Several tools for program tracing and introspection exist. These tools can be used to analyze potentially malicious or untrusted programs. In this setting, it is important to prevent that the target program determines whether it is being traced or not. This is typically achieved by minimizing the code of the introspection routines and any artifact or side-effect that the program can leverage. Indeed, the most recent approaches consist of lightly instrumented operating systems or thin hypervisors running directly on bare metal. Following this research trend, we investigate the feasibility of transparently tracing a Linux/ARM program without modifying the software stack, while keeping the analysis cost and flexibility compatible with state of...
ARM has become the leading processor architecture for mobile and IoT devices, while it has recently ...
ABSTRACT: Debugging and profiling tools can alter the execution flow or timing, can induce heisenbug...
The proliferation of binary-only program analysis techniques like fuzz testing and symbolic analysis...
Live system call traces provide essential information in analyzing modern malware. Prior work demons...
Dynamic malware analysis aims at revealing malware’s runtime behavior. To evade analysis, advanced m...
Trusted Execution Environments provide improved security guarantees with a smaller attack surface at...
Kernel monitoring is often a hard task, requiring external debuggers and/or modules to be successful...
In this paper, we present a framework for transparent kernel and user execution tracing from a minim...
Abstract—To improve software dependability, a large number of software engineering tools have been d...
A detailed understanding of the behavior of exploits and malicious software is necessary to obtain a...
During the past decade, virtualization-based (e.g., virtual machine introspection) and hardware-assi...
Abstract—Unobtrusive capturing of program execution traces in real-time is crucial for debugging man...
Abstract—With the rapid proliferation of malware attacks on the Internet, understanding these malici...
Fay is a flexible platform for the efficient collection, processing, and analysis of software execut...
With the rapid proliferation of the ARM architecture on smart mobile phones and Internet of Things (...
ARM has become the leading processor architecture for mobile and IoT devices, while it has recently ...
ABSTRACT: Debugging and profiling tools can alter the execution flow or timing, can induce heisenbug...
The proliferation of binary-only program analysis techniques like fuzz testing and symbolic analysis...
Live system call traces provide essential information in analyzing modern malware. Prior work demons...
Dynamic malware analysis aims at revealing malware’s runtime behavior. To evade analysis, advanced m...
Trusted Execution Environments provide improved security guarantees with a smaller attack surface at...
Kernel monitoring is often a hard task, requiring external debuggers and/or modules to be successful...
In this paper, we present a framework for transparent kernel and user execution tracing from a minim...
Abstract—To improve software dependability, a large number of software engineering tools have been d...
A detailed understanding of the behavior of exploits and malicious software is necessary to obtain a...
During the past decade, virtualization-based (e.g., virtual machine introspection) and hardware-assi...
Abstract—Unobtrusive capturing of program execution traces in real-time is crucial for debugging man...
Abstract—With the rapid proliferation of malware attacks on the Internet, understanding these malici...
Fay is a flexible platform for the efficient collection, processing, and analysis of software execut...
With the rapid proliferation of the ARM architecture on smart mobile phones and Internet of Things (...
ARM has become the leading processor architecture for mobile and IoT devices, while it has recently ...
ABSTRACT: Debugging and profiling tools can alter the execution flow or timing, can induce heisenbug...
The proliferation of binary-only program analysis techniques like fuzz testing and symbolic analysis...