Восстановление структуры бинарных данных по трассам программ
Аннотация
Список литературы
1. J.Lim, T. Reps B. Liblit. Extracting Output Formats from Executables. // Proceedings of the 13th Working Conference on Reverse Engineering, 2006, рр. 167—178.
2. J. Caballero , H. Yin ,Z. Liang ,D. Song . Polyglot: Automatic Extraction of Protocol Message Format using Dynamic Binary Analysis. // In Proceedings of the 14th ACM Conference on Computer and and Communications Security, 2007, pp. 317—329.
3. Z. Lin, X. Jiang, D. Xu, X. Zhang. Automatic Protocol Format Reverse Engineering through Context-Aware Monitored Execution. // In Network and Distributed System Security, 2008.
4. G. Wondracek, P. Milani Comparetti, C. Kruegel, E. Kirda. Automatic Network Protocol Analysis. // In 15th Symposium on Network and Distributed System Security, 2008.
5. W. Cui, M. Peinado, K. Chen, H. J. Wang, L. Irun-Briz. Tupni: Automatic Reverse Engineering of Input Formats. // Proceedings of the 15th ACM conference on Computer and communications security, 2008, pp. 391—402.
6. W.Cui, J. Kannan, H. J. Wang. Discoverer: Automatic Protocol Reverse Engineering from Network Traces. // Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, 2007, pp. 14:1—14:14
7. А.И. Гетьман, Ю.В. Маркин, В.А. Падарян, Е.И. Щетинин. Восстановление формата данных. // Труды Института системного программирования РАН, том 19, 2010, cтр. 195-214
8. В.А. Падарян, А.И. Гетьман, М.А. Соловьев. Программная среда для динамического анализа бинарного кода. // Труды Института системного программирования РАН, том 16, 2009, cтр. 51-72
9. J. Newsome and D. Song. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. // In Proceedings of the Network and Distributed System Security Symposium (NDSS 2005), 2005
10. G. Balakrishnan and T. Reps. Analyzing Memory Accesses in X86 Executables. // In 13th International Conference on Compiler Construction, 2004. pp. 5—23
11. S. Needleman, C. Wunsch. A general method applicable to the search for similarities in the amino acid sequence of two proteins. // Journal of molecular biology. 1970 Mar;48(3), pp. 443-453.
12. Wireshark. http://www.wireshark.org/ дата обращения 22 апреля 2012
13. Network Driver Interface Specification 5.1 http://msdn.microsoft.com/en-us/library/ff556916.aspx дата обращения 22 апреля 2012
14. Trivial File Transfer Protocol (revision 2) http://www.ietf.org/rfc/rfc1350.txt дата обращения 22 апреля 2012
15. DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION http://www.ietf.org/rfc/rfc1035.txt November 1987
16. Domain Name System. Obsoleting IQUERY http://www.ietf.org/rfc/rfc3425.txt November 2002
17. Portable Executable and Object File Format Specification http://download.microsoft.com/download/e/b/a/eba1050f-a31d-436b-9281-92cdfeae4b45/pecoff.doc дата обращения 22 апреля 2012
18. Bitmap Storage http://msdn.microsoft.com/en-us/library/dd183391(VS.85).aspx дата обращения 22 апреля 2012
19. J. Caballero, P. Poosankam, C. Kreibich, D. Song. Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering. // Proceedings of the 16th ACM conference on Computer and communications security (CCS '09), 2009. pp. 621—634
20. Weiser M. Program slicing // Proceedings of the 5th International Conference on Software Engineering. — IEEE Computer Society Press, 1981. pp. 439—449
21. G. A. Venkatesh: The Semantic Approach to Program Slicing. // Proceedings of the ACM SIGPLAN 1991 conference on Programming language design and implementation (PLDI '91). pp. 26— 28.
22. Z. Wang, X. Jiang , W. Cui, X. Wang, M. Grace. ReFormat: Automatic Reverse Engineering of Encrypted Messages. // Proceedings of the 14th European conference on Research in computer security (ESORICS'09). Springer-Verlag Berlin, Heidelberg, 2009. pp. 200—215
23. J. Caballero. Grammar and Model Extraction for Security Applications using Dynamic Program Binary Analysis. / PhD thesis in Electrical and Computer Engineering, Carnegie Mellon University, Pittsburgh, PA, September 2010
24. OSCAR "Open System for Communication in Realtime" http://iserverd1.khstu.ru/oscar/ Обновлено 07.02.2005
Рецензия
Для цитирования:
Аветисян А.И., Гетьман А.И. Восстановление структуры бинарных данных по трассам программ. Труды Института системного программирования РАН. 2012;22.
For citation:
Avetisyan A.I., Getman A.I. Recovery of binary data structures from program traces. Proceedings of the Institute for System Programming of the RAS (Proceedings of ISP RAS). 2012;22. (In Russ.)