ATLANTIS - Assembly Trace Analysis Environment

Author

Cleary, Brendan ; Storey, Margaret-Anne ; Chan, Laura ; Salois, Martin ; Painchaud, Frederic

Author_Institution

Dept. of Comput. Sci., Univ. of Victoria, Victoria, BC, Canada

fYear

2012

fDate

15-18 Oct. 2012

Firstpage

505

Lastpage

506

Abstract

For malware authors, software is an ever fruitful source of vulnerabilities to exploit. Exploitability assessment through fuzzing aims to proactively identify potential vulnerabilities by monitoring the execution of a program while attempting to induce a crash. In order to determine if a particular program crash is exploitable (and to create a patch), the root cause of the crash must be identified. For particular classes of programs this analysis must be conducted without the aid of the original source code using execution traces generated at the assembly layer. Currently this analysis is a highly manual, text-driven activity with poor tool support. In this paper we present ATLANTIS, an assembly trace analysis environment that combines many of the features of modern IDEs with novel trace annotation and navigation techniques to support software security engineers performing exploitability analysis.

Keywords

assembly language; invasive software; program diagnostics; text analysis; ATLANTIS; IDE; assembly layer; assembly trace analysis environment; execution traces; exploitability assessment; malware; program classes; program crash; program execution monitoring; software security; source code; text-driven activity; trace annotation techniques; trace navigation techniques; Assembly; Computer crashes; Navigation; Reverse engineering; Security; Software; Tagging;

fLanguage

English

Publisher

ieee

Conference_Titel

Reverse Engineering (WCRE), 2012 19th Working Conference on

Conference_Location

Kingston, ON

ISSN

1095-1350

Print_ISBN

978-1-4673-4536-1

Type

conf

DOI

10.1109/WCRE.2012.62

Filename

6385148