TUM Logo

Taint Analysis of x86 Machine Code

Taint Analysis of x86 Machine Code

Supervisor(s): Manuela Seider-Bengler
Status: finished
Topic: Machine Learning Methods
Author: Felix Wruck
Submission: 2018-07-16
Type of Thesis: Masterthesis


In the context of program analysis the techniques of dynamic analysis and taint
analysis have gained widespread use. Many research efforts in this area use one
or both of these techniques, in order to analyze binary programs. In many cases,
the analyzed software is untrusted or malware samples are analyzed. Many of
these malware samples target the Windows operating system.

In this context strong isolation and non-detectability are important properties
of an analysis framework. Isolation in order to avoid attacks by the analyzed
program and non-detectability to be able to analyze split-personality malware

Virtualization provides both of these properties. Thus, it is beneficial to
combine the aforementioned techniques with virtualization, like PANDA does.
However, currently no framework exists that targets the most current version of
Windows, Windows 10.

Therefore, this thesis analyzes chances and difficulties of virtual machine
introspection based, interactive, in-vivo dynamic taint analysis on Windows 10.
Also an implementation of the techniques analyzed in this thesis has been done.