Explore a cutting-edge debugging framework that leverages System Management Mode in x86 architecture to analyze malware transparently. Dive into MALT, a system designed to overcome the limitations of virtualization and emulation-based malware analysis techniques. Learn how this approach reduces software-level attack surfaces and enhances debugging transparency. Discover MALT's various debugging functions, including register/memory accesses, breakpoints, and four stepping modes. Examine the implementation and experimental results of MALT on physical machines, testing its effectiveness against anti-virtualization, anti-emulation, and packing techniques. Understand the performance implications and overheads of this innovative approach on both Windows and Linux platforms. Gain insights into the future of malware analysis and the potential for more robust cybersecurity defenses.
Using Hardware Features for Increased Debugging Transparency
Overview
Syllabus
Introduction
Overview
Motivation
Limitations
Description
Traditional Debugging
Stepbystep Execution
Evaluation Results
Transparency Analysis
Performance Analysis
Conclusion
References
Bloopers
Whats the difference between my work and bearbox
Timing issues
Timing information
Overhead
Performance Evaluation
Debugging Register
Taught by
IEEE Symposium on Security and Privacy
