[langsec-discuss] Studying malware in terms of LangSec

Andrew munin at mimisbrunnr.net
Wed Nov 26 17:00:23 UTC 2014


you can model runtime behavior to some abstraction, that is what type
systems do. so you/your type system can answer questions like "if this
function returns, the value will be an integer". this post gives a good
introduction: http://www.pl-enthusiast.net/2014/08/05/type-safety/

Originally, you were talking about malware and identifying two programs
that produce the same output. it is not possible in general to decide
functional equivilence, nonetheless attempts have been made. for
practical purposes, look at these two papers:

http://www.researchgate.net/publication/224585500_Regression_verification/file/79e41506add52e4d88.pdf

http://research.microsoft.com/pubs/161804/paper.pdf

On 11/26/2014 04:09 AM, Sashank Dara wrote:
> But what are the theoretical roots ?
> Can we model the variations in the code that exhibit the same behavior ?
>  
> (Am not able to articulate it more formally , let me give a try)
> Say how to model two different strings of same language exhibiting same
> behavior ? 
> 
> Can we model run time behavior of  a program in Computation theory at all ?
> 
> 
> Regards,
> Sashank
> http://lnkd.in/88sgfr
> 
> On Tue, Nov 25, 2014 at 7:24 PM, Andrew <munin at mimisbrunnr.net
> <mailto:munin at mimisbrunnr.net>> wrote:
> 
>     There are tools like this that might help some:
>     https://symdiff.codeplex.com/
> 
>     On 11/25/2014 08:34 AM, Sashank Dara wrote:
>     > Hi ,
>     >
>     > Am curious if we can study sophisticated metamorphic and polymorphic
>     > malwares of current day in terms of langsec ?
>     >
>     > Classic File hashes like MD5,  SHA etc are no longer helping in
>     > identifying malware programs that are mutating . So current
>     research is
>     > around using control flow graphs or structural properties or feature
>     > vectors in order to identify malware files belonging to similar
>     family.
>     >
>     > how can we identify two (or more) programs that produce same malicious
>     > affect , say using theory of computer science and lang sec principles
>     >
>     > Regards,
>     > Sashank
>     > http://lnkd.in/88sgfr
>     >
>     >
>     > _______________________________________________
>     > langsec-discuss mailing list
>     > langsec-discuss at mail.langsec.org
>     <mailto:langsec-discuss at mail.langsec.org>
>     > https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
>     >
>     _______________________________________________
>     langsec-discuss mailing list
>     langsec-discuss at mail.langsec.org
>     <mailto:langsec-discuss at mail.langsec.org>
>     https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
> 
> 


More information about the langsec-discuss mailing list