Malicious software (malware) attacks are an ever-increasing cyber-security problem. One reason for this trend is the widespread adoption of packing technology as a way to mask the semantics of binary instructions, hiding them from detection. Packing is so successful that it is estimated 70-80% of malicious programs utilize it to avoid detection [1]. The popularity of virtualization provides new tools for dealing with this threat. Researchers have successfully used facilities provided by virtualization to develop new ways of detecting and analyzing packed and encrypted malware. Methods like these typically require changes to the virtualization platform, making them difficult to deploy as well as hard to reuse. This thesis presents Maitland, a proof-of-concept unpacking system which achieves similar functionality to existing research, using paravirtualization extensions instead of requiring changes to the hypervisor. During our experiments, Maitland successfully exposed instructions in software that was packed by the UPX and gzexe packers. Maitland’s avoidance of changes to the hypervisor means it is better suited for quick deployment in a cloud environment. / Graduate
| Identifer | oai:union.ndltd.org:uvic.ca/oai:dspace.library.uvic.ca:1828/3866 |
| Date | 04 April 2012 |
| Creators | Benninger, Christopher Adam |
| Contributors | Coady, Yvonne, Neville, Stephen William |
| Source Sets | University of Victoria |
| Language | English, English |
| Detected Language | English |
| Type | Thesis |
| Format | application/pdf |
| Rights | Available to the World Wide Web |
Page generated in 0.0022 seconds