Rechercher
Fermer ce champ de recherche.

Vous êtes victime d’un incident de sécurité ? Contactez notre CERT

05/07/2016

Publications

Assisted Identification of Mode of Operation in Binary Code with Dynamic Data Flow Slicing

Pierre Lestringant and Frédéric Guihéry, AMOSSYS, R&D Security Lab, Rennes, France and Pierre-Alain Fouque, Institut Universitaire de France, Paris, France

Abstract

Verification of software security properties, when conducted at the binary code level, is a difficult and cumbersome task. This paper is focused on the reverse engineering task that needs to be performed prior to any thorough analysis. A previous line of work has been dedicated to the identification of cryptographic primitives. Relying on the techniques that have been proposed, we devise a semi-automated solution to identify modes of operation. Our solution produces a concise representation of the data transfers occurring within a cryptographic scheme. Inspired by program slicing techniques, we extract from a dynamic data flow a slice defined as the smallest subgraph that is distance preserving for the set of cryptographic parameters. We apply our solution to several modes of operation including CBC, CTR, HMAC and OCB. For each of them, we successfully obtain a complete and readable representation. Moreover, we show with an example that our solution can be applied on non standard schemes to quickly discover security flaw.

Voir les dernières Publications

25 novembre 2024
Avec une souche éprouvée, des outils bien choisis et des cibles stratégiques, 8Base se distingue comme une menace particulièrement redoutable. […]
28 mai 2024
Cet article présente et expérimente AWARE (Attacks in Windows Architectures REvealed), un outil défensif capable d'interroger un système Windows et […]
28 mai 2024
Cet article présente la première proposition du format CAPG, qui est une méthode de représentation d'une vulnérabilité CVE, d'une exploitation […]
18 novembre 2021
The current trend is towards automation inside a security operations center (SOC), in particular on the remediation side [...]
26 janvier 2021
Persistent Threats (APT) since only pre-registered and well-characterized attacks can be catched. Some recent systems use unsupervised ML algorithms [...]
15 décembre 2020
Cet article expose la mise en oeuvre du leurrage dans un but de renseignement sur les attaquants (outils et méthodes).
23 novembre 2018
The current trend is towards automation inside a security operations center (SOC), in particular on the remediation side [...]
28 août 2018
Understanding data distributions is one of the most fundamentalresearch topic in data analysis. The literature provides a great dealof powerful […]
21 août 2017
Anomaly detection in time series has attracted considerable attention due to its importance in many real-world applications including intrusion detection, […]
22 mai 2017
Le langage C++ s’est imposé comme une référence dans les domaines où la modularité du développement ne doit pas empiéter […]