Paper

Rust污点分析调研

mi1itray.axe published on
1 min, 76 words

Rust语言污点分析相关的几篇内容

  • SafeDrop: Detecting Memory Deallocation Bugs of Rust Programs via Static Data-flow Analysis.
  • Encapsulated Functions: Fortifying Rust's FFI in Embedded Systems.
  • Demystifying Compiler Unstable Feature Usage and Impacts in the Rust Ecosystem
  • Detecting Cross-language Memory Management Issues in Rust
  • MirChecker: Detecting Bugs in Rust Programs via Static Analysis
  • Static Deadlock Detection for Rust Programs
Read More

BiAn: Smart Contract Source Code Obfuscation

mi1itray.axe published on
5 min, 975 words

智能合约代码混淆,感觉还是ollvm的影子,还是那三种模式,只是做了相关的适配以及加了很多其他细节,总体思路是没有变的。

创新点在于使用改进后的混沌映射来做不透明谓词,增加了一定的混淆程度

会议:IEEE Transactions on Software Engineering

等级:CCF-A

Read More

Binary Diffing

mi1itray.axe published on
57 min, 11385 words

最近想看看binary diffing的内容,直接从头看看一篇篇翻,涉及到很多机器学习内容,很多不懂的,慢慢来看吧。这里先看了10几篇,很多都只看了一个摘要。 主要是了解一下思路,看看这个领域的内容的研究历史,Binary Diffing 1暂时只看到2016年的paper,后续继续更新,主要文章引用如下

  • Bitshred: feature hashing malware for scalable triage and semantic analysis.
  • Binary function clustering using semantic hashes.
  • Binslayer: accurate comparison of binary executables.
  • Control flow-based malware variant detection.
  • {MutantX-S}: Scalable Malware Clustering Based on Static Features.
  • Semantics-based obfuscation-resilient binary code similarity comparison with applications to software plagiarism detection.
  • Leveraging semantic signatures for bug search in binary programs.
  • Cross-architecture bug search in binary executables.
  • Bingo: Crossarchitecture cross-os binary search.
  • Statistical similarity of binaries.
  • discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code.
  • Scalable Graph-based Bug Search for Firmware Images.
  • Crossarchitecture binary semantics understanding via similar code comparison.
Read More

Khaos: The Impact of Inter-procedural Code Obfuscation on Binary Diffing Techniques

mi1itray.axe published on
14 min, 2721 words

这是一篇CCFB的文章,来自中科大,文章提出了一种新的二进制混淆模式来抵抗binary diffing技术的分析。

从混淆角度,它是从IR层面切割函数并融合函数,改变了函数的调用关系。与OLLVM是不冲突的混淆,对抵抗binary diffing有很好的效果,并且也是基于LLVM框架,对混淆技术的发展是有意义的。

Read More

KextFuzz Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations

mi1itray.axe published on
15 min, 2835 words

来自清华vul337实验室与蚂蚁基础安全合作的一篇2023年USENIX Security的文章

讲述如何针对macOS内核部分的kext进行模糊测试,原本kext是闭源的部分,同时处于内核。这使得插桩难,容易崩溃,黑盒测试效果差。同时苹果本身一些特权代码被保护。文章针对这些问题提出三个机制来解决

通过替换arm的PA指令来插桩,做覆盖率统计;通过本地hook特权检查函数来绕过苹果的检查,进一步fuzz特权代码;设计一个污点分析模块,分析macOS内核接口格式,辅助fuzz

Read More

Categories: Paper