P. M. Dovgalyuk, M. A. Klimushenkova, N. I. Fursova, V. M. Stepanov, I. A. Vasiliev, A. A. Ivanov, A. V. Ivanov, M. G. Bakulin, D. I. Egorov, “Natch: using virtual machine introspection and taint analysis for detection attack surface of the software”, Proceedings of ISP RAS, 34:5 (2022), 89

Proceedings of the Institute for System Programming of the RAS

RUS ENG

JOURNALS PEOPLE ORGANISATIONS CONFERENCES SEMINARS VIDEO LIBRARY PACKAGE AMSBIB

JavaScript is disabled in your browser. Please switch it on to enable full functionality of the website

	General information
	Latest issue
	Archive

	Search papers
	Search references

	RSS
	Latest issue
	Current issues
	Archive issues
	What is RSS

Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
	Find

Personal entry:
Login:
Password:
	Save password
	Enter
	Forgotten password?
	Register

Proceedings of the Institute for System Programming of the RAS, 2022, Volume 34, Issue 5, Pages 89–110
DOI: https://doi.org/10.15514/ISPRAS-2022-34(5)-6 (Mi tisp723)

This article is cited in 2 scientific papers (total in 2 papers)

Natch: using virtual machine introspection and taint analysis for detection attack surface of the software

P. M. Dovgalyuk^ab, M. A. Klimushenkova^a, N. I. Fursova^a, V. M. Stepanov^a, I. A. Vasiliev^a, A. A. Ivanov^a, A. V. Ivanov^a, M. G. Bakulin^a, D. I. Egorov^a

^a Ivannikov Institute for System Programming of the RAS
^b Yaroslav-the-Wise Novgorod State University

Full-text PDF (842 kB) Citations (2)

DOI: https://doi.org/10.15514/ISPRAS-2022-34(5)-6

Abstract: Natch is a tool that provides a convenient way of obtaining an attack surface. By attack surface we mean a list of executable files, dynamic libraries and functions that are responsible for input data processing (such as: files, network packets) during task execution. Functions that end up in the attack surface are possible sources of software vulnerabilities, so they should be given an increased attention during an analysis. At the heart of the Natch tool lay improved methods of tainted data tracking and virtual machines introspection. Natch is built on the basis of the full-system QEMU emulator, so it allows you to analyze any system components, including even the OS kernel and system drivers. The collected attack surface data is visualized by SNatch, which is tool for data post-processing and GUI implementation. SNatch comes with Natch tool by default. Attack surface obtaining can be built into CI/CD for integrational and system testing. A refined attack surface will increase the effectiveness of functional testing and fuzzing in the life cycle of secure software.

Keywords: dynamic analysis, introspection, taint analysis, qemu, instrumentation, natch

Document Type: Article

Language: Russian

Citation: P. M. Dovgalyuk, M. A. Klimushenkova, N. I. Fursova, V. M. Stepanov, I. A. Vasiliev, A. A. Ivanov, A. V. Ivanov, M. G. Bakulin, D. I. Egorov, “Natch: using virtual machine introspection and taint analysis for detection attack surface of the software”, Proceedings of ISP RAS, 34:5 (2022), 89–110

Citation in format AMSBIB

\Bibitem{DovKliFur22}

\by P.~M.~Dovgalyuk, M.~A.~Klimushenkova, N.~I.~Fursova, V.~M.~Stepanov, I.~A.~Vasiliev, A.~A.~Ivanov, A.~V.~Ivanov, M.~G.~Bakulin, D.~I.~Egorov

\paper Natch: using virtual machine introspection and taint analysis for detection attack surface of the software

\jour Proceedings of ISP RAS

\yr 2022

\vol 34

\issue 5

\pages 89--110

\mathnet{http://mi.mathnet.ru/tisp723}

\crossref{https://doi.org/10.15514/ISPRAS-2022-34(5)-6}

Linking options:

https://www.mathnet.ru/eng/tisp723

https://www.mathnet.ru/eng/tisp/v34/i5/p89

This publication is cited in the following 2 articles:

Citing articles in Google Scholar: Russian citations, English citations
Related articles in Google Scholar: Russian articles, English articles

Proceedings of the Institute for System Programming of the RAS

Statistics & downloads:
Abstract page:	15
Full-text PDF :	10

Что такое QR-код?

Registration to the website

Logotypes