Communications of the ACM
Symbolic execution and program testing
Communications of the ACM
ACM Transactions on Computer Systems (TOCS)
Isolating cause-effect chains from computer programs
Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineering
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Preventing privilege escalation
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Trojan Detection using IC Fingerprinting
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Privilege separation made easy: trusting small libraries not big processes
Proceedings of the 1st European Workshop on System Security
Wedge: splitting applications into reduced-privilege compartments
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Designing and implementing malicious hardware
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
CPU Bugs, CPU Backdoors and Consequences on Security
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
BinHunt: Automatically Finding Semantic Differences in Binary Programs
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
A chipset level network backdoor: bypassing host-based firewall & IDS
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
A Survey of Hardware Trojan Taxonomy and Detection
IEEE Design & Test
Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Nemesis: preventing authentication & access control vulnerabilities in web applications
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Defeating UCI: Building Stealthy and Malicious Hardware
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
DISTROY: detecting integrated circuit Trojans with compressive measurements
HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
A Framework to Eliminate Backdoors from Response-Computable Authentication
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Adaptive defenses for commodity software through virtual application partitioning
Proceedings of the 2012 ACM conference on Computer and communications security
| Hi-index | 0.00 |
Backdoors in software systems probably exist since the very first access control mechanisms were implemented and they are a well-known security problem. Despite a wave of public discoveries of such backdoors over the last few years, this threat has only rarely been tackled so far. In this paper, we present an approach to reduce the attack surface for this kind of attacks and we strive for an automated identification and elimination of backdoors in binary applications. We limit our focus on the examination of server applications within a client-server model. At the core, we apply variations of the delta debugging technique and introduce several novel heuristics for the identification of those regions in binary application that backdoors are typically installed in (i.e., authentication and command processing functions). We demonstrate the practical feasibility of our approach on several real-world backdoors found in modified versions of the popular software tools ProFTPD and OpenSSH. Furthermore, we evaluate our implementation not only on common instruction set architectures such as x86-64, but also on commercial off-the-shelf embedded devices powered by a MIPS32 processor.