10 Hits in 11.2 sec

Identifying OS Kernel Objects for Run-Time Security Analysis [chapter]

Amani S. Ibrahim, James Hamlyn-Harris, John Grundy, Mohamed Almorsy
2012 Lecture Notes in Computer Science  
In this paper, we address the problem of systemically uncovering all OS dynamic kernel runtime objects, without any prior knowledge of the OS kernel data layout in memory.  ...  As dynamic kernel runtime objects are a significant source of security and reliability problems in Operating Systems (OSes), having a complete and accurate understanding of kernel dynamic data layout in  ...  Acknowledgement The authors are grateful to Swinburne University of Technology and FRST Software Process and Product Improvement project for support for this research.  ... 
doi:10.1007/978-3-642-34601-9_6 fatcat:afgwqx4qm5dp7c7y7eppklldpe

Detecting stealthy malware with inter-structure and imported signatures

Bin Liang, Wei You, Wenchang Shi, Zhaohui Liang
2011 Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security - ASIACCS '11  
The key idea is to use cross-reference relationships of multiple data structures as signatures to detect stealthy malware, and to import some extra information into regions attached to target data structures  ...  In this paper, we propose the concepts of inter-structure signature and imported signature, and present techniques to detect stealthy malware based on these concepts.  ...  Unlike KOP, SigGraph does not require the object reachability and hence supports brute force memory scanning that can start at any kernel memory address.  ... 
doi:10.1145/1966913.1966941 dblp:conf/ccs/LiangYSL11 fatcat:73xxdtko7bdurk6rs7fejkiaji

Supporting operating system kernel data disambiguation using points-to analysis

Amani S. Ibrahim, John Grundy, James Hamlyn-Harris, Mohamed Almorsy
2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering - ASE 2012  
An OS kernel contains thousands of data structures that have direct and indirect relations between each other, with no explicit integrity constraints.  ...  Generic pointers make kernel data layout ambiguous, and thus limit kernel integrity checking research to covering a small fraction of kernel data.  ...  Brute force scanning tools identify dynamic running objects (data structure instances) at a given memory address using the data structure signature.  ... 
doi:10.1145/2351676.2351710 dblp:conf/kbse/IbrahimGHA12 fatcat:rwdjo7s2rbfc5d2l3yy3psnnxu

Characterization of the windows kernel version variability for accurate memory analysis

Michael I. Cohen
2015 Digital Investigation. The International Journal of Digital Forensics and Incident Response  
We can therefore directly use known kernel global offsets and do not need to guess those by scanning techniques.  ...  As an example of an undocumented kernel driver, we use the win32k.sys GUI subsystem driver and develop a robust technique for combining both profile constants and reversed struct offsets into accurate  ...  For example, the SigGraph system (Lin et al., 2011) , is capable of building scanners for Linux kernel structures by analyzing their internal pointer graphs.  ... 
doi:10.1016/j.diin.2015.01.009 fatcat:ymvjsqtcdnej7j4ugvmxz5q2ba

Operating System Kernel Data Disambiguation to Support Security Analysis [chapter]

Amani S. Ibrahim, John Grundy, James Hamlyn-Harris, Mohamed Almorsy
2012 Lecture Notes in Computer Science  
This definition accurately reflects the kernel data layout by resolving the pointer-based relations ambiguities between kernel data, in order to support systemic kernel data integrity checking.  ...  In this paper, we address the problem of systematically generating an accurate kernel data definition for OSes without any prior knowledge of the OS kernel data.  ...  Acknowledgement The authors are grateful to Swinburne University of Technology and FRST Software Process and Product Improvement project for support for this research.  ... 
doi:10.1007/978-3-642-34601-9_20 fatcat:ypcn7jqxhze5vo2gsldqnm3gni


Brendan Saltaformaggio, Rohit Bhatia, Zhongshu Gu, Xiangyu Zhang, Dongyan Xu
2015 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15  
Based on this, VCR targets application-generic artifacts in an input memory image which allow photographic evidence to be collected no matter which application produced it.  ...  In the event of a crime, the photographic evidence that these cameras leave in a smartphone's memory becomes vital pieces of digital evidence, and forensic investigators are tasked with recovering and  ...  In particular, SigGraph [21] builds maps of structures in a memory image via brute force scanning.  ... 
doi:10.1145/2810103.2813720 dblp:conf/ccs/SaltaformaggioB15a fatcat:w6ksnc4qxfgwnobclgjevl5yw4

Exploring semantic reverse engineering for software binary protection

Pengfei Sun
Using the discovered data structure instances in live memory, I develop a new domain-specific semantic memory data attack against power grid controllers.  ...  First, I present a systematic framework, ReViver, for semantic reverse engineering of data structure instances from live memory without execution trace.  ...  Structural-invariant based signatures are derived by mapping interconnected data structures. For instance, SigGraph Lin et al. (2011) employs similar signatures for target memory image scanning.  ... 
doi:10.7282/t3-zy08-nn55 fatcat:dqxzc5akg5ag3iihoknm5lyb64

Comparing Features of Three-Dimensional Object Models Using Registration Based on Surface Curvature Signatures

Timothy David Gatzke
We use features ordered by strength, the similarity of pairs of features, and pruning based on geometric consistency to efficiently determine key corresponding locations on the objects.  ...  An advantage of this approach is that the final comparisons depend on the similarity-based correspondence and not on a physical three dimensional alignment.  ...  Thanks also go to Vladimir Kolmogorov for the mincut/max-flow code, Cyberware for the human head scans, and the Stanford Scanning Repository for the bunny data set.  ... 
doi:10.7936/k7fn14j1 fatcat:ejr2hl5gnjeofeyigvs5fhlk4e

Proceedings of the 2021 Joint Workshop of the German Research Training Groups in Computer Science. May 31–June 1, 2021

Joint Workshop Of The German Research Training Groups In Computer Science, Erlangen May 31–June 1, 2021, Felix Freiling
The goal of these workshops is to foster an interchange of ideas and experiences in order to strengthen the connection within the German computer science community.  ...  Initiated in 1996 and run regularly since 2007, researchers of the German Research and Training Groups (RTGs) funded by the Deutsche Forschungsgemeinschaft (DFG) in the field of computer science meet annually  ...  For a qualified set of key-pairs and random passwords, we could show that is is possible to reduce the search space of a brute force attack.  ... 
doi:10.25593/opus4-fau-16426 fatcat:isoyq5lzdffxrdqzvkmfsnjgau

OpenSfM : a collaborative Structure-from-Motion System

Matthias Adorjan, Michael Wimmer, Michael Birsak
In our work we aim to a establish a free and fully accessible structure-from-motion system, based on the idea of collaborative projects like OpenStreetMap.  ...  On the other side the back-end evaluates the uploaded information and generates georeferenced point datasets using a state-of-the-art SfM engine and the GPS data stored in the uploaded images.  ...  Acknowledgements Firstly, I would like to thank everyone who supported me during my studies at the Technical University of Vienna and the work on this thesis.  ... 
doi:10.34726/hss.2016.31424 fatcat:j7twkjycz5gj3mqclxg3w5pwaa