A new instruction overlapping technique for improved anti-disassembly and obfuscation of x86 binaries

The problem of correctly recovering assembly instructions from a binary has received much attention and both malware and license validation code often relies on various anti-disassembly techniques in order to complicate analysis. One well-known anti-disassembly technique is to use overlapping code such that the disassembler starts decoding from an incorrect byte, but still recovers valid code. The actual code which is supposed to be executed is instead hidden inside a decoy instruction, and is overlapped with the disassembled code. We propose and investigate a new novel anti-disassembly method that allows for exceptional flexibility in the hidden instructions, while at the same time providing a disassembled main path that is executable. This allows the approach to be very efficient against static linear sweep disassembly, but also to be more difficult to detect using dynamic analysis methods. The idea is to utilize highly redundant instructions, e.g., multibyte no-operation instructions, and embed the hidden code in the configurable portions of those instructions. By carefully selecting wrapping instructions, providing overlaps, the hidden execution path can be crafted with great flexibility. We also provide a detection-algorithm, together with testing results, for testing software such that the hidden execution path can be identified

The European Reference Genome Atlas: piloting a decentralised approach to equitable biodiversity genomics.

ABSTRACT: A global genome database of all of Earth’s species diversity could be a treasure trove of scientific discoveries. However, regardless of the major advances in genome sequencing technologies, only a tiny fraction of species have genomic information available. To contribute to a more complete planetary genomic database, scientists and institutions across the world have united under the Earth BioGenome Project (EBP), which plans to sequence and assemble high-quality reference genomes for all ∼1.5 million recognized eukaryotic species through a stepwise phased approach. As the initiative transitions into Phase II, where 150,000 species are to be sequenced in just four years, worldwide participation in the project will be fundamental to success. As the European node of the EBP, the European Reference Genome Atlas (ERGA) seeks to implement a new decentralised, accessible, equitable and inclusive model for producing high-quality reference genomes, which will inform EBP as it scales. To embark on this mission, ERGA launched a Pilot Project to establish a network across Europe to develop and test the first infrastructure of its kind for the coordinated and distributed reference genome production on 98 European eukaryotic species from sample providers across 33 European countries. Here we outline the process and challenges faced during the development of a pilot infrastructure for the production of reference genome resources, and explore the effectiveness of this approach in terms of high-quality reference genome production, considering also equity and inclusion. The outcomes and lessons learned during this pilot provide a solid foundation for ERGA while offering key learnings to other transnational and national genomic resource projects.info:eu-repo/semantics/publishedVersio

Flerspråkighet i förskolan : Hur förskollärare undervisar och inkluderar flerspråkiga barn

Sammanfattning I det här arbetet undersöks modersmåls- och förskollärares metoder och uppfattningar kring undervisning och inkludering av flerspråkiga barn i förskolan. En tilltagande andel av Sveriges befolkning kommer från andra platser och därför har annat modersmål än svenska (Kåreland 2011, s. 133). Den yrkesverksamma förskolläraren inom den moderna svenska förskolan följer det undervisningsuppdrag som beskrivs i Lpfö 18 (Skolverket, 2018), och ska alltså likvärdigt undervisa förskolans barn. Språk och lärande hör ihop, därför är det betydelsefullt för framtida generationer att forskning sker inom området och att förskolläraren har kunskap om hur de på bästa möjliga vis kan stimulera de flerspråkiga barnens lärande och utveckling. Syfte Syftet med studien är att undersöka förskollärares erfarenheter och tankar kring det praktiska arbetet med flerspråkiga barn i förskolan. Metod Vi har i studien använt oss av kvalitativa intervjuer som metod för datainsamling. Intervjuerna var semistrukturerade och gjordes digitalt eller fysiskt enskilt med fem förskollärare och en modersmålslärare. Resultat I resultatet presenteras intervjuer från både förskollärare och modersmålsläraren i syfte att besvara frågorna som är kopplade till vår syfte. Respondenterna lyfter fram många exempel på hur undervisning av flerspråkiga barn kan manifesteras, men förklarar att inkludering och undervisningen till stor del handlar om synliggörande och exponering av språken. De metoderna som används för att inkludera och undervisa barnen i verksamheten går att sammanfatta i de tre delarna exponering för språk, förhållningssätt och användandet av resurser och material. I resultatet presenteras även intervjun med modersmålsläraren där hon tar upp hur det är att arbeta som modersmålslärare och hur samarbetet med förskolläraren se rut, och modersmålslärarens samarbete med vårdnadshavare och förskollärare beskrivs

Flerspråkighet i förskolan : Hur förskollärare undervisar och inkluderar flerspråkiga barn

Sammanfattning I det här arbetet undersöks modersmåls- och förskollärares metoder och uppfattningar kring undervisning och inkludering av flerspråkiga barn i förskolan. En tilltagande andel av Sveriges befolkning kommer från andra platser och därför har annat modersmål än svenska (Kåreland 2011, s. 133). Den yrkesverksamma förskolläraren inom den moderna svenska förskolan följer det undervisningsuppdrag som beskrivs i Lpfö 18 (Skolverket, 2018), och ska alltså likvärdigt undervisa förskolans barn. Språk och lärande hör ihop, därför är det betydelsefullt för framtida generationer att forskning sker inom området och att förskolläraren har kunskap om hur de på bästa möjliga vis kan stimulera de flerspråkiga barnens lärande och utveckling. Syfte Syftet med studien är att undersöka förskollärares erfarenheter och tankar kring det praktiska arbetet med flerspråkiga barn i förskolan. Metod Vi har i studien använt oss av kvalitativa intervjuer som metod för datainsamling. Intervjuerna var semistrukturerade och gjordes digitalt eller fysiskt enskilt med fem förskollärare och en modersmålslärare. Resultat I resultatet presenteras intervjuer från både förskollärare och modersmålsläraren i syfte att besvara frågorna som är kopplade till vår syfte. Respondenterna lyfter fram många exempel på hur undervisning av flerspråkiga barn kan manifesteras, men förklarar att inkludering och undervisningen till stor del handlar om synliggörande och exponering av språken. De metoderna som används för att inkludera och undervisa barnen i verksamheten går att sammanfatta i de tre delarna exponering för språk, förhållningssätt och användandet av resurser och material. I resultatet presenteras även intervjun med modersmålsläraren där hon tar upp hur det är att arbeta som modersmålslärare och hur samarbetet med förskolläraren se rut, och modersmålslärarens samarbete med vårdnadshavare och förskollärare beskrivs

Towards Bridging the Gap Between Dalvik Bytecode and Native Code During Static Analysis of Android Applications

We propose a method for statically analyzing components that can be part of Android applications and which have not been very well analyzed so far, namely native libraries. As of now, third-party native code can be seen as a black box that can be fed input parameters from the Dalvik bytecode context, and output parameters can be returned back to the bytecode context. However, the native code can still initialize and invoke Android API and internal Java-based application classes and methods solely within the native context using an interface towards the Dalvik Virtual Machine. This introduces a contingency during analysis and therefore, it is crucial to understand inner-workings of the native code in order to fully understand the behavior of an application. The contribution of this paper is to bridge the gap between static analysis of Dalvik bytecode and native code by attempting to reconstruct calls to Android APIs and performing data-flow analysis inside native libraries. Our results from real-world applications show that such constructions used for invoking Java code inside native code do exist to some extent and could potentially be used more widely in order to obfuscate applications

Approximate time-variable coherence analysis of multichannel signals

We present a new method for signal extraction from noisy multichannel epileptic seizure onset EEG signals. These signals are non-stationary which makes time-invariant filtering unsuitable. The new method assumes a signal model and performs denoising by filtering the signal of each channel using a time-variable filter which is an estimate of the Wiener filter. The approximate Wiener filters are obtained using the time-frequency coherence functions between all channel pairs, and a fix-point algorithm. We estimate the coherence functions using the multiple window method, after which the fix-point algorithm is applied. Simulations indicate that this method improves upon its restriction to assumed stationary signals for realistically non-stationary data, in terms of mean square error, and we show that it can also be used for time-frequency representation of noisy multichannel signals. The method was applied to two epileptic seizure onset signals, and it turned out that the most informative output of the method are the filters themselves studied in the time-frequency domain. They seem to reveal hidden features of the epileptic signal which are otherwise invisible. This algorithm can be used as preprocessing for seizure onset EEG signals prior to time-frequency representation and manual or algorithmic pattern classification

Exploiting Trust in Deterministic Builds

Deterministic builds, where the compile and build processes are reproducible, can be used to achieve increased trust in distributed binaries. As the trust can be distributed across a set of builders, where all provide their own signature of a byte-to-byte identical binary, all have to cooperate in order to introduce unwanted code in the binary. On the other hand, if an attacker manages to incorporate malicious code in the source, and make this remain undetected during code reviews, the deterministic build provides additional opportunities to introduce e.g., a backdoor. The impact of such a successful attack would be serious since the actual trust model is exploited. In this paper, the problem of crafting such hidden code that is difficult to detect, both during code reviews of the source code as well as static analysis of the binary executable is addressed. It is shown that the displacement and immediate fields of an instruction can be used the embed hidden code directly from the C programming language

Visual Cryptography and Obfuscation: A Use-Case for Decrypting and Deobfuscating Information using Augmented Reality

As new technologies emerge such as wearables, it opens up for new challenges, especially related to security and privacy. One such recent technology is smart glasses. The use of glasses introduces security and privacy concerns for the general public but also for the user itself. In this paper we present ongoing theoretical work which focus on privacy of the user during authentication. We propose and analyze two methods, visual cryptography and obfuscation for protecting the user against HUD and camera logging adversaries as well as shoulder-surfing

Analysis of malicious and benign android applications

Since its establishment, the Android applications market has been infected by a proliferation of malicious applications. Recent studies show that rogue developers are injecting malware into legitimate market applications which are then installed on open source sites for consumer uptake. Often, applications are infected several times. In this paper, we investigate the behavior of malicious Android applications, we present a simple and effective way to safely execute and analyze them. As part of this analysis, we use the Android application sandbox Droidbox to generate behavioral graphs for each sample and these provide the basis of the development of patterns to aid in identifying it. As a result, we are able to determine if family names have been correctly assigned by current anti-virus vendors. Our results indicate that the traditional anti-virus mechanisms are not able to correctly identify malicious Android applications

OpenSAW: Open Security Analysis Workbench

Software is today often composed of many sourced components, which potentially contain security vulnerabilities, and therefore require testing before being integrated. Tools for automated test case generation, for example, based on white-box fuzzing, are beneficial for this testing task. Such tools generally explore limitations of the specific underlying techniques for solving problems related to, for example, constraint solving, symbolic execution, search heuristics and execution trace extraction. In this article we describe the design of OpenSAW, a more flexible general-purpose white-box fuzzing framework intended to encourage research on new techniques identifying security problems. In addition, we have formalized two unaddressed technical aspects and devised new algorithms for these. The first relates to generalizing and combining different program exploration strategies, and the second relates to prioritizing execution traces. We have evaluated OpenSAW using both in-house and external programs and identified several bugs