по
Journal Menu
> Issues > Rubrics > About journal > Authors > About the Journal > Requirements for publication > Council of Editors > Peer-review process > Peer-review in 24 hours: How do we do it? > Policy of publication. Aims & Scope. > Article retraction > Ethics > Copyright & Licensing Policy > Publication in 72 hours: How do we do it? > Digital archiving policy > Open Access Policy > Open access publishing costs > Article Identification Policy > Plagiarism check policy
Journals in science databases
About the Journal

ѕубликаци€ за 72 часа - теперь это реальность!
ѕри необходимости издательство предоставл€ет авторам услугу сверхсрочной полноценной публикации. ”же через 72 часа стать€ по€вл€етс€ в числе опубликованных на сайте издательства с DOI и номерами страниц.
ѕо первому требованию предоставл€ем все подтверждающие публикацию документы!
MAIN PAGE > Back to contents
Cybernetics and programming
Reference:

Methods for automated formation of a disassembled listing structure
Revnivykh Aleksandr Vladimirovich

PhD in Technical Science

Associate Professor, Department of Information Security, Novosibirsk State University of Economics and Management 

630099, Russia, Novosibirskaya oblast', g. Novosibirsk, ul. Kamenskaya, 56

al.revnivykh@mail.ru
ƒругие публикации этого автора
 

 
Velizhanin Anatolii Sergeevich

Specialist, Tyumen Industrial University

625000, Russia, Tyumenskaya oblast', g. Tyumen', ul. Volodarskogo, 38

anatoliy.velizhanin@gmail.com
ƒругие публикации этого автора
 

 

Abstract.

The subject of the research is the method of splitting a disassembled code into logical blocks in automatic mode, searching for software vulnerabilities without using source code (using a binary file or its equivalent, obtained by reverse engineering).The object of the research is the existing code analyzers and features of their functionality.The aim of the study is to consider the possibility of splitting a disassembled code into logical blocks in automatic mode and some of the possible difficulties associated with this.Formulation of the problem. The complexity of analyzing large software products at the level of machine code necessitates the automation of this process. The research methodology is based on a combination of theoretical and empirical approaches using the methods of static and dynamic analysis, comparison, generalization, algorithmization, modeling, synthesis. Key findings. Splitting the code into blocks by sequential in line-by-line analysis of machine code in some cases can lead to misinterpretation. In addition, the analysis of the code according to the conclusions of the functions also does not guarantee the correctness of the determination of the boundaries of the functions. However, in general, the matrix method can be applied to analyze the dependencies of functions on the blocks of code thus selected.The scientific novelty is connected with the determination of promising vectors for the study of software code for vulnerability, the rationale for the approach (building the transition matrix from integer values), which may be the initial stage of preparation for the automated analysis of the disassembled code.

Keywords: Matrix method, Adjacency matrix, IDA Pro utility, FASM compiler, Disassembling, Code analyses, Vulnerabilities, Information security, Code blocks, Matrix building algorithm

DOI:

10.25136/2306-4196.2019.2.28272

Article was received:

14-12-2018


Review date:

22-12-2018


Publish date:

25-12-2018


This article written in Russian. You can find full text of article in Russian here .

References
1.
Revnivykh A. V. Monitoring informatsionnoi infrastruktury organizatsii / A. V. Revnivykh, A. M. Fedotov // Vestnik NGU. Ser.: Informatsionnye tekhnologii. Ч 2013. Ч T. 11. Ч є 4. Ч S. 84Ц91. ISSN 1818-7900. URL: https://nsu.ru/xmlui/bitstream/handle/nsu/1295/2013_V11_N4_8.pdf.
2.
Primenenie kompilyatornykh preobrazovanii dlya protivodeistviya ekspluatatsii uyazvimostei programmnogo obespecheniya / A. R. Nurmukhametov [i dr.] // Trudy instituta sistemnogo programmirovaniya RAN. Ч 2014. Ч T. 26. Ч є
3.
S. 113-124. ISSN 2079-8156. 3.Otsenka kritichnosti programmnykh defektov v usloviyakh raboty sovremennykh zashchitnykh mekhanizmov /A. N. Fedotov [i dr.] // Trudy instituta sistemnogo programmirovaniya RAN. Ч 2016. Ч T. 28. Ч є 5. Ч S. 73Ц92. DOI: 10.15514/ISPRAS-2016-28(5)-4
4.
Mukhanova A. A. Klassifikatsiya ugroz i uyazvimostei informatsionnoi bezopasnosti v korporativnykh sistemakh / A. A. Mukhanova, A. V Revnivykh, A. M Fedotov // Vestnik NGU. Ser.: Informatsionnye tekhnologii. Ч 2013. Ч T. 11. Ч є 2. Ч S. 55-72. ISSN 1818-7900.
5.
Revnivykh A. V. Politiki obnovleniya resursov v informatsionnykh sistemakh / A. V. Revnivykh, A. M. Fedotov // Vestnik NGU. Ser.: Informatsionnye tekhnologii. Ч 2013. Ч T. 11. Ч є 2. ЧS. 82Ц105. ISSN 1818-7900.
6.
Fedotov A. N. Postroenie predikatov bezopasnosti dlya nekotorykh tipov programmnykh defektov / A. N. Fedotov [i dr.] // Trudy instituta sistemnogo programmirovaniya RAN. Ч 2017. Ч T. 29. Ч є 6. Ч S. 151Ц162. ISSN 2079-8156. DOI: 10.15514/ISPRAS-2017-29(6)-8.
7.
Nadezhdin E.N. Analiz uyazvimostei programmnogo obespecheniya pri proektirovanii mekhanizma integrirovannoi zashchity korporativnoi informatsionnoi sistemy / E.N. Nadezhdin, E.I. Shchiptsova, T.L. Shershakova. // Sovremennye naukoemkie tekhnologii. Ч 2017. Ч є 10. Ч S. 32Ц38. ISSN 1812-7320. URL: http://www.top-technologies.ru/ru/article/view?id=36824
8.
Satton M. Fuzzing: issledovanie uyazvimostei metodom gruboi sily / M. Satton, A. Grin, P. Amini. Ч SPb.-M.: Simvol-Plyus, 2009. Ч 560 s. ISBN: 978-5-93286-147-9.
9.
Velizhanin A. S. Evristicheskii metod poiska uyazvimostei v PO bez ispol'zovaniya iskhodnogo koda / A. S. Velizhanin, A. V. Revnivykh // XIV Rossiiskaya konferentsiya s mezhdunarodnym uchastiem "Raspredelennye informatsionnye i vychislitel'nye resursy" (DICR-2012). ISBN 978-5-905569-05-0. 26 noyabrya-30 noyabrya 2012, Novosibirsk. URL: http://conf.ict.nsc.ru/files/conferences/dicr2012/fulltext/140768/141800/%D0%A0%D0%B5%D0%B2%D0%BD%D0%B8%D0%B2%D1%8B%D1%85%20%20%D0%AD%D0%B2%D1%80%D0%B8%D1%81%D1%82%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B8%D0%B9%20%D0%BC%D0%B5%D1%82%D0%BE%D0%B4.pdf
10.
Blagodarenko A. V. Razrabotka metoda, algoritmov i programm dlya avtomaticheskogo poiska uyazvimostei programmnogo obespecheniya v usloviyakh otsutstviya iskhodnogo koda: dissertatsiya ... kandidata tekhnicheskikh nauk: 05.13.19 / A. V. Blagodarenko; [Mesto zashchity: Yuzh. feder. un-t]. Ч Taganrog, 2011. Ч 140 s.: il. OD 61 12-5/251.
11.
Shudrak M. O. Avtomatizirovannyi poisk uyazvimostei v binarnom kode / M. O. Shudrak, T. S. Kheirkhabarov // Reshetnevskie chteniya: materialy XVI Mezhdunar. nauch. konf., posvyashch. pamyati gener. konstruktora raket.-kosmich. sistem akad. M. F. Reshetneva (7Ц9 noyab. 2012, g. Krasnoyarsk): v 2 ch. / pod obshch. red. Yu. Yu. Loginova; Sib. gos. aerokosmich. un-t. Ч Krasnoyarsk, 2012. Ч Ch. 2. Ч S. 691Ц692.
12.
Voropaev D. P. Issledovanie programmnykh uyazvimostei v komp'yuternykh sistemakh i analiz primenyaemogo programmnogo obespecheniya dlya provedeniya atak na vychislitel'nuyu sistemu / D. P. Voropaev, I. A. Zaugolkov // Vestnik TGU. Ч 2014. Ч T. 19. Ч є 2. S. Ч 637Ц638. ISSN 1810-0198. URL: https://cyberleninka.ru/article/v/issledovanie-programmnyh-uyazvimostey-v-kompyuternyh-sistemah-i-analiz-primenyaemogo-programmnogo-obespecheniya-dlya-provedeniya-atak
13.
Mironov S. V. Tekhnologii kontrolya bezopasnosti avtomatizirovannykh sistem na osnove strukturnogo i povedencheskogo testirovaniya programmnogo obespecheniya / S. V.Mironov, G. V. Kulikov // Kibernetika i programmirovanie. Ч 2015. Ч є 5. Ч S.158Ц172. ISSN 2306-4196. DOI: 10.7256/2306-4196.2017.1.20351
14.
Nepomnyashchikh A. V., Kulikov G. V., Sosnin Yu. V., Nashchekin P. A. Metody otsenivaniya zashchishchennosti informatsii v avtomatizirovannykh sistemakh ot nesanktsionirovannogo dostupa // Voprosy zashchity informatsii. Ч 2014. Ч є 1 (104). Ч S. 3Ц12. ISSN 2073-2600.
15.
Fedotov A. N. Metod otsenki ekspluatiruemosti programmnykh defektov // Trudy instituta sistemnogo programmirovaniya RAN. Ч 2016. Ч T. 28. Ч є 4. Ч S. 137Ц148. ISSN 2079-8156. DOI: 10.15514/ISPRAS-2016-28(4)-8.
16.
Metod poiska uyazvimosti formatnoi stroki / I. A. Vakhrushev [i dr.] // Trudy instituta sistemnogo programmirovaniya RAN. Ч 2015. Ч T. 27. Ч є 4. Ч S. 23-34. ISSN 2079-8156. DOI: 10.15514/ISPRAS-2015-27(4)-2
17.
Padaryan V. A. Avtomatizirovannyi metod postroeniya eksploitov dlya uyazvimosti perepolneniya bufera na steke / V. A Padaryan, V. V. Kaushan, A. N. Fedotov // Trudy instituta sistemnogo programmirovaniya RAN. Ч 2014. Ч T. 26. Ч є 6. Ч S. 127Ц144. ISSN 2079-8156.
18.
Kozachok A. V., Kochetkov E. V. Obosnovanie vozmozhnosti primeneniya verifikatsii programm dlya obnaruzheniya vredonosnogo koda. // Voprosy kiberbezopasnosti. Ч 2016. Ч Byp. 3(16). Ч S. 25Ц32. ISSN 2311-3456.
19.
Azymshin I. M. Analiz bezopasnosti programmnogo obespecheniya / I. M. Azymshin, V. O. Chukanov // Bezopasnost' informatsionnykh tekhnologii. Ч 2014. Чє 1. Ч S. 45Ц47. ISSN 2074-7136.
20.
Sosnin Yu. V. Kompleks matematicheskikh modelei optimizatsii konfiguratsii sredstv zashchity informatsii ot nesanktsionirovannogo dostupa / Yu. V. Sosnin, G. V. Kulikov, A. V. Nepomnyashchikh // Programmnye sistemy i vychislitel'nye metody. . Ч 2015. Ч є 1. Ч S. 32Ц44. ISSN 2305-6061. DOI: 10.7256/2305-6061.2015.1.14124
21.
Melkogranulyarnaya randomizatsiya adresnogo prostranstva programmy pri zapuske / A. R. Nurmukhametov [i dr.] // Trudy instituta sistemnogo programmirovaniya RAN. Ч 2014. Ч T. 29. Ч є 6. Ч S. 163Ц182. Ч ISSN 2079-8156.
Link to this article

You can simply select and copy link from below text field.


Other our sites:
Official Website of NOTA BENE / Aurora Group s.r.o.
"History Illustrated" Website