguard the key parts of code such as security checks and encryption keys. In this talk, Dongpeng Xu will present a new method to extract and simplify virtualized binary code. Our key insight is that code virtualization is a process-level virtual machine (VM), and the context switch patterns when entering and exiting the VM can be used to detect the VM boundaries. We further simplify the virtualized code based on the scope of VM boundary. Our method also transforms the virtualized code to concise symbolic formulas, which facilitate the correctness testing of the simplification results.