Abstract
The binary translator is a software component of a computer system. It converts binary code of one ISA into binary code of another ISA. Recent trends show that binary translators have been used to save CPU power consumption and CPU die size, which makes binary translators a possible indispensable component of future computer systems. And such situation would give new opportunities to the security of these computer systems. One of the opportunities is that we can perform malicious code checking dynamically in the layer of binary translators. This approach has many advantages, both in terms of capability of detection and checking overhead. In this paper, we proposed a working dynamic malicious code checking module integrated to an existent open-source binary translator, QEMU, and explained that our module’s capability of detection is superior to other malicious code checking methods while acceptable performance is still maintained.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Ung, D., Cifuentes, C.: Dynamic binary translation using run-time feedbacks. Science of Computer Programming 60(2) (2006)
Baraz, L., Devor, T., Etzion, O., Goldenberg, S., Skaletsky, A., Yun Wang Zemach, Y.: IA-32 execution layer: a two-phase dynamic translator designed to support IA-32 applications on Itanium®-based systems. In: 36th Annual IEEE/ACM International Symposium on Micro-architecture (2003)
The Technology Behind CrusoeTM Processors, Transmeta Corporation (2000)
Fisher, J.A.: Very long instruction word architectures and the ELI-512. In: Proceedings of the 10th annual international symposium on Computer architecture (1983)
Smith, J.E., Sohi, G.S.: The micro-architecture of superscalar processors. Proceedings of the IEEE (1995)
Tomasulo, R.M.: An efficient algorithm for exploiting multiple arithmetic units. IBM Journal of research and Development (1967)
Lawton, K.P.: Bochs: A Portable PC Emulator for Unix/X. Linux Journal (1996)
Mihahai, C.: Static analysis of executables to detect malicious patterns. In: Proceedings of the 12th conference on USENIX Security Symposium (2006)
Natvig, K.: Sandbox Technology inside AV Scanners. In: Virus Bulletin Coference (2001)
Bellard, F.: QEMU, a Fast and Portable Dynamic Translator, USENIX (2005)
Gong, L.: Going beyond the sandbox: An overview of the new security architecture in the Java development kit 1.2. In: Proceedings of the USENIX Symposium on Internet Technologies and Systems (1997)
Sung, A.H.: Static analyzer of vicious executables (SAVE). In: 20th Annual Computer Security Applications Conference (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fang, Z., Li, M., Weng, C., Luo, Y. (2009). Dynamic Malicious Code Detection Based on Binary Translator. In: Jaatun, M.G., Zhao, G., Rong, C. (eds) Cloud Computing. CloudCom 2009. Lecture Notes in Computer Science, vol 5931. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10665-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-10665-1_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10664-4
Online ISBN: 978-3-642-10665-1
eBook Packages: Computer ScienceComputer Science (R0)