-
Notifications
You must be signed in to change notification settings - Fork 1
/
thesis.tex
81 lines (60 loc) · 5.19 KB
/
thesis.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
%% LaTeX document class.
%!TEX program = htlatex
\documentclass[medieteknikk]{gucmasterthesis}
\usepackage{ifpdf}
\ifpdf
\usepackage[pdftex]{graphicx}
\usepackage{epstopdf}
\else
\usepackage[dvips]{graphicx}
\usepackage[dvips]{hyperref} % For cross references in pdf
\fi
\usepackage[final]{pdfpages}
\usepackage{mdwlist}
\usepackage{url}
\usepackage{float}
\usepackage{todonotes}
\usepackage{hyperref}
\usepackage{listings}
\usepackage[utf8]{inputenc} % For utf8 encoded .tex files
\usepackage[british]{babel} % For chapter headings etc.
\begin{document}
\thesistitle{Obfuscating Malware through Cache Memory Architecture Features}
\thesisauthor{Çağlar SAYIN}
\thesisdate{\gucmasterthesisdate}
\useyear{2014}
\makefrontpages % make the frontpages
\thesistitlepage % make the ordinary titlepage
\chapter*{Abstract}
There is no doubt that malicious software (malware) is one of the most important threat in computer security. With increasing of the information systems and computer network usage in the industrial and governmental infrastructures, their economy and impact over our society are increasing. According to Symantec's report in 2008\cite{turner2008symantec}, "The release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications." The worst of all, malware design is not as simple as how it was before. A few years ago, we saw countries who developed malware as a professorial weapon for their political benefits, and it would not be surprising if one of these weapons were seen in the corporate world soon. This malware was utilized with many camouflaging techniques (e.g. polymorphism, metamorphism, etc.) against the malware detection system.
Basically, the most of the camouflaging techniques obfuscate and hide the signatures to be stored safely in a non-volatile memory or disk, and before they started to run on the main memory, they deobfuscate the whole code to execute. Consequently, the detection systems have simply started to search the signatures in the main memory. In this thesis, we designed a way to raise the bar from "from disk to memory obfuscation" to "from disk to cache obfuscation". More specifically, we designed theoretical malware obfuscation methods for tightly coupled multi-processor systems which utilize caches as a private memory to evade main memory observer systems as well as other conventional static data analysis. In order to achieve this goal, we anticipated cache behaviours and exploited them as well as cache efficiency optimizations. With increasing deployment of multi-processor computing and other parallel processing devices, the implementation of local memories like NUMA and hierarchical caches are increasing in order to increase efficiency and performance and decrease power consumption, and this can be even the only reason which highlight our studies. Additionally, this thesis discusses implementation issues arising from interactions between cache coherence mechanisms as well as from Harvard architecture implementations
\section*{Keywords}
Security, Malware Design, Cache Oriented Polymorphism, Cache Coherency, Malware Evasion, Code Obfuscation
\chapter*{Preface}
I would like to express my gratitude to my supervisor Prof. Stephen D. Wolthusen for the useful comments, remarks and engagement through the learning process of this master thesis. I can simply say that every sentence which he built was enlightening not only during this this process, but also in his courses. Furthermore, I would like to thank Emre Tınaztepe for sharing his fabulous practical knowledge with me to the topic as well for the support on the way. Also, I like to thank the team in Stanford University who develops BookSim Simulation tool and willingly share experience. I would like to thank my family. Words cannot express how grateful I am to my mother for all of the sacrifices that you've made on my behalf. I would also like to thank all of my friends who supported me in writing, and incited me to strive towards my goal.
Finally, I would like to thank to all free software volunteers.
\vspace{\baselineskip}
\noindent Çağlar Sayın \gucmasterthesisdate
\chapter*{Ethical and legal considerations}
The content of this document could be used for malicious purpose, but any matter or information could be misused in the life. The risky threat is not the information in this thesis, but to be ignorant about them. For this purpose, this thesis aims to enlighten security specialist and system developers against the recent methods of the possible attacks.
However, in order to act ethical responsibility, we tried to eliminate practice of tools and piece of codes which could leads malicious usage. In any case, there is no doubt that it is critical to discover and publish vulnerabilities which could cause deep impact before malicious people discover and abuse them.
\begin{quote}
"Virus don't harm, but ignorance does."\\
- VxHeaven
\end{quote}
\tableofcontents
\listoffigures
\listoftables
\include{introduction}
\include{relatedworks}
\include{background}
\include{body1}
\include{body2}
\include{body3}
\include{conclusion}
\bibliographystyle{gucmasterthesis}
\bibliography{gucmasterthesis}
\appendix
\include{simulation}
\include{results}
\end{document}