A computability perspective on self-modifying programs

International audienceIn order to increase their stealth, malware com- monly use the self-modification property of programs. By doing so, programs can hide their real code so that it is difficult to define a signature for it. But then, what is the meaning of those programs: the obfuscated form, or the hidden one? Furthermore, from a computability perspective, it becomes hard to speak about the program since, its own code varies over time. To cope with these issues, we provide an operational semantics for self-modifying programs and we show that they can be constructively rewritten to a non-modifying program

Моделі і методи поліморфної та метаморфної обфускації коду

В роботі проаналізовані існуючі моделі і методи поліморфної та метаморфної обфускації коду. Зроблено акцент на актуальності поставленого завдання, а саме вдосконалення існуючого методу заміни інструкцій задля покращення засобів антивірусного захисту, шляхом моделювання поліморфної та метморфної системи обфускації коду. Розроблена програмна модель відповідно завданню. Проведен експеримент, який досліджує ефективність вдосконаленого методу за метриками складності обфускації (Сукупна кількість опкодів, кількість ребер в графі потоку керування). Результат роботи може використовуватись для забезпечення вдосконалення моделей і методів захисту антивірусних систем.The paper analyzes the existing models and methods of polymorphic and metamorphic code obfuscation. Emphasis is placed on the urgency of the task, namely the improvement of the existing method of replacing instructions to improve antivirus protection, by modeling the polymorphic and metmorphic system of obfuscation of code. Developed a software model according to the task. An experiment was conducted to investigate the effectiveness of the improved code on the metrics of obfuscation complexity (Total number of opcodes, number of edges in the control flow graph). The result of the work can be used to improve models and methods of protection of anti-virus systems

Feasibility study for a numerical aerodynamic simulation facility. Volume 2: Hardware specifications/descriptions

An FMP (Flow Model Processor) was designed for use in the Numerical Aerodynamic Simulation Facility (NASF). The NASF was developed to simulate fluid flow over three-dimensional bodies in wind tunnel environments and in free space. The facility is applicable to studying aerodynamic and aircraft body designs. The following general topics are discussed in this volume: (1) FMP functional computer specifications; (2) FMP instruction specification; (3) standard product system components; (4) loosely coupled network (LCN) specifications/description; and (5) three appendices: performance of trunk allocation contention elimination (trace) method, LCN channel protocol and proposed LCN unified second level protocol

Actes des Cinquièmes journées nationales du Groupement De Recherche CNRS du Génie de la Programmation et du Logiciel

National audienceCe document contient les actes des Cinquièmes journées nationales du Groupement De Recherche CNRS du Gé}nie de la Programmation et du Logiciel (GDR GPL) s'étant déroulées à Nancy du 3 au 5 avril 2013. Les contributions présentées dans ce document ont été sélectionnées par les différents groupes de travail du GDR. Il s'agit de résumés, de nouvelles versions, de posters et de démonstrations qui correspondent à des travaux qui ont déjà été validés par les comités de programmes d'autres conférences et revues et dont les droits appartiennent exclusivement à leurs auteurs

A computability perspective on self-modifying programs

Abstract-In order to increase their stealth, malware commonly use the self-modification property of programs. By doing so, programs can hide their real code so that it is difficult to define a signature for it. But then, what is the meaning of those programs: the obfuscated form, or the hidden one? Furthermore, from a computability perspective, it becomes hard to speak about the program since, its own code varies over time. To cope with these issues, we provide an operational semantics for self-modifying programs and we show that they can be constructively rewritten to a non-modifying program