GoldRusher is a dynamic analysis tool primarily meant to aid reverse engineers with analyzing malware. Based on the fact that hidden code segments rarely execute, the tool is able to rapidly highlight functions and ba...
详细信息
ISBN:
(纸本)9781538649695
GoldRusher is a dynamic analysis tool primarily meant to aid reverse engineers with analyzing malware. Based on the fact that hidden code segments rarely execute, the tool is able to rapidly highlight functions and basic blocks that are potentially hidden, and identify the trigger conditions that control their executions.
With the rapid popularization of QR code technology, colour QR code is an important direction of its development, making it of great value to research a colour QR code that can be read directly while improving the dat...
详细信息
With the rapid popularization of QR code technology, colour QR code is an important direction of its development, making it of great value to research a colour QR code that can be read directly while improving the data capacity. This letter proposes a novel composite colour QR code by combining colour coding and multiplexing technology. Based on the actual demands of high-capacity, this code presents the public identification information in the form of the plain code and conceals the secret information (e.g., authentication information such as traceability, blockchain) as the hidden code. The reading conditions of colour QR codes are discussed, a colour coding model is established and the corresponding algorithm to optimize its design is given. Through code scanning tests, it is verified that this kind of code has significant value in the field of anti-counterfeiting, commodity marketing etc.
In Alibaba, we have seen a growing demand for tracing data flow for scenarios such as data leak detection, change governance, and data consistency checking. Static taint analysis is a technique for such problems, and ...
详细信息
ISBN:
(纸本)9781450370431
In Alibaba, we have seen a growing demand for tracing data flow for scenarios such as data leak detection, change governance, and data consistency checking. Static taint analysis is a technique for such problems, and many approaches are proposed for high scalability and precision. This paper shares our experience in applying taint analysis in Alibaba. In particular, we find that the state-ofthe-art taint analysis tool, FlowDroid, does not work well in our cases because our applications make heavy use of libraries, native methods and enterprise-specific frameworks, which impose two major challenges, scalability and implicit dependency, to FlowDroid. This paper presents ANTaint to address these problems. ANTaint improves scalability by expanding the call graph and applying taint propagation on demand for libraries, which account for majority of the program execution but only a small fraction propagates taints. To improve accuracy, we ensure to build a sound call graph with its core part having certain accuracy, and providing a more precise taint propagation model. The practice of applying ANTaint in the company workload validates the idea. According to an experiment on 60 production cases, ANTaint is correct for 95% of the cases (precision: 95%, recall: 98%) while FlowDroid is 13%. ANTaint takes 65% less time and none of the cases run out of memory with 32 GB limitation.
暂无评论