Description: The main goal of this talk is to show how Dynamic Binary Instrumentation (DBI) works, and what for it can be applied in Computer Security. As proof of concepts, it will be shown how DBI can be useful for detecting vulnerabilities (e.g., buffer overflow or taint analysis) in Windows executables. A DBI framework allows you to easily program a tool using DBI concepts. There are very different DBI frameworks on the market, each one has its advantages and disadvantages. In this talk, moreover, a performance analysis is shown comparing some DBI frameworks (namely, Pin, Valgrind and DynamoRIO). The main goal of this comparison is to be able to choose the best suitable DBI framework for each user, depending on his/her needs.
* Summary of the research: The main idea is to give a general overview of DBI, how it works, and its applicability to Computer Security domain. Different known vulnerable source code are going to be shown, and several tools using DBI are also shown proving how these vulnerabilities can be caught and reported. Finally, and as different DBI frameworks are available in the market, a performance analysis between the most-known DBI frameworks is shown.
This work is the result of a collaboration with my PhD. advisor, José Merseguer, and a former student of mine, who made his Final Project Degree on this topic, entitled 'Estudio comparativo de frameworks de Instrumentación Dinámica de Ejecutables' (in Spanish, sorry for that!) and that it can be viewed here:
http://zaguan.unizar.es/record/7141 http://webdiis.unizar.es/~ricardo/files/PFC.Estudio.Frameworks.DBI/Memoria_PFC_EstudioDBI.pdf
The content of this talk has been recently presented on NoConName 2012, a Spanish security conference (more precisely, on 3rd November 2012).
For More Information Please Visit : - https://www.hackinparis.com/talk
Tags: securitytube , hacking , hackers , information security , convention , computer security , HIP13 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.