Show simple item record

dc.contributor.authorFlake, Halvar
dc.contributor.editorFlegel, Ulrich
dc.contributor.editorMeier, Michael
dc.date.accessioned2019-10-16T08:50:49Z
dc.date.available2019-10-16T08:50:49Z
dc.date.issued2004
dc.identifier.isbn3-88579-375-X
dc.identifier.issn1617-5468
dc.identifier.urihttp://dl.gi.de/handle/20.500.12116/29199
dc.description.abstractA method to heuristically construct an isomorphism between the sets of functions in two similar but differing versions of the same executable file is presented. Such an isomorphism has multiple practical applications, specifically the ability to detect programmatic changes between the two executable versions. Moreover, information (function names) which is available for one of the two versions can also be made available for the other . A framework implementing the described methods is presented, along with empirical data about its performance when used to analyze patches to recent security vulnerabilities. As a more practical example, a security update which fixes a critical vulnerability in an H.323 parsing component is analyzed, the relevant vulnerability extracted and the implications of the vulnerability and the fix discussed.en
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofDetection of intrusions and malware & vulnerability assessment, GI SIG SIDAR workshop, DIMVA 2004
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-46
dc.titleStructural comparison of executable objectsen
dc.typeText/Conference Paper
dc.pubPlaceBonn
mci.reference.pages161-173
mci.conference.sessiontitleRegular Research Papers
mci.conference.locationDortmund
mci.conference.dateJuly 6-7, 2004


Files in this item

Thumbnail

Show simple item record