In:
Proceedings of the Institute for System Programming of the RAS, Institute for System Programming of the Russian Academy of Sciences, Vol. 34, No. 5 ( 2022), p. 89-110
Abstract:
Natch is a tool that provides a convenient way of obtaining an attack surface. By attack surface we mean a list of executable files, dynamic libraries and functions that are responsible for input data processing (such as: files, network packets) during task execution. Functions that end up in the attack surface are possible sources of software vulnerabilities, so they should be given an increased attention during an analysis. At the heart of the Natch tool lay improved methods of tainted data tracking and virtual machines introspection. Natch is built on the basis of the full-system QEMU emulator, so it allows you to analyze any system components, including even the OS kernel and system drivers. The collected attack surface data is visualized by SNatch, which is tool for data post-processing and GUI implementation. SNatch comes with Natch tool by default. Attack surface obtaining can be built into CI/CD for integrational and system testing. A refined attack surface will increase the effectiveness of functional testing and fuzzing in the life cycle of secure software.
Type of Medium:
Online Resource
ISSN:
2079-8156
,
2220-6426
Uniform Title:
Natch: Определение поверхности атаки программ с помощью отслеживания помеченных данных и интроспекции виртуальных машин
DOI:
10.15514/ISPRAS-2022-34(5)
DOI:
10.15514/ISPRAS-2022-34(5)-6
Language:
Unknown
Publisher:
Institute for System Programming of the Russian Academy of Sciences
Publication Date:
2022
detail.hit.zdb_id:
2911741-0
Permalink