PhD Dissertation Proposal by HONG Jiaqi | A Virtualization based System Infrastructure for Dynamic Program Analysis

About The Talk

Dynamic analysis is widely used in malware analysis, live forensic, virtual machine introspection, taint analysis and binary instrumentation. We propose a new dynamic analysis model called onsite analysis. Its hallmark is that the analysis program securely executes in the live virtual address space of the target program under inspection. The direct benefit of the model is that the analysis program can conduct large-scale intensive on-demand accesses to the target's virtual memory at native speed, either read or execute, without facing the address barrier. In order to showcase the strengths of the new analysis model, we build and test several use cases: a virtual address space reconnaissance tool, a system call monitor and a dynamic control flow generator. The experiments show that onsite analysis can efficiently collect and effectively explore in-memory intelligence to understand the target program’s live semantics and behaviors.

Speaker Biography

Jiaqi HONG is a PHD candidate in Cybersecurity at School of Information Systems, Singapore Management University. She is advised by Associate Professor Xuhua DING and AXA Chair Professor Robert H. Deng. In her PhD study, she focuses on designing virtualization based system and its applications.