по
Journal Menu
> Issues > Rubrics > About journal > Authors > About the Journal > Requirements for publication > Council of Editors > Peer-review process > Policy of publication. Aims & Scope. > Article retraction > Ethics > Copyright & Licensing Policy > Digital archiving policy > Open Access Policy > Open access publishing costs > Article Identification Policy > Plagiarism check policy
Journals in science databases
About the Journal

ѕубликаци€ за 72 часа - теперь это реальность!
ѕри необходимости издательство предоставл€ет авторам услугу сверхсрочной полноценной публикации. ”же через 72 часа стать€ по€вл€етс€ в числе опубликованных на сайте издательства с DOI и номерами страниц.
ѕо первому требованию предоставл€ем все подтверждающие публикацию документы!
MAIN PAGE > Back to contents
Cybernetics and programming
Reference:

The method of automated research of the structure of disassembled representation of software code with a buffer overflow vulnerability using the matrix approach
Revnivykh Aleksandr Vladimirovich

PhD in Technical Science

Associate Professor, Department of Information Security, Novosibirsk State University of Economics and Management 

630099, Russia, Novosibirskaya oblast', g. Novosibirsk, ul. Kamenskaya, 56

al.revnivykh@mail.ru
ƒругие публикации этого автора
 

 
Velizhanin Anatolii Sergeevich

Specialist, Tyumen Industrial University

625000, Russia, Tyumenskaya oblast', g. Tyumen', ul. Volodarskogo, 38

anatoliy.velizhanin@gmail.com
ƒругие публикации этого автора
 

 

Abstract.

The subject of the research is the optimization algorithms for automated dependency search on disassembled code. The object of the research is the dependent code blocks on the x64 architecture of Intel processors manufactured by the company and listings obtained as a result of reverse engineering software by compilers with different settings in Windows and Linux.Purpose of the study. The purpose of the study is to consider the possibility of using mathematical matrices to build a machine code map, and also to review possible problems for automatic analysis, to search for the paths of information flows. Research methods. We used the Visual C ++ compiler. We consider the architecture in which the transfer of information can be carried out in the following ways: register-memory, memory-register, register-register. For the analysis, the method of forming the list of functions called up to the potentially dangerous block of code under investigation, chosen for each considered path to the block under study, was chosen. Methods for implementing the matrix approach are described and developed. Novelty and key findings. Mathematical matrix method can be used to build a machine code map. However, determining the reachability paths of individual code blocks may require a significant amount of resources. In addition, the machine code can be exposed to packers and obfuscators, which also introduces additional complexity. A number of potentially dangerous functions of the standard library of the C / C ++ programming language were identified.

Keywords: Mathematical Matrix Method, Buffer overflow, Disassembling, Code analysis, Vulnerabilities, Information security, Code compilers, Code Packers, Code obfuscators, Functions List

DOI:

10.25136/2306-4196.2018.6.28288

Article was received:

06-12-2018


Review date:

06-12-2018


Publish date:

13-12-2018


This article written in Russian. You can find full text of article in Russian here .

References
1.
Microsoft. Hardware Dev Center. x64 Architecture. [Elektronnyi resurs] URL: http://msdn.microsoft.com/en-us/library/windows/hardware/ff561499%28v=vs.85%29.aspx
2.
Ablyazov R. Z. Programmirovanie na assemblere na platforme kh86_64. Ucheb. posobie / R. Z. Ablyazov. Ч Moskva: DMK Press, 2011. Ч 305 c. Ч ISBN: 978-5-94074-676-8.
3.
Drozdov A. Yu., Kornev R. M., Bokhanko A. S. Indeksnyĭ analiz zavisimosteĭ po dannym // Informatsionnye tekhnologii i vychislitel'nye sistemy. Ч 2004. Ч є 3. URL: http://www.optimitech.com/docs/024.pdf
4.
Evstigneev V. A., Arapbaev R. N., Osmonov R. A. Analiz zavisimostei: osnovnye testy na zavisimost' po dannym // Sibirskii zhurnal vychislitel'noi matematiki. Ч 2007. Ч T. 10. Ч є 3. Ч S. 247Ц265. Ч URL: http://www.mathnet.ru/links/42c6264864b854261516917954cde4b9/sjvm82.pdf
5.
Arapbaev R. N., Osmonov R. A. Analiz zavisimosteĭ po dannym dlya mnogomernykh massivov na baze modifitsirovannogo λ-testa // Problemy intellektualizatsii i kachestva sistem informatiki. Ч Novosibirsk: ISI SO RAN, 2006. Ч S. 7Ц23. Ч URL: http://www.iis.nsk.su/files/articles/sbor_kas_13_arapbaev_osmonov.pdf
6.
Hex-rays. IDA: About. [Elektronnyi resurs] URL: https://www.hex-rays.com/products/ida/
7.
Velizhanin A. S., Revnivykh A. V. Evristicheskii metod poiska uyazvimostei v PO bez ispol'zovaniya iskhodnogo koda // XIV Rossiiskaya konferentsiya s mezhdunarodnym uchastiem ЂRaspredelennye informatsionnye i vychislitel'nye resursyї (DICR-2012). Ч ISBN 978-5-905569-05-0. Ч URL: https://docplayer.ru/87603686-Evristicheskiy-metod-poiska-uyazvimostey-v-po-bez-ispolzovaniya-ishodnogo-koda.html
8.
Mukhanova A. A., Revnivykh A. V., Fedotov A. M. Klassifikatsiya ugroz i uyazvimostei informatsionnoi bezopasnosti v korporativnykh sistemakh // Vestnik NGU. Ser.: Informatsionnye tekhnologii. Ч 2013. Ч T. 11. Ч є 2. ЦЧS. 55Ц72. Ч ISSN 1818-7900.
9.
Revnivykh A. V., Fedotov A. M. Monitoring informatsionnoi infrastruktury organizatsii // Vestnik NGU. Ser.: Informatsionnye tekhnologii. Ч 2013. Ч T. 11. Ч є 4. Ч S. 84Ц91. Ч URL: https://nsu.ru/xmlui/bitstream/handle/nsu/1295/2013_V11_N4_8.pdf.
10.
Voropaev D. P., Zaugolkov I. A. Issledovanie programmnykh uyazvimostei v komp'yuternykh sistemakh i analiz primenyaemogo programmnogo obespecheniya dlya provedeniya atak na vychislitel'nuyu sistemu // Vestnik Tambovskogo universiteta. Seriya: Estestvennye i tekhnicheskie nauki. Ч 2014. Ч T. 19. Ч є 2. Ч S. 637Ц638. Ч ISSN 1810-0198. ЧURL: https://cyberleninka.ru/article/v/issledovanie-programmnyh-uyazvimostey-v-kompyuternyh-sistemah-i-analiz-primenyaemogo-programmnogo-obespecheniya-dlya-provedeniya-atak
11.
Nurmukhametov A. R., Kurmangaleev Sh. F., Kaushan V. V., Gaisaryan S. S. Primenenie kompilyatornykh preobrazovanii dlya protivodeistviya ekspluatatsii uyazvimostei programmnogo obespecheniya // Trudy instituta sistemnogo programmirovaniya RAN. Ч 2014. Ч T. 26. Ч є 3. Ч S. 113Ц124. Ч ISSN 2079-8156.
12.
Fedotov A. N. Metod otsenki ekspluatiruemosti programmnykh defektov // Trudy instituta sistemnogo programmirovaniya RAN. Ч 2016. Ч T. 28. Ч є 4. Ч S. 137Ц148. Ч DOI: 10.15514/ISPRAS-2016-28(4)-8.
13.
Fedotov A. N., Kaushan V. V., Gaisaryan S. S., Kurmangaleev Sh. F. Postroenie predikatov bezopasnosti dlya nekotorykh tipov programmnykh defektov // Trudy instituta sistemnogo programmirovaniya RAN. Ч 2017. Ч T. 29. Ч є 6. Ч S. 151Ц162. Ч DOI: 10.15514/ISPRAS-2017-29(6)-8.
14.
Shudrak M. O., Kheirkhabarov T. S. Avtomatizirovannyi poisk uyazvimostei v binarnom kode // Reshetnevskie chteniya. Sibirskii gosudarstvennyi aerokosmicheskii universitet im. akad. M. F. Reshetneva. Ч 2012. ЧT. 16. Ч є 2. Ч S. 691Ц692.
15.
Vakhrushev I. A., Kaushan V. V., Padaryan V. A., Fedotov A. N. Metod poiska uyazvimosti formatnoi stroki // Trudy instituta sistemnogo programmirovaniya RAN. Ч 2015 Ч T. 27. Ч є 4. Ч S. 23Ц34. Ч ISSN 2079-8156. Ч DOI: 10.15514/ISPRAS-2015-27(4)-2.
16.
Padaryan V. A., Kaushan V. V., Fedotov A. N. Avtomatizirovannyi metod postroeniya eksploitov dlya uyazvimosti perepolneniya bufera na steke // Trudy instituta sistemnogo programmirovaniya RAN. Ч 2014. Ч T. 26. Ч є 6. Ч S. 127Ц144. Ч ISSN 2079-8156.
17.
Nurmukhametov A. R., Zhabotinskii E. A., Kurmangaleev Sh. F., Gaisaryan S. S., Vishnyakov A. V. Melkogranulyarnaya randomizatsiya adresnogo prostranstva programmy pri zapuske // Trudy instituta sistemnogo programmirovaniya RAN. Ч 2014. Ч T. 29. Ч є 6. Ч S. 163Ц182. Ч ISSN 2079-8156.
18.
Fedotov A. N., Padaryan V. A., Kaushan V. V., Kurmangaleev Sh. F., Vishnyakov A. V., Nurmukhametov A. R. Otsenka kritichnosti programmnykh defektov v usloviyakh raboty sovremennykh zashchitnykh mekhanizmov // Trudy instituta sistemnogo programmirovaniya RAN. Ч 2016. Ч T. 28. Ч є 5. Ч S. 73Ц92. Ч DOI: 10.15514/ISPRAS-2016-28(5)-4.
19.
Nadezhdin E. N., Shchiptsova E. I., Shershakova T. L. Analiz uyazvimostei programmnogo obespecheniya pri proektirovanii mekhanizma integrirovannoi zashchity korporativnoi informatsionnoi sistemy // Sovremennye naukoemkie tekhnologii. Ч 2017. Ч є 10. Ч S. 32Ц38. Ч ISSN 1812-7320. Ч URL: http://www.top-technologies.ru/ru/article/view?id=36824
20.
Mironov S. V., Kulikov G. V. Tekhnologii kontrolya bezopasnosti avtomatizirovannykh sistem na osnove strukturnogo i povedencheskogo testirovaniya programmnogo obespecheniya // Kibernetika i programmirovanie. Ч 2015. Ч є 5. Ч S.158Ц172. Ч ISSN 2306-4196. Ч DOI: 10.7256/2306-4196.2017.1.20351
21.
Azymshin I. M., Chukanov V. O. Analiz bezopasnosti programmnogo obespecheniya // Bezopasnost' informatsionnykh tekhnologii. Ч 2014. Чє 1. Ч S. 45Ц47. Ч ISSN 2074-7136.
22.
Sosnin Yu. V., Kulikov G. V., Nepomnyashchikh A. V. Kompleks matematicheskikh modelei optimizatsii konfiguratsii sredstv zashchity informatsii ot nesanktsionirovannogo dostupa // Programmnye sistemy i vychislitel'nye metody. Ч 2015. Ч є 1. Ч S. 32Ц44. Ч ISSN 2305-6061. Ч DOI: 10.7256/2305-6061.2015.1.14124
23.
Nepomnyashchikh A. V., Kulikov G. V., Sosnin Yu. V., Nashchekin P. A. Metody otsenivaniya zashchishchennosti informatsii v avtomatizirovannykh sistemakh ot nesanktsionirovannogo dostupa // Voprosy zashchity informatsii. Ч 2014. Ч є 1 (104). Ч S. 3Ц12. Ч ISSN 2073-2600.
24.
Kozachok A. V., Kochetkov E. V. Obosnovanie vozmozhnosti primeneniya verifikatsii programm dlya obnaruzheniya vredonosnogo koda. Voprosy kiberbezopasnosti. Ч 2016. Ч Byp. 3(16). Ч S. 25Ц32. Ч ISSN 2311-3456. Ч URL: https://cyberleninka.ru/article/v/obosnovanie-vozmozhnosti-primeneniya-verifikatsii-programm-dlya-obnaruzheniya-vredonosnogo-koda
Link to this article

You can simply select and copy link from below text field.


Other our sites:
Official Website of NOTA BENE / Aurora Group s.r.o.
"History Illustrated" Website