Formal Analysis of Combinations of Secure Protocols

Authors: Blot, Elliott, Dreier, Jannik, Lafourcade, Pascal

Contributors: Laboratoire d'Informatique, de Modélisation et d'Optimisation des Systèmes (LIMOS), Ecole Nationale Supérieure des Mines de St Etienne (ENSM ST-ETIENNE)-Université Clermont Auvergne 2017-2020 (UCA 2017-2020 )-Centre National de la Recherche Scientifique (CNRS), Proof techniques for security protocols (PESTO), Centre Inria de l'Université de Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), This research was conducted with the support of the Indo-French Centre for the Promotion of Advanced Research (IFCPAR) and the Center Franco-Indien Pour La Promotion De La Recherche Avanc ́ee (CEFIPRA) through the project DST/CNRS 2015-03 under DST-INRIA-CNRS Targeted Programme, and by the CNRS PEPS SISC ASSI 2016/2017., ANR-16-IDEX-0001,CAP 20-25,CAP 20-25(2016)

Source: FPS 2017 - 10th International Symposium on Foundations & Practice of Security ; https://hal.science/hal-01596010 ; FPS 2017 - 10th International Symposium on Foundations & Practice of Security, Oct 2017, Nancy, France. pp.53-67, ⟨10.1007/978-3-319-75650-9_4⟩

Subject Terms: ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]

Subject Geographic: Nancy, France

Availability: https://hal.science/hal-01596010
https://hal.science/hal-01596010v2/document
https://hal.science/hal-01596010v2/file/article.pdf
https://doi.org/10.1007/978-3-319-75650-9_4

Formal Analysis of Combinations of Secure Protocols

Authors: Blot, Elliott, Dreier, Jannik, Lafourcade, Pascal

Contributors: Laboratoire d'Informatique, de Modélisation et d'Optimisation des Systèmes (LIMOS), Ecole Nationale Supérieure des Mines de St Etienne (ENSM ST-ETIENNE)-Université Clermont Auvergne 2017-2020 (UCA 2017-2020 )-Centre National de la Recherche Scientifique (CNRS), Proof techniques for security protocols (PESTO), Centre Inria de l'Université de Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), This research was conducted with the support of the Indo-French Centre for the Promotion of Advanced Research (IFCPAR) and the Center Franco-Indien Pour La Promotion De La Recherche Avanc ́ee (CEFIPRA) through the project DST/CNRS 2015-03 under DST-INRIA-CNRS Targeted Programme, and by the CNRS PEPS SISC ASSI 2016/2017., ANR-16-IDEX-0001,CAP 20-25,CAP 20-25(2016)

Source: FPS 2017 - 10th International Symposium on Foundations & Practice of Security ; https://hal.science/hal-01596010 ; FPS 2017 - 10th International Symposium on Foundations & Practice of Security, Oct 2017, Nancy, France. pp.53-67, ⟨10.1007/978-3-319-75650-9_4⟩

Subject Terms: ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]

Subject Geographic: Nancy, France

Availability: https://hal.science/hal-01596010
https://hal.science/hal-01596010v2/document
https://hal.science/hal-01596010v2/file/article.pdf
https://doi.org/10.1007/978-3-319-75650-9_4

Formal Analysis of Combinations of Secure Protocols

Authors: Blot, Elliott, Dreier, Jannik, Lafourcade, Pascal

Contributors: Laboratoire d'Informatique, de Modélisation et d'Optimisation des Systèmes (LIMOS), Ecole Nationale Supérieure des Mines de St Etienne (ENSM ST-ETIENNE)-Université Clermont Auvergne 2017-2020 (UCA 2017-2020 )-Centre National de la Recherche Scientifique (CNRS), Proof techniques for security protocols (PESTO), Centre Inria de l'Université de Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), This research was conducted with the support of the Indo-French Centre for the Promotion of Advanced Research (IFCPAR) and the Center Franco-Indien Pour La Promotion De La Recherche Avanc ́ee (CEFIPRA) through the project DST/CNRS 2015-03 under DST-INRIA-CNRS Targeted Programme, and by the CNRS PEPS SISC ASSI 2016/2017., ANR-16-IDEX-0001,CAP 20-25,CAP 20-25(2016)

Source: FPS 2017 - 10th International Symposium on Foundations & Practice of Security ; https://hal.science/hal-01596010 ; FPS 2017 - 10th International Symposium on Foundations & Practice of Security, Oct 2017, Nancy, France. pp.53-67, ⟨10.1007/978-3-319-75650-9_4⟩

Subject Terms: ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]

Subject Geographic: Nancy, France

Availability: https://hal.science/hal-01596010
https://hal.science/hal-01596010v2/document
https://hal.science/hal-01596010v2/file/article.pdf
https://doi.org/10.1007/978-3-319-75650-9_4

Formal Analysis of Combinations of Secure Protocols

Authors: Blot, Elliott, Dreier, Jannik, Lafourcade, Pascal

Contributors: Laboratoire d'Informatique, de Modélisation et d'Optimisation des Systèmes (LIMOS), Ecole Nationale Supérieure des Mines de St Etienne (ENSM ST-ETIENNE)-Université Clermont Auvergne 2017-2020 (UCA 2017-2020 )-Centre National de la Recherche Scientifique (CNRS), Proof techniques for security protocols (PESTO), Centre Inria de l'Université de Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), This research was conducted with the support of the Indo-French Centre for the Promotion of Advanced Research (IFCPAR) and the Center Franco-Indien Pour La Promotion De La Recherche Avanc ́ee (CEFIPRA) through the project DST/CNRS 2015-03 under DST-INRIA-CNRS Targeted Programme, and by the CNRS PEPS SISC ASSI 2016/2017., ANR-16-IDEX-0001,CAP 20-25,CAP 20-25(2016)

Source: FPS 2017 - 10th International Symposium on Foundations & Practice of Security ; https://hal.science/hal-01596010 ; FPS 2017 - 10th International Symposium on Foundations & Practice of Security, Oct 2017, Nancy, France. pp.53-67, ⟨10.1007/978-3-319-75650-9_4⟩

Subject Terms: ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]

Subject Geographic: Nancy, France

Availability: https://hal.science/hal-01596010
https://hal.science/hal-01596010v2/document
https://hal.science/hal-01596010v2/file/article.pdf
https://doi.org/10.1007/978-3-319-75650-9_4

Formal Analysis of Combinations of Secure Protocols

Authors: Blot, Elliott, Dreier, Jannik, Lafourcade, Pascal

Contributors: Laboratoire d'Informatique, de Modélisation et d'Optimisation des Systèmes (LIMOS), Ecole Nationale Supérieure des Mines de St Etienne-Université Clermont Auvergne 2017-2020 (UCA 2017-2020 )-Centre National de la Recherche Scientifique (CNRS), Proof techniques for security protocols (PESTO), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), This research was conducted with the support of the Indo-French Centre for the Promotion of Advanced Research (IFCPAR) and the Center Franco-Indien Pour La Promotion De La Recherche Avanc ́ee (CEFIPRA) through the project DST/CNRS 2015-03 under DST-INRIA-CNRS Targeted Programme, and by the CNRS PEPS SISC ASSI 2016/2017., ANR-16-IDEX-0001,CAP 20-25,CAP 20-25(2016)

Source: FPS 2017 - 10th International Symposium on Foundations & Practice of Security ; https://hal.archives-ouvertes.fr/hal-01596010 ; FPS 2017 - 10th International Symposium on Foundations & Practice of Security, Oct 2017, Nancy, France. pp.53-67, ⟨10.1007/978-3-319-75650-9_4⟩

Subject Terms: ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]

Subject Geographic: Nancy, France

Relation: hal-01596010; https://hal.archives-ouvertes.fr/hal-01596010; https://hal.archives-ouvertes.fr/hal-01596010v2/document; https://hal.archives-ouvertes.fr/hal-01596010v2/file/article.pdf

Availability: https://hal.archives-ouvertes.fr/hal-01596010
https://hal.archives-ouvertes.fr/hal-01596010v2/document
https://hal.archives-ouvertes.fr/hal-01596010v2/file/article.pdf
https://doi.org/10.1007/978-3-319-75650-9_4

Fully Abstract Compilation to JavaScript

Authors: Fournet, Cédric, Swamy, Nikhil, Chen, Juan, Dagand, Pierre-Evariste, Strub, Pierre-Yves, Livshits, Benjamin

Contributors: Microsoft Research Cambridge (Microsoft), Microsoft Research, Microsoft Research Redmond, Microsoft Corporation Redmond, Wash., Microsoft Research - Inria Joint Centre (MSR - INRIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Microsoft Research Laboratory Cambridge-Microsoft Corporation Redmond, Wash.

Source: 40th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages - POPL'13 (2013)
https://hal.inria.fr/hal-00780803
40th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages - POPL'13 (2013), Jan 2013, Roma, Italy

Subject Terms: ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.8: Validation, ACM: D.: Software/D.3: PROGRAMMING LANGUAGES/D.3.4: Processors/D.3.4.1: Compilers, ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, [INFO.INFO-PL]Computer Science [cs]/Programming Languages [cs.PL], [INFO.INFO-LO]Computer Science [cs]/Logic in Computer Science [cs.LO]

Subject Geographic: Roma, Italy

Relation: hal-00780803; https://hal.inria.fr/hal-00780803; https://hal.inria.fr/hal-00780803/document; https://hal.inria.fr/hal-00780803/file/js-star-popl-2013.pdf

Availability: https://hal.inria.fr/hal-00780803
https://hal.inria.fr/hal-00780803/document
https://hal.inria.fr/hal-00780803/file/js-star-popl-2013.pdf

Abstraction-based Malware Analysis Using Rewriting and Model Checking

Authors: Beaucamps, Philippe, Gnaedig, Isabelle, Marion, Jean-Yves

Contributors: Theoretical adverse computations, and safety (CARTE), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Sara Foresti and MotiYung and Fabio Martinelli

Source: ESORICS - 17th European Symposium on Research in Computer Security - 2012 ; https://inria.hal.science/hal-00762252 ; ESORICS - 17th European Symposium on Research in Computer Security - 2012, Sep 2012, Pisa, Italy. pp.806-823, ⟨10.1007/978-3-642-33167-1⟩

Subject Terms: Malware, behavioral detection, behavior abstraction, trace, term rewriting, model checking, first order temporal logic, finite state automaton, formal language, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.0: General/D.2.0.0: Protection mechanisms, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.3: Formal methods, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.8: Validation, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging/D.2.5.9: Tracing, ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.4: Invasive software (e.g., viruses, worms, Trojan horses), ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.4: Model checking, [INFO.INFO-LO]Computer Science [cs]/Logic in Computer Science [cs.LO]

Subject Geographic: Pisa, Italy

Availability: https://inria.hal.science/hal-00762252
https://inria.hal.science/hal-00762252/document
https://inria.hal.science/hal-00762252/file/esorics-definitif.pdf
https://doi.org/10.1007/978-3-642-33167-1

Abstraction-based Malware Analysis Using Rewriting and Model Checking

Authors: Beaucamps, Philippe, Gnaedig, Isabelle, Marion, Jean-Yves

Contributors: Theoretical adverse computations, and safety (CARTE), Centre Inria de l'Université de Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Sara Foresti and MotiYung and Fabio Martinelli

Source: ESORICS - 17th European Symposium on Research in Computer Security - 2012 ; https://inria.hal.science/hal-00762252 ; ESORICS - 17th European Symposium on Research in Computer Security - 2012, Sep 2012, Pisa, Italy. pp.806-823, ⟨10.1007/978-3-642-33167-1⟩

Subject Terms: Malware, behavioral detection, behavior abstraction, trace, term rewriting, model checking, first order temporal logic, finite state automaton, formal language, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.0: General/D.2.0.0: Protection mechanisms, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.3: Formal methods, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.8: Validation, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging/D.2.5.9: Tracing, ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.4: Invasive software (e.g., viruses, worms, Trojan horses), ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.4: Model checking, [INFO.INFO-LO]Computer Science [cs]/Logic in Computer Science [cs.LO]

Subject Geographic: Pisa, Italy

Availability: https://inria.hal.science/hal-00762252
https://inria.hal.science/hal-00762252v1/document
https://inria.hal.science/hal-00762252v1/file/esorics-definitif.pdf
https://doi.org/10.1007/978-3-642-33167-1

Abstraction-based Malware Analysis Using Rewriting and Model Checking

Authors: Beaucamps, Philippe, Gnaedig, Isabelle, Marion, Jean-Yves

Contributors: Theoretical adverse computations, and safety (CARTE), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Sara Foresti and MotiYung and Fabio Martinelli

Source: ESORICS - 17th European Symposium on Research in Computer Security - 2012 ; https://hal.inria.fr/hal-00762252 ; ESORICS - 17th European Symposium on Research in Computer Security - 2012, Sep 2012, Pisa, Italy. pp.806-823, ⟨10.1007/978-3-642-33167-1⟩

Subject Terms: Malware, behavioral detection, behavior abstraction, trace, term rewriting, model checking, first order temporal logic, finite state automaton, formal language, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.0: General/D.2.0.0: Protection mechanisms, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.3: Formal methods, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.8: Validation, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging/D.2.5.9: Tracing, ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.4: Invasive software (e.g., viruses, worms, Trojan horses), ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.4: Model checking, [INFO.INFO-LO]Computer Science [cs]/Logic in Computer Science [cs.LO]

Subject Geographic: Pisa, Italy

Relation: hal-00762252; https://hal.inria.fr/hal-00762252; https://hal.inria.fr/hal-00762252/document; https://hal.inria.fr/hal-00762252/file/esorics-definitif.pdf

Availability: https://hal.inria.fr/hal-00762252
https://hal.inria.fr/hal-00762252/document
https://hal.inria.fr/hal-00762252/file/esorics-definitif.pdf
https://doi.org/10.1007/978-3-642-33167-1

Behavior Abstraction in Malware Analysis

Authors: Beaucamps, Philippe, Gnaedig, Isabelle, Marion, Jean-Yves

Contributors: Theoretical adverse computations, and safety (CARTE), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Howard Barringer, Klaus Havelund, Insup Lee, Grigore Rosu, Oleg Sokolsky

Source: 1st International Conference on Runtime Verification
https://inria.hal.science/inria-00536500
1st International Conference on Runtime Verification, Howard Barringer, Klaus Havelund, Insup Lee, Nov 2010, St. Julians, Malta. pp.168-182, ⟨10.1007/978-3-642-16612-9_14⟩

Subject Terms: behavioral detection, abstraction, trace, rewriting, finite state automaton, formal language, dynamic binary instrumentation, Malware, behavior abstraction, string rewriting, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.0: General/D.2.0.0: Protection mechanisms, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.3: Formal methods, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.8: Validation, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging/D.2.5.9: Tracing, ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.4: Invasive software (e.g., viruses, worms, Trojan horses), ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]

Subject Geographic: St. Julians, Malta

Availability: https://inria.hal.science/inria-00536500
https://inria.hal.science/inria-00536500/document
https://inria.hal.science/inria-00536500/file/RV-preprint.pdf
https://doi.org/10.1007/978-3-642-16612-9_14

Behavior Abstraction in Malware Analysis

Authors: Beaucamps, Philippe, Gnaedig, Isabelle, Marion, Jean-Yves

Contributors: Theoretical adverse computations, and safety (CARTE), Centre Inria de l'Université de Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Howard Barringer, Klaus Havelund, Insup Lee, Grigore Rosu, Oleg Sokolsky

Source: 1st International Conference on Runtime Verification
https://inria.hal.science/inria-00536500
1st International Conference on Runtime Verification, Howard Barringer, Klaus Havelund, Insup Lee, Nov 2010, St. Julians, Malta. pp.168-182, ⟨10.1007/978-3-642-16612-9_14⟩

Subject Terms: behavioral detection, abstraction, trace, rewriting, finite state automaton, formal language, dynamic binary instrumentation, Malware, behavior abstraction, string rewriting, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.0: General/D.2.0.0: Protection mechanisms, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.3: Formal methods, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.8: Validation, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging/D.2.5.9: Tracing, ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.4: Invasive software (e.g., viruses, worms, Trojan horses), ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]

Subject Geographic: St. Julians, Malta

Availability: https://inria.hal.science/inria-00536500
https://inria.hal.science/inria-00536500v1/document
https://inria.hal.science/inria-00536500v1/file/RV-preprint.pdf
https://doi.org/10.1007/978-3-642-16612-9_14

Unconditional self-modifying code elimination with dynamic compiler optimizations

Authors: Gnaedig, Isabelle, Kaczmarek, Matthieu, Reynaud, Daniel, Wloka, Stéphane

Contributors: Theoretical adverse computations, and safety (CARTE), Centre Inria de l'Université de Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Fernando C. Colón Osorio

Source: 5th International Conference on Malicious and Unwanted Software
https://inria.hal.science/inria-00538376
5th International Conference on Malicious and Unwanted Software, Fernando C. Colón Osorio, Oct 2010, Nancy, France

Subject Terms: malware, packing, self-modifying code, slicing techniques, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.0: General/D.2.0.0: Protection mechanisms, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.3: Formal methods, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.8: Validation, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging/D.2.5.9: Tracing, ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.4: Invasive software (e.g., viruses, worms, Trojan horses), ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, [INFO.INFO-LO]Computer Science [cs]/Logic in Computer Science [cs.LO]

Subject Geographic: Nancy, France

Availability: https://inria.hal.science/inria-00538376
https://inria.hal.science/inria-00538376v1/document
https://inria.hal.science/inria-00538376v1/file/packer.pdf

Unconditional self-modifying code elimination with dynamic compiler optimizations

Authors: Gnaedig, Isabelle, Kaczmarek, Matthieu, Reynaud, Daniel, Wloka, Stéphane

Contributors: Theoretical adverse computations, and safety (CARTE), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Fernando C. Colón Osorio

Source: 5th International Conference on Malicious and Unwanted Software
https://hal.inria.fr/inria-00538376
5th International Conference on Malicious and Unwanted Software, Fernando C. Colón Osorio, Oct 2010, Nancy, France

Subject Terms: malware, packing, self-modifying code, slicing techniques, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.0: General/D.2.0.0: Protection mechanisms, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.3: Formal methods, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.8: Validation, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging/D.2.5.9: Tracing, ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.4: Invasive software (e.g., viruses, worms, Trojan horses), ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, [INFO.INFO-LO]Computer Science [cs]/Logic in Computer Science [cs.LO]

Subject Geographic: Nancy, France

Relation: inria-00538376; https://hal.inria.fr/inria-00538376; https://hal.inria.fr/inria-00538376/document; https://hal.inria.fr/inria-00538376/file/packer.pdf

Availability: https://hal.inria.fr/inria-00538376
https://hal.inria.fr/inria-00538376/document
https://hal.inria.fr/inria-00538376/file/packer.pdf

Behavior Analysis of Malicious Code by Weighted Behavior Abstraction

Authors: Beaucamps, Philippe, Gnaedig, Isabelle, Marion, Jean-Yves

Contributors: Theoretical adverse computations, and safety (CARTE), Centre Inria de l'Université de Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Source: https://inria.hal.science/hal-00803412 ; [Research Report] 2013.

Subject Terms: Malware, behavioral detection, behavior abstraction, trace, term rewriting, model checking, first order temporal logic, probability, weight, finite state automaton, formal language, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.0: General/D.2.0.0: Protection mechanisms, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.3: Formal methods, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.8: Validation, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging/D.2.5.9: Tracing, ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.4: Invasive software (e.g., viruses, worms, Trojan horses), ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.4: Model checking, [INFO.INFO-LO]Computer Science [cs]/Logic in Computer Science [cs.LO]

Availability: https://inria.hal.science/hal-00803412
https://inria.hal.science/hal-00803412v1/document
https://inria.hal.science/hal-00803412v1/file/pondere-hal.pdf

Behavior Analysis of Malicious Code by Weighted Behavior Abstraction

Authors: Beaucamps, Philippe, Gnaedig, Isabelle, Marion, Jean-Yves

Contributors: Theoretical adverse computations, and safety (CARTE), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)

Source: https://hal.inria.fr/hal-00803412 ; [Research Report] 2013.

Subject Terms: Malware, behavioral detection, behavior abstraction, trace, term rewriting, model checking, first order temporal logic, probability, weight, finite state automaton, formal language, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.0: General/D.2.0.0: Protection mechanisms, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.3: Formal methods, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.8: Validation, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging/D.2.5.9: Tracing, ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.4: Invasive software (e.g., viruses, worms, Trojan horses), ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.4: Model checking, [INFO.INFO-LO]Computer Science [cs]/Logic in Computer Science [cs.LO]

Relation: hal-00803412; https://hal.inria.fr/hal-00803412; https://hal.inria.fr/hal-00803412/document; https://hal.inria.fr/hal-00803412/file/pondere-hal.pdf

Availability: https://hal.inria.fr/hal-00803412
https://hal.inria.fr/hal-00803412/document
https://hal.inria.fr/hal-00803412/file/pondere-hal.pdf

Behavior Analysis of Malware by Rewriting-based Abstraction - Extended Version

Authors: Beaucamps, Philippe, Gnaedig, Isabelle, Marion, Jean-Yves

Contributors: Theoretical adverse computations, and safety (CARTE), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Source: https://inria.hal.science/inria-00594396 ; [Research Report] 2011.

Subject Terms: behavioral analysis, malware detection, behavior abstraction, model checking, temporal logic, term rewriting, static analysis, information leak, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.0: General/D.2.0.0: Protection mechanisms, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.3: Formal methods, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.8: Validation, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging/D.2.5.9: Tracing, ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.4: Invasive software (e.g., viruses, worms, Trojan horses), ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]

Availability: https://inria.hal.science/inria-00594396
https://inria.hal.science/inria-00594396/document
https://inria.hal.science/inria-00594396/file/fmcad-extended.pdf

Behavior Analysis of Malware by Rewriting-based Abstraction - Extended Version

Authors: Beaucamps, Philippe, Gnaedig, Isabelle, Marion, Jean-Yves

Contributors: Theoretical adverse computations, and safety (CARTE), Centre Inria de l'Université de Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Source: https://inria.hal.science/inria-00594396 ; [Research Report] 2011.

Subject Terms: behavioral analysis, malware detection, behavior abstraction, model checking, temporal logic, term rewriting, static analysis, information leak, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.0: General/D.2.0.0: Protection mechanisms, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.3: Formal methods, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.8: Validation, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging/D.2.5.9: Tracing, ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.4: Invasive software (e.g., viruses, worms, Trojan horses), ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]

Availability: https://inria.hal.science/inria-00594396
https://inria.hal.science/inria-00594396v1/document
https://inria.hal.science/inria-00594396v1/file/fmcad-extended.pdf

Behavior Analysis of Malware by Rewriting-based Abstraction - Extended Version

Authors: Beaucamps, Philippe, Gnaedig, Isabelle, Marion, Jean-Yves

Contributors: Theoretical adverse computations, and safety (CARTE), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)

Source: https://hal.inria.fr/inria-00594396 ; [Research Report] 2011.

Subject Terms: behavioral analysis, malware detection, behavior abstraction, model checking, temporal logic, term rewriting, static analysis, information leak, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.0: General/D.2.0.0: Protection mechanisms, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.3: Formal methods, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.8: Validation, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging/D.2.5.9: Tracing, ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.4: Invasive software (e.g., viruses, worms, Trojan horses), ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]

Relation: inria-00594396; https://hal.inria.fr/inria-00594396; https://hal.inria.fr/inria-00594396/document; https://hal.inria.fr/inria-00594396/file/fmcad-extended.pdf

Availability: https://hal.inria.fr/inria-00594396
https://hal.inria.fr/inria-00594396/document
https://hal.inria.fr/inria-00594396/file/fmcad-extended.pdf

Behavior Abstraction in Malware Analysis - Extended Version

Authors: Beaucamps, Philippe, Gnaedig, Isabelle, Marion, Jean-Yves

Contributors: Theoretical adverse computations, and safety (CARTE), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Source: https://inria.hal.science/inria-00509486 ; 2010.

Subject Terms: malware, behavioral detection, abstraction, trace, rewriting, finite state automaton, formal language, dynamic binary instrumentation, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.0: General/D.2.0.0: Protection mechanisms, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.3: Formal methods, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.8: Validation, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging/D.2.5.9: Tracing, ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.4: Invasive software (e.g., viruses, worms, Trojan horses), ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]

Availability: https://inria.hal.science/inria-00509486
https://inria.hal.science/inria-00509486v2/document
https://inria.hal.science/inria-00509486v2/file/rv-HAL-V2.pdf

Abstraction by Term Rewriting for Malware Behavior Analysis - Extended Version

Authors: Beaucamps, Philippe, Gnaedig, Isabelle, Marion, Jean-Yves

Contributors: Theoretical adverse computations, and safety (CARTE), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Source: https://inria.hal.science/inria-00547884 ; [Research Report] 2010.

Subject Terms: malware, behavioral detection, abstraction, trace, term rewriting, finite state automaton, formal language, dynamic binary instrumentation, temporal logic, information leak, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.0: General/D.2.0.0: Protection mechanisms, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.3: Formal methods, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.4: Software/Program Verification/D.2.4.8: Validation, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging/D.2.5.9: Tracing, ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.4: Invasive software (e.g., viruses, worms, Trojan horses), ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.6: Verification, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]

Availability: https://inria.hal.science/inria-00547884
https://inria.hal.science/inria-00547884v3/document
https://inria.hal.science/inria-00547884v3/file/article-extended.pdf