Proceedings of the Institute for System Programming of the RAS
RUS  ENG    JOURNALS   PEOPLE   ORGANISATIONS   CONFERENCES   SEMINARS   VIDEO LIBRARY   PACKAGE AMSBIB  
General information
Latest issue
Archive

Search papers
Search references

RSS
Latest issue
Current issues
Archive issues
What is RSS



Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
Find






Personal entry:
Login:
Password:
Save password
Enter
Forgotten password?
Register


Proceedings of the Institute for System Programming of the RAS, 2022, Volume 34, Issue 5, Pages 89–110
DOI: https://doi.org/10.15514/ISPRAS-2022-34(5)-6
(Mi tisp723)
 

This article is cited in 2 scientific papers (total in 2 papers)

Natch: using virtual machine introspection and taint analysis for detection attack surface of the software

P. M. Dovgalyukab, M. A. Klimushenkovaa, N. I. Fursovaa, V. M. Stepanova, I. A. Vasilieva, A. A. Ivanova, A. V. Ivanova, M. G. Bakulina, D. I. Egorova

a Ivannikov Institute for System Programming of the RAS
b Yaroslav-the-Wise Novgorod State University
Full-text PDF (842 kB) Citations (2)
Abstract: Natch is a tool that provides a convenient way of obtaining an attack surface. By attack surface we mean a list of executable files, dynamic libraries and functions that are responsible for input data processing (such as: files, network packets) during task execution. Functions that end up in the attack surface are possible sources of software vulnerabilities, so they should be given an increased attention during an analysis. At the heart of the Natch tool lay improved methods of tainted data tracking and virtual machines introspection. Natch is built on the basis of the full-system QEMU emulator, so it allows you to analyze any system components, including even the OS kernel and system drivers. The collected attack surface data is visualized by SNatch, which is tool for data post-processing and GUI implementation. SNatch comes with Natch tool by default. Attack surface obtaining can be built into CI/CD for integrational and system testing. A refined attack surface will increase the effectiveness of functional testing and fuzzing in the life cycle of secure software.
Keywords: dynamic analysis, introspection, taint analysis, qemu, instrumentation, natch
Document Type: Article
Language: Russian
Citation: P. M. Dovgalyuk, M. A. Klimushenkova, N. I. Fursova, V. M. Stepanov, I. A. Vasiliev, A. A. Ivanov, A. V. Ivanov, M. G. Bakulin, D. I. Egorov, “Natch: using virtual machine introspection and taint analysis for detection attack surface of the software”, Proceedings of ISP RAS, 34:5 (2022), 89–110
Citation in format AMSBIB
\Bibitem{DovKliFur22}
\by P.~M.~Dovgalyuk, M.~A.~Klimushenkova, N.~I.~Fursova, V.~M.~Stepanov, I.~A.~Vasiliev, A.~A.~Ivanov, A.~V.~Ivanov, M.~G.~Bakulin, D.~I.~Egorov
\paper Natch: using virtual machine introspection and taint analysis for detection attack surface of the software
\jour Proceedings of ISP RAS
\yr 2022
\vol 34
\issue 5
\pages 89--110
\mathnet{http://mi.mathnet.ru/tisp723}
\crossref{https://doi.org/10.15514/ISPRAS-2022-34(5)-6}
Linking options:
  • https://www.mathnet.ru/eng/tisp723
  • https://www.mathnet.ru/eng/tisp/v34/i5/p89
  • This publication is cited in the following 2 articles:
    Citing articles in Google Scholar: Russian citations, English citations
    Related articles in Google Scholar: Russian articles, English articles
    Proceedings of the Institute for System Programming of the RAS
    Statistics & downloads:
    Abstract page:33
    Full-text PDF :16
     
      Contact us:
     Terms of Use  Registration to the website  Logotypes © Steklov Mathematical Institute RAS, 2024