Affiliation:
1. University of Campinas, SP, Brazil
2. Federal University of Paraná, PR, Brazil
Abstract
Malicious software, a threat users face on a daily basis, have evolved from simple bankers based on social engineering to advanced persistent threats. Recent research and discoveries reveal that malware developers have been using a wide range of anti-analysis and evasion techniques, in-memory attacks, and system subversion, including BIOS and hypervisors. In addition, code-reuse attacks like Returned Oriented Programming emerge as highly potential remote code execution threats. To counteract the broadness of malicious codes, distinct techniques and tools have been proposed, such as transparent malware tracers, system-wide debuggers, live forensics tools, and isolated execution rings. In this work, we present a survey on state-of-the-art techniques that detect, mitigate, and analyze the aforementioned attacks. We show approaches based on Hardware Virtual Machines introspection, System Management Mode instrumentation, Hardware Performance Counters, isolated rings (e.g., Software Guard eXtensions), as well as others based on external hardware. We also discuss upcoming threats based on the very same technologies used for defense. Our main goal is to provide the reader with a broader, more comprehensive understanding of recently surfaced tools and techniques aiming at binary analysis for modern platforms.
Publisher
Association for Computing Machinery (ACM)
Subject
General Computer Science,Theoretical Computer Science
Reference149 articles.
1. Accelerating the local outlier factor algorithm on a GPU for intrusion detection systems
2. AMD. 2016. AMD Secure Processor (Built-in technology). Retrieved from https://tinyurl.com/yaq2rhmv. AMD. 2016. AMD Secure Processor (Built-in technology). Retrieved from https://tinyurl.com/yaq2rhmv.
3. ARM. 2009. ARM Sec. Technology - Building a Secure System using TrustZone Technology. ARM. ARM. 2009. ARM Sec. Technology - Building a Secure System using TrustZone Technology. ARM.
4. Leveraging the short-term memory of hardware to diagnose production-run software failures
Cited by
13 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献