Automated static analysis of virtual-machine packers

Leong, Joseph

Permalink

https://hdl.handle.net/2142/45595 Copy

Description

Title

Automated static analysis of virtual-machine packers

Author(s)

Leong, Joseph

Issue Date

2013-08-22T16:49:00Z

Director of Research (if dissertation) or Advisor (if thesis)

Caesar, Matthew C.

Department of Study

Computer Science

Discipline

Computer Science

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

M.S.

Degree Level

Thesis

Keyword(s)

• Program-Analysis
• Low-level Systems

Abstract

The ability to reverse the most advanced software protection schemes is a critical step in mitigating malicious code attacks. Unfortunately, the analyst side seems to be losing in the ongoing arms race between malware developers and reverse engineers. Obfuscation that takes advantage of a virtual- machine like architecture has proven to be one of the most difficult to deal with. Virtual-machine packers are able to hide the intentions of programs they are applied to and are resistant to formerly effective unpacking techniques. Others have proposed methods to deal with such complex protec- tions, but they are often tedious, expensive, and/or inflexible. We propose a novel approach to automate the analysis process of virtualization protected executables. Our design avoids many pit- falls and performance issues of dynamic-analysis systems by only employing static program-analysis techniques and emphasizing work-reuse and generality in order to maintain efficiency, flexibility, and accessibility, for even novice analysts. The proof-of-concept system we have developed shows promise for the future of virtual-machine protected software analysis.

Graduation Semester

2013-08

Permalink

http://hdl.handle.net/2142/45595

Copyright and License Information

Copyright 2013 by Joseph Kwun Leong. All rights reserved.

Owning Collections