Skip to main content
SpringerLink
Log in

Enhance Information Flow Tracking with Function Recognition

  • Conference paper
Forensics in Telecommunications, Information, and Multimedia (e-Forensics 2010)

  • 822 Accesses

Abstract

With the spread use of the computers, a new crime space and method are presented for criminals. Computer evidence plays a key part in criminal cases. Traditional computer evidence searches require that the computer specialists know what is stored in the given computer. Binary-based information flow tracking which concerns on the changes of control flow is an effective way to analyze the behavior of a program. The existing systems ignore the modifications of the data flow, which may be also a malicious behavior. Function recognition is introduced to improve the information flow tracking, which recognizes the function body from the software binary. And no false positive and false negative in our experiment strongly prove that our approach is effective.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Baek, E., Kim, Y., Sung, J., Lee, S.: The Design of Framework for Detecting an Insiders Leak of Confidential Information. e-Forensics (2008)

    Google Scholar 

  2. Pan, L., Margaret Batten, L.: Robust Correctness Testing for Digital Forensic Tools. e-Forensics (2009)

    Google Scholar 

  3. Guilfanov, I.: Fast Library Identification and Recognition Technology, http://www.hex-rays.com

  4. Song, D.X., Brumley, D., Yin, H., Caballero, J., Jager, I., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Saxena, P.: BitBlaze: A new approach to computer security via binary analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 1–25. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  5. Clause, J.A., Li, W., Orso, A.: Dytan: a generic dynamic taint analysis framework. In: ISSTA 2007 (2007)

    Google Scholar 

  6. Cifuentes, C., Simon, D.: Procedure Abstraction Recovery from Binary Code. In: CSMR 2000 (2000)

    Google Scholar 

  7. Clause, J.A., Orso, A.: Penumbra: automatically identifying failure-relevant inputs using dynamic tainting. In: ISSTA 2009 (2009)

    Google Scholar 

  8. Mittal, G., Zaretsky, D., Memik, G., Banerjee, P.: Automatic extraction of function bodies from software binaries. In: ASP-DAC 2005 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of software, Shanghai JiaoTong University, Shanghai, 200240, China

    Kan Zhou, Shiqiu Huang, Zhengwei Qi & Beijun Shen

  2. Key Lab of Information Network Security, Ministry of Public Security, Shanghai, 200031, China

    Jian Gu

Authors
  1. Kan Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shiqiu Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhengwei Qi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jian Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Beijun Shen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 800 Dong Chuan Road, 200240, Shanghai, P.R. China

    Xuejia Lai  & Dawu Gu  & 

  2. The 3rd Research Institute of Ministry of Public Security, 339 bi Shen Road, A 303, Zhang Jiang, Pu Dong, 210031, Shangahi, P.R. China

    Bo Jin

  3. East China University of Political Science and Law, No. 555, Longyuan Road, Songjiang District, 201620, Shanghai, China

    Yongquan Wang

  4. Xidian University, P.O. Box 101, 710071, Xian, Shaanxi, P.R. China

    Hui Li

Rights and permissions

Reprints and permissions

Copyright information

© 2011 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Zhou, K., Huang, S., Qi, Z., Gu, J., Shen, B. (2011). Enhance Information Flow Tracking with Function Recognition. In: Lai, X., Gu, D., Jin, B., Wang, Y., Li, H. (eds) Forensics in Telecommunications, Information, and Multimedia. e-Forensics 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 56. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23602-0_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-23602-0_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-23601-3

  • Online ISBN: 978-3-642-23602-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation