• Home
  • Shamil Kurmangaleev
Shamil Kurmangaleev

Shamil Kurmangaleev
Institute for System Programming, Russian Academy of Sciences · CTT

Ph.D.

About

54
Publications
8,057
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
226
Citations

Publications

Publications (54)
Conference Paper
Full-text available
Nowadays, exploits often rely on a code-reuse approach. Short pieces of code called gadgets are chained together to execute some payload. Code-reuse attacks can exploit vulnerabilities in the presence of operating system protection that prohibits data memory execution. The ROP chain construction task is the code generation for the virtual machine d...
Preprint
Full-text available
Nowadays, exploits often rely on a code-reuse approach. Short pieces of code called gadgets are chained together to execute some payload. Code-reuse attacks can exploit vulnerabilities in the presence of operating system protection that prohibits data memory execution. The ROP chain construction task is the code generation for the virtual machine d...
Article
In this paper we present a novel code analysis platform referred as "GENESISP". Its aim is to collect vast database of open source software and apply several integrated analyses. This analysis allows to understand relations within source and binary code, as well as detect existing defects. All the analyses are compatible with each other and can be...
Article
In this paper we present a novel code analysis platform referred as "GENESISP". Its aim is to collect vast database of open source software and apply several integrated analyses. This analysis allows to understand relations within source and binary code, as well as detect existing defects. All the analyses are compatible with each other and can be...
Conference Paper
Full-text available
The security development lifecycle (SDL) is becoming an industry standard. Dynamic symbolic execution (DSE) has enormous amount of applications in computer security (fuzzing, vulnerability discovery, reverse-engineering, etc.). We propose several performance and accuracy improvements for dynamic symbolic execution. Skipping non-symbolic instruction...
Preprint
Full-text available
The security development lifecycle (SDL) is becoming an industry standard. Dynamic symbolic execution (DSE) has enormous amount of applications in computer security (fuzzing, vulnerability discovery, reverse-engineering, etc.). We propose several performance and accuracy improvements for dynamic symbolic execution. Skipping non-symbolic instruction...
Article
Full-text available
Randomized testing (fuzzing) is a well-known approach for finding bugs in programs. Fuzzing is typically performed during the finishing stage of quality assurance in order to check the stability of the target program in the face of malformed or unexpected input data. Modern software more than often provides an API for extending its functionality by...
Article
Full-text available
Despite the fact that software development uses various technologies and approaches to diagnose errors in the early stages of development and testing, some errors are discovered during operation. To the user, errors often look like a program crash while running. To collect reports on program crashes, a special analysis component is built into the o...
Article
Full-text available
A novel method for detecting use-after-free bugs based on the program dynamic analysis is described. In memory unsafe programming languages, such as C or C++, this class of bugs mainly occurs when the program tries to access an area of dynamically allocated memory that has been already freed. For each program execution path, the method checks the c...
Article
Full-text available
Nowadays, ensuring software security is of paramount importance. Software failures can have significant consequences, and malicious vulnerability exploitation can inflict immense losses. Large corporations pay particular attention to the investigation of computer security incidents. Code-reuse attacks based on return-oriented programming (ROP) are...
Conference Paper
Full-text available
In this paper we introduce ISP-Fuzzer, an extendable fuzzing framework. The framework supports plugins which makes possible to tune it for any fuzzing task. ISP-Fuzzer capable of performing fuzzing for: files, standard input, network, network protocols. As well it can generate BNF structured data for compilers and interpreters fuzzing. The framewor...
Article
In this paper we present a new approach for directed fuzzing. It enables faster generation of the input data for the target program's specific instructions execution. Existing fuzzing tools randomly generate or mutate input data to increase code coverage. This approach is not effective for analysis of special code regions. The basic idea behind of...
Article
Full-text available
Software developers often resort to borrowing code both within one project and from another. Due to the possible content of errors in the source code snippet, this can lead to error propagation across program. Libraries used without source code may also contain potential errors. The purpose of this work is developing methods for analyzing the natur...
Conference Paper
In this paper we present a new approach for directed fuzzing. It enables faster generation of the input data for the target program's specific instructions execution. Existing fuzzing tools randomly generate or mutate input data to increase code coverage. This approach is not effective for analysis of special code regions. The basic idea behind of...
Article
Full-text available
This paper presents a novel approach of generation effective inputs for fuzz testing. Most applications check input format before performing basic calculations. That kind of applications usually parse service information of input file to decide whether it is supported or not. Input formats which are not supported are discarded and the application f...
Article
Full-text available
This paper describes a new approach for dynamic code analysis. It combines dynamic symbolic execution and static code analysis with fuzzing to increase efficiency of each component. During fuzzing we recover indirect function calls and pass that information to the static analysis engine. This improves static path detection in the control flow graph...
Article
This article presents new method for fuzzing programs accepting complex structured data based on BNF grammars. The majority of existing fuzzing methods do not take into account the structure of inputs for target program. Existing BNF structured data generating tools have various restrictions: BNF rules must be specified for target program, they are...
Article
Nowadays, software developers often face the following problem: there is a large amount of inputs that cause the program to crash. In practice, this amount of inputs is too large to be analyzed manually in a reasonable time. This paper contains an overview and analysis of existing methods for this problem. A new method for analyzing crashes to sele...
Article
Full-text available
The article describes new method of use after free bug detection using program dynamic analysis. In memory-unsafe programming languages such as C/C++ this class of bugs mainly accurse when program tries to access specific area of dynamically allocated memory that has been already freed. This method is based on combination of two basic components. T...
Article
Software vulnerabilities are a serious security threat. It is important to develop protection mechanisms preventing their exploitation, especially with a rapid increase of ROP attacks. State of the art protection mechanisms have some drawbacks that can be used by attackers. In this paper, we propose fine-grained address space layout randomization o...
Conference Paper
This article presents new method for fuzzing programs accepting complex structured data based on BNF grammars. The majority of existing fuzzing methods do not take into account the structure of inputs for target program. Existing BNF structured data generating tools have various restrictions: BNF rules must be specified for target program, they are...
Article
This paper presents multiplatform framework for static detection of the most common program defects occurring due to usage of C/C++ programming languages. The developed platform capable to analyze the source code and binary code of the program. For program analysis, SDG (System Dependence Graph) [1] machine independent representation is used. SDG c...
Article
Full-text available
This paper presents platform independent framework for static detection of the most common program defects occurring due to usage of C/C++ programming languages. The developed platform capable to analyze the source code and binary code of the program. For program analysis, SDG (System Dependence Graph) machine independent representation is used. SD...
Article
Full-text available
Approaches for code execution using program vulnerabilities are considered in this paper. Particularly, ways of code execution using buffer overflow on stack and on heap, using use-after-free vulnerabilities and format string vulnerabilities are examined in section 2. Methods for automatic generation input data, leading to code execution are descri...
Article
Full-text available
Program vulnerabilities are a serious security threat. It is important to develop defenses preventing their exploitation, especially with a rapid increase of ROP attacks. State of the art defenses have some drawbacks that can be used by attackers. In this paper we propose fine-grained address space layout randomization on program load that is able...
Article
A detailed description of a method for detection of code clones is described. This method is based on the semantic analysis of programs and on new algorithms that make it scalable without affecting its accuracy. The proposed method involves two phases. In the first phase, the program dependence graph (PDG) is constructed while the program is compil...
Article
Full-text available
This paper introduces a refined method for automated exploitability evaluation of found program bugs. During security development lifecycle a significant number of crashes is detected in programs. Because of limited resources, bug fixing is time consuming and needs prioritization. It should be the matter of highest priority to fix exploitable bugs....
Article
Full-text available
During the software development developers often copy and paste fragments of code to achieve the desired result. Copying of code can lead to variety of errors, as well as can increase the size of the source and binary code. The problem of finding semantically similar pieces of code (clones) in binary code becomes actual due to the unavailability of...
Conference Paper
Existed methods of code clones detection have some restrictions. Textual and lexical approaches cannot detect strongly modified fragments of code. Syntactic and metrics based approaches detect strong modifications with low accuracy. On the contrary, semantic approach accurately detects the cloned fragments of code with small changes as well as the...
Article
Software vulnerabilities are a serious threat for security of information systems. Any software written in C/C++ contain considerable amount of vulnerabilities. Some of them can be used by attackers to seize control of the system. In this paper, for counteracting such vulnerabilities, we propose to use compiler transformations: function reordering...
Article
Full-text available
This article describes the methods of code clones detection. New approach of code clones detection is proposed for C/C++ languages based on analysis of existed methods. The method based on semantic analysis of the project, which allows detecting code clones with high accuracy. It is realized as part of LLVM compiler, which allows exceeding existed...
Article
Full-text available
The article describes a new method of code clones detection for C/C++ programming languages. The method is based on metrics for program dependence graph. For every node of program dependence graph a characteristic vector is constructed, which contains information about neighbors. These characteristic vectors are represented as sixty four bit intege...
Article
Full-text available
Software vulnerabilities are critical for security. All C/C++ programs contain significant amount of vulnerabilities. Some of them can be successfully exploitable by attacker to gain control of the execution flow. In this article we propose several compiler protection techniques against vulnerability exploitation: function reordering, insertion of...
Article
Full-text available
The paper describes the methods for obfuscating C/C++ programs to prevent applying static analyzers to them. The methods are implemented within the well-known LLVM compiler infrastructure. Experimental results presenting resulting program slowdown and used memory growth are given.
Article
Full-text available
The paper describes the workflow for optimizing programs for performance targeting the fixed hardware architecture with static compilation using GCC and LLVM compilers as examples. We present some of the optimizations performed and the corresponding evaluation results. We also describe TACT, a tool for automatic compiler tuning for the given applic...
Article
Full-text available
The paper describes two-stage compilation approach for C/C++ languages that allows deploying application in the LLVM intermediate representation. The LLVM modifications for optimizing code generation time are presented as well as the developed profile-based optimizations. The specialized application cloud storage architecture is also suggested.
Conference Paper
This paper describes the two-stage compilation system based on LLVM compiler infrastructure and the performance optimizations made possible by this deployment technique.
Article
Full-text available
This paper describes the work on development of the deobfuscation software. The main target of the developed software is the analysis of the obfuscated malware code. The need of this analysis comes from the obfuscation techniques being widely used for protecting implementations. The regular disassembly tool mostly used by an analyst transforms a bi...
Article
Full-text available
This paper analyzes approaches for optimizing C/C++ applications used in twostage compilation system, allowing distributing such applications in the LLVM (low level virtual machine) intermediate representation. The on-stack replacement technique implemented in the LLVM just-in-time compiler is described. The paper presents a static instrumentation...
Article
Full-text available
There is pronounced interest to cloud computing in the scientific community. However, current cloud computing offerings are rarely suitable for highperformance computing, in large part due to an overhead level of underlying virtualization components. The purpose of this paper is to propose a design and implementation of a cloud system that possesse...
Article
Full-text available
Obfuscation algorithms are now widely used to prevent software reverse engineering. Binary code virtualization is one of the most powerful obfuscations technics. Another obfuscation method known as “dispatching” can be used to transform application control flow similarly to virtual machine insertion. Our research was aimed at reconstruction of cont...
Article
Full-text available
The paper describes the obfuscating transformations, which were implemented while developing an LLVM-based obfuscating compiler in ISP RAS. The proposed transformations are based on well-known obfuscation algorithms and are specifically improved to resist better to static analysis deobfuscation techniques. The application performance decrease estim...
Article
Full-text available
Nowadays protecting intellectual property rights for created software is very important because of many competing companies and ubiquitous piracy. The powerful technique for this protection is to obfuscate program code. This paper describes an approach for developing an obfuscation tool based on a compiler infrastructure. Using the compiler infrast...

Network

Cited By