Atlantis: Improving the Analysis and Visualization of Large Assembly Execution Traces

PDF

Authors
  1. Huang, H.
  2. Verbeek, E.
  3. German, D.
  4. Storey, M-A.
  5. Salois, M.
Corporate Authors
Defence Research and Development Canada, Valcartier Research Centre, Quebec QC (CAN);Victoria Univ, Victoria BC (CAN)
Abstract
Assembly execution trace analysis is an effective approach for discovering potential software vulnerabilities. However, the size of the execution traces and the lack of source code makes this a manual, labor-intensive process. Instead of browsing billions of instructions one by one, software security analysts need higher-level information that can provide an overview of the execution of a program to assist in the identification of patterns of interest. The tool we present in this paper, Atlantis, is our trace analysis environment for multi-gigabyte assembly traces, and it contains a number of new features that make it particularly successful in meeting this goal. The contributions of this continuous work fall into three main categories: a) the ability to efficiently reconstruct and navigate the memory state of a program at any point in a trace; b) the ability to reconstruct and navigate functions and processes; and c) a powerful search facility to query and navigate traces. These contributions are not only novel for Atlantis but also for the field of assembly trace analysis. Software is becoming increasingly complex and many applications are designed as collaborative systems or modules interacting with each other, which makes the discovery of vulnerabilities extremely difficult. With the novel features we describe in this paper, our tool extends the security analyst’s ability to investigate vulnerabilities of real-world large execution traces and can lay the groundwork for
Keywords
big data;assembly;visualisation
Report Number
DRDC-RDDC-2018-P014 — External Literature
Date of publication
01 Feb 2018
Number of Pages
9
Reprinted from
Bibliographic information: 33rd IEEE International Conference on Software Maintenance and Evolution (ICSME), Shanghai, China, 17-24 Septembe
DSTKIM No
CA045734
CANDIS No
806182
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: