Arasteh et al., 2007 - Google Patents
Forensic memory analysis: From stack and code to execution historyArasteh et al., 2007
View HTML- Document ID
- 1787549023011566153
- Author
- Arasteh A
- Debbabi M
- Publication year
- Publication venue
- digital investigation
External Links
Snippet
Forensics memory analysis has recently gained great attention in cyber forensics community. However, most of the proposals have focused on the extraction of important kernel data structures such as executive objects from the memory. In this paper, we propose …
- 238000004458 analytical method 0 title abstract description 48
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/44—Arrangements for executing specific programmes
- G06F9/455—Emulation; Software simulation, i.e. virtualisation or emulation of application or operating system execution engines
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformations of program code
- G06F8/41—Compilation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Lam et al. | Securing web applications with static and dynamic information flow tracking | |
| Caballero et al. | Binary Code Extraction and Interface Identification for Security Applications. | |
| EP2486482B1 (en) | A system and method for aggressive self-modification in dynamic function call systems | |
| JP5042315B2 (en) | Detect security vulnerabilities in source code | |
| Lakhotia et al. | A method for detecting obfuscated calls in malicious binaries | |
| Arasteh et al. | Forensic memory analysis: From stack and code to execution history | |
| Livshits et al. | SecuriFly: Runtime protection and recovery from Web application vulnerabilities | |
| Hamadouche et al. | Virus in a smart card: Myth or reality? | |
| Baltopoulos et al. | Secure compilation of a multi-tier web language | |
| Waly et al. | A complete framework for kernel trace analysis | |
| Sun et al. | μDep: Mutation-Based Dependency Generation for Precise Taint Analysis on Android Native Code | |
| Zhan et al. | Securing Operating Systems Through Fine-Grained Kernel Access Limitation for IoT Systems | |
| Jacob et al. | Malware as interaction machines: a new framework for behavior modelling | |
| Mogage et al. | A formal tainting-based framework for malware analysis | |
| Yadegari | Automatic deobfuscation and reverse engineering of obfuscated code | |
| Lakhotia et al. | Context-sensitive analysis of obfuscated x86 executables | |
| Bangert et al. | Sections are types, linking is policy: Using the loader format for expressing programmer intent | |
| Otsuki et al. | Overcoming the obfuscation method of the dynamic name resolution | |
| Chang et al. | Tomato: A trustworthy code mashup development tool | |
| Kaiya et al. | Eliciting security requirements for an information system using asset flows and processor deployment | |
| Ali et al. | Unbundle-Rewrite-Rebundle: Runtime Detection and Rewriting of Privacy-Harming Code in JavaScript Bundles | |
| Kavousi et al. | SemFlow: Accurate Semantic Identification from Low-Level System Data | |
| Catalano et al. | Enhancing Code Obfuscation Techniques: Exploring the Impact of Artificial Intelligence on Malware Detection | |
| Junjie | Detection and Analysis of Web-based Malware and Vulnerability | |
| Lachmund | Auto-generating access control policies for applications by static analysis with user input recognition |