Name
Title | ||
|---|---|---|
Enhancing Branch Monitoring for Security Purposes: From Control Flow Integrity to Malware Analysis and Debugging. |
Abstract | ||
|---|---|---|
Malware and code-reuse attacks are the most significant threats to current systems operation. Solutions developed to countermeasure them have their weaknesses exploited by attackers through sandbox evasion and antidebug crafting. To address such weaknesses, we propose a framework that relies on the modern processors’ branch monitor feature to allow us to analyze malware while reducing evasion effects. The use of hardware assistance aids in increasing stealthiness, a key feature for debuggers, as modern software (malicious or benign) may be antianalysis armored. We achieve stealthier code execution control by using the branch monitor hardware’s inherent interrupt capabilities, keeping the code under execution intact. Previous works on branch monitoring have already addressed the ROP attack problem but require code injection and/or are limited in their capture window size. Therefore, we also propose a ROP detector without these limitations.
|
Year | DOI | Venue |
|---|---|---|
2018 | 10.1145/3152162 | ACM Trans. Priv. Secur. |
Keywords | DocType | Volume |
Malware, ROP, branch monitor, debug | Journal | 21 |
Issue | ISSN | Citations |
1 | 2471-2566 | 1 |
PageRank | References | Authors |
0.35 | 0 | 3 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Marcus Botacin | 1 | 2 | 2.74 |
| Paulo Lício de Geus | 2 | 83 | 13.37 |
| André Ricardo Abed Grégio | 3 | 66 | 9.51 |