Reversing the syntactic format of program inputs and data structures in binaries plays a vital role for understanding program behaviors in many security applications.In this paper,we propose a collaborative reversing ...Reversing the syntactic format of program inputs and data structures in binaries plays a vital role for understanding program behaviors in many security applications.In this paper,we propose a collaborative reversing technique by capturing the mapping relationship between input fields and program data structures.The key insight behind our paper is that program uses corresponding data structures as references to parse and access different input fields,and every field could be identified by reversing its corresponding data structure.In details,we use a finegrained dynamic taint analysis to monitor the propagation of inputs.By identifying base pointers for each input byte,we could reverse data structures and conversely identify fields based on their referencing data structures.We construct several experiments to evaluate the effectiveness.Experiment results show that our approach could effectively reverse precise input formats,and provide unique benefits to two representative security applications,exploit diagnosis and malware analysis.展开更多
Integer overflow vulnerability will cause buffer overflow. The research on the relationship between them will help us to detect integer overflow vulnerability. We present a dynamic analysis methods RICB (Run-time Int...Integer overflow vulnerability will cause buffer overflow. The research on the relationship between them will help us to detect integer overflow vulnerability. We present a dynamic analysis methods RICB (Run-time Integer Checking via Buffer overflow). Our approach includes decompile execute file to assembly language; debug the execute file step into and step out; locate the overflow points and checking buffer overflow caused by integer overflow. We have implemented our approach in three buffer overflow types: format string overflow, stack overflow and heap overflow. Experiments results show that our approach is effective and efficient. We have detected more than 5 known integer overflow vulnerabilities via buffer overflow.展开更多
Based on high-resolution,Array for Real-time Geostrophic Oceanography(Argo)profiles and Sea Level Anomaly(SLA)data,this study statistically analyzes and compares turbulent diapycnal mixing profiles inside and outside ...Based on high-resolution,Array for Real-time Geostrophic Oceanography(Argo)profiles and Sea Level Anomaly(SLA)data,this study statistically analyzes and compares turbulent diapycnal mixing profiles inside and outside mesoscale eddies in the Gulf Stream region.The result indicates that average diapycnal diffusivity at 300–540 m depths in anticyclonic eddies reaches4.0×10-5 m2 s-1.This is significantly higher than the 1.6×10-5 m2 s-1 outside eddies and 0.8×10-5 m2 s-1 in cyclonic eddies.Probabilities of diapycnal diffusivity greater than 10-4 m2 s-1 within anticyclonic and cyclonic eddies and outside eddies are29%,5%and 12%,respectively.However,magnitudes of average diapycnal diffusivity at 540–900 m depths in these three cases are of the same order,10-5 m2 s-1.Twenty-four of a total 38 anticyclonic eddies had enhanced mixing in the ocean interior,and 22 were observed during or shortly after strong winds.The coincidence between enhanced mixing and strong wind stress indicates that more wind-induced,near-inertial wave energy propagates downward in anticyclonic eddies.The deeper part of 12 profiles(below 540 m)in anticyclonic eddies had vertical overturns with Thorpe scale exceeding 5 m,among which three profiles had overturns reaching 20 m.Enhanced mixing may have occurred in deep layers of some profiles,although it was not evident in average conditions.展开更多
基金the National Natural Science Foundation of China,the foundation of State Key Lab.for Novel Software Technology in Nanjing University,the foundation of Key Laboratory of Information Assurance Technology
文摘Reversing the syntactic format of program inputs and data structures in binaries plays a vital role for understanding program behaviors in many security applications.In this paper,we propose a collaborative reversing technique by capturing the mapping relationship between input fields and program data structures.The key insight behind our paper is that program uses corresponding data structures as references to parse and access different input fields,and every field could be identified by reversing its corresponding data structure.In details,we use a finegrained dynamic taint analysis to monitor the propagation of inputs.By identifying base pointers for each input byte,we could reverse data structures and conversely identify fields based on their referencing data structures.We construct several experiments to evaluate the effectiveness.Experiment results show that our approach could effectively reverse precise input formats,and provide unique benefits to two representative security applications,exploit diagnosis and malware analysis.
基金Supported by the National Natural Science Foundation of China (60903188), Shanghai Education Commission Innovation Foundation (11YZ192) and World Expo Science and Technology Special Fund of Shanghai Science and Technology Commission (08dz0580202).
文摘Integer overflow vulnerability will cause buffer overflow. The research on the relationship between them will help us to detect integer overflow vulnerability. We present a dynamic analysis methods RICB (Run-time Integer Checking via Buffer overflow). Our approach includes decompile execute file to assembly language; debug the execute file step into and step out; locate the overflow points and checking buffer overflow caused by integer overflow. We have implemented our approach in three buffer overflow types: format string overflow, stack overflow and heap overflow. Experiments results show that our approach is effective and efficient. We have detected more than 5 known integer overflow vulnerabilities via buffer overflow.
基金supported by the National Natural Science Foundation of China(Grant Nos.41106012,41176008,91028008)a grant from Sanya Institute of Deep-Sea Science and Engineering(Grant No.SIDSSE-201207)
文摘Based on high-resolution,Array for Real-time Geostrophic Oceanography(Argo)profiles and Sea Level Anomaly(SLA)data,this study statistically analyzes and compares turbulent diapycnal mixing profiles inside and outside mesoscale eddies in the Gulf Stream region.The result indicates that average diapycnal diffusivity at 300–540 m depths in anticyclonic eddies reaches4.0×10-5 m2 s-1.This is significantly higher than the 1.6×10-5 m2 s-1 outside eddies and 0.8×10-5 m2 s-1 in cyclonic eddies.Probabilities of diapycnal diffusivity greater than 10-4 m2 s-1 within anticyclonic and cyclonic eddies and outside eddies are29%,5%and 12%,respectively.However,magnitudes of average diapycnal diffusivity at 540–900 m depths in these three cases are of the same order,10-5 m2 s-1.Twenty-four of a total 38 anticyclonic eddies had enhanced mixing in the ocean interior,and 22 were observed during or shortly after strong winds.The coincidence between enhanced mixing and strong wind stress indicates that more wind-induced,near-inertial wave energy propagates downward in anticyclonic eddies.The deeper part of 12 profiles(below 540 m)in anticyclonic eddies had vertical overturns with Thorpe scale exceeding 5 m,among which three profiles had overturns reaching 20 m.Enhanced mixing may have occurred in deep layers of some profiles,although it was not evident in average conditions.