欢迎访问南京邮电大学计算机学院、软件学院、网络空间安全学院!   |  联系我们
首页 > 学术交流 > 文章详情

2019年1月7日学术报告——Dongpeng Xu

来源: 计算机学院 | 发表时间: 2018-12-28 | 浏览次数: 13

报告题目:VMHunt: A Verifiable Approach to Partially-Virtualized Binary Code Simplification

报告人:Dongpeng Xu

时间:201917日上午9:00

地点:计算机学科楼338

报告人简介:

Dr. Dongpeng Xu is an assistant professor in the computer science department at the University of New Hampshire. He received his Ph.D. in Information Sciences and Technology from the Pennsylvania State University. His research interest is software security, especially program analysis on binary code, malware analysis and detection, program protection, and program similarity analysis. His research work has been published in top security conferences including IEEE S&P, CCS, and USENIX Security.




报告摘要:

Code virtualization is a highly sophisticated obfuscation technique adopted by malware authors to stay under the radar. However, due to its performance limitations and compatibility problems, code virtualization is seldom used on an entire program. Rather, it is mainly used only to safeguard the key parts of code such as security checks and encryption keys. In this talk, Dongpeng Xu will present a new method to extract and simplify virtualized binary code. Our key insight is that code virtualization is a process-level virtual machine (VM), and the context switch patterns when entering and exiting the VM can be used to detect the VM boundaries. We further simplify the virtualized code based on the scope of VM boundary. Our method also transforms the virtualized code to concise symbolic formulas, which facilitate the correctness testing of the simplification results.