乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,6,5]],"date-time":"2024-06-05T10:19:32Z","timestamp":1717582772406},"reference-count":43,"publisher":"Association for Computing Machinery (ACM)","issue":"4","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"published-print":{"date-parts":[[2013,10]]},"abstract":"A CPU emulator is a software system that simulates a hardware CPU. Emulators are widely used by computer scientists for various kind of activities (e.g., debugging, profiling, and malware analysis). Although no theoretical limitation prevents developing an emulator that faithfully emulates a physical CPU, writing a fully featured emulator is a very challenging and error prone task. Modern CISC architectures have a very rich instruction set, some instructions lack proper specifications, and others may have undefined effects in corner cases. This article presents a testing methodology specific for CPU emulators, based on fuzzing. The emulator is \u201cstressed\u201d with specially crafted test cases, to verify whether the CPU is properly emulated or not. Improper behaviors of the emulator are detected by running the same test case concurrently on the emulated and on the physical CPUs and by comparing the state of the two after the execution. Differences in the final state testify defects in the code of the emulator. We implemented this methodology in a prototype (named as EmuFuzzer), analyzed five state-of-the-art IA-32 emulators (QEMU, Valgrind, Pin, BOCHS, and JPC), and found several defects in each of them, some of which can prevent proper execution of programs.<\/jats:p>","DOI":"10.1145\/2522920.2522922","type":"journal-article","created":{"date-parts":[[2013,10,17]],"date-time":"2013-10-17T12:23:34Z","timestamp":1382012614000},"page":"1-26","update-policy":"http:\/\/dx.doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["A methodology for testing CPU emulators"],"prefix":"10.1145","volume":"22","author":[{"given":"Lorenzo","family":"Martignoni","sequence":"first","affiliation":[{"name":"Universit\u00e0 degli Studi di Udine, Italy"}]},{"given":"Roberto","family":"Paleari","sequence":"additional","affiliation":[{"name":"Universit\u00e0 degli Studi di Milano, Italy"}]},{"given":"Alessandro","family":"Reina","sequence":"additional","affiliation":[{"name":"Universit\u00e0 degli Studi di Milano, Italy"}]},{"given":"Giampaolo Fresi","family":"Roglia","sequence":"additional","affiliation":[{"name":"Universit\u00e0 degli Studi di Milano, Italy"}]},{"given":"Danilo","family":"Bruschi","sequence":"additional","affiliation":[{"name":"Universit\u00e0 degli Studi di Milano, Italy"}]}],"member":"320","published-online":{"date-parts":[[2013,10,22]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Procedings of the 15th European Institute for Computer Antivirus Research Annual Conference (EICAR'06)","author":"Bayer U."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.5555\/1247360.1247401"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180445"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1287624.1287651"},{"key":"e_1_2_1_5_1","unstructured":"DeMott J. 2006. The evolving art of fuzzing. Def. Con 14. DeMott J. 2006. The evolving art of fuzzing. Def. Con 14."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_2_1_7_1","unstructured":"Ferrie P. 2006. Attacks on virtual machine emulators. Tech. rep. Symantec Advanced Threat Research. Ferrie P. 2006. Attacks on virtual machine emulators. Tech. rep. Symantec Advanced Threat Research."},{"key":"e_1_2_1_8_1","volume-title":"Proceedings of Network and Distributed Systems Security Symposium (NDSS). The Internet Society","author":"Garfinkel T."},{"key":"e_1_2_1_9_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS). The Internet Society","author":"Godefroid P."},{"key":"e_1_2_1_10_1","unstructured":"Google Inc. 2011. Android emulator. http:\/\/code.google.com\/android\/reference\/emulator.html. Google Inc. 2011. Android emulator. http:\/\/code.google.com\/android\/reference\/emulator.html."},{"key":"e_1_2_1_11_1","unstructured":"Intel. 2008. Intel 64 and IA-32 Architectures Software Developer's Manual. Intel. Instruction Set Reference. Intel. 2008. Intel 64 and IA-32 Architectures Software Developer's Manual. Intel. Instruction Set Reference."},{"key":"e_1_2_1_12_1","unstructured":"Kaksonen R. 2001. A functional method for assessing protocol implementation security. Tech. rep. VTT Electronics. Kaksonen R. 2001. A functional method for assessing protocol implementation security. Tech. rep. VTT Electronics."},{"key":"e_1_2_1_13_1","doi-asserted-by":"crossref","unstructured":"Koziol J. Litchfield D. Aitel D. Anley C. Eren S. Mehta N. and Hassell R. 2004. The Shellcoder's Handbook: Discovering and Exploiting Security Holes. Wiley. Koziol J. Litchfield D. Aitel D. Anley C. Eren S. Mehta N. and Hassell R. 2004. The Shellcoder's Handbook: Discovering and Exploiting Security Holes. Wiley.","DOI":"10.1016\/S0267-3649(04)00080-9"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1882362.1882405"},{"key":"e_1_2_1_15_1","volume-title":"Bochs: A portable PC emulator for unix\/x. Linux J.","author":"Lawton K. P.","year":"1996"},{"key":"e_1_2_1_16_1","unstructured":"Lichstein H. A. 1969. When should you emulate? Datamation 11 205--210. Lichstein H. A. 1969. When should you emulate? Datamation 11 205--210."},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065034"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.982916"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2007.41"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1572272.1572303"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1831708.1831730"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.5555\/1433006.1433013"},{"key":"e_1_2_1_23_1","first-page":"100","article-title":"Differential testing for software","volume":"10","author":"McKeeman W. M.","year":"1998","journal-title":"Digital Tech. J."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/96267.96279"},{"key":"e_1_2_1_25_1","unstructured":"Myers G. J. 1978. The Art of Software Testing. Wiley. Myers G. J. 1978. The Art of Software Testing. Wiley."},{"key":"e_1_2_1_26_1","unstructured":"netbsd64 2011. NetBSD\/amd64. http:\/\/www.netbsd.org\/ports\/amd64\/. netbsd64 2011. NetBSD\/amd64. http:\/\/www.netbsd.org\/ports\/amd64\/."},{"key":"e_1_2_1_27_1","unstructured":"Nethercote N. 2004. Dynamic binary analysis and instrumentation. Ph.D. thesis Computer Laboratory University of Cambridge UK. Nethercote N. 2004. Dynamic binary analysis and instrumentation. Ph.D. thesis Computer Laboratory University of Cambridge UK."},{"key":"e_1_2_1_28_1","unstructured":"Oberheide J. and Miller C. 2012. Dissecting the Android bouncer. SummerCon Brooklyn NY. http:\/\/jon. oberheide.org\/files\/summercon12-bouncer.pdf. Oberheide J. and Miller C. 2012. Dissecting the Android bouncer. SummerCon Brooklyn NY. http:\/\/jon. oberheide.org\/files\/summercon12-bouncer.pdf."},{"key":"e_1_2_1_29_1","volume-title":"Proceedings of CanSecWest Applied Security Conference.","author":"Ormandy T.","year":"2007"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1831708.1831741"},{"key":"e_1_2_1_31_1","unstructured":"Paleari R. Martignoni L. Reina A. Fresi Roglia G. and Bruschi D. 2011. EmuFuzzer Red-Pills Archive. http:\/\/security.di.unimi.it\/emufuzzer.html. Paleari R. Martignoni L. Reina A. Fresi Roglia G. and Bruschi D. 2011. EmuFuzzer Red-Pills Archive. http:\/\/security.di.unimi.it\/emufuzzer.html."},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1453101.1453131"},{"key":"e_1_2_1_33_1","volume-title":"JPC: The pure Java \u00d7 86 PC emulator","author":"Preston I.","year":"2007"},{"key":"e_1_2_1_34_1","unstructured":"Quist D. and Smith V. 2006. Detecting the presence of virtual machines using the local data table. Offensive Computing. http:\/\/www.offensivecomputing.net\/files\/active\/0.vm.pdf. Quist D. and Smith V. 2006. Detecting the presence of virtual machines using the local data table. Offensive Computing. http:\/\/www.offensivecomputing.net\/files\/active\/0.vm.pdf."},{"key":"e_1_2_1_35_1","volume-title":"Proceedings of the Information Security Conference (ISC'07)","author":"Raffetseder T."},{"key":"e_1_2_1_36_1","volume-title":"Proceedings of the 9th Conference on USENIX Security Symposium (SSYMM'00)","author":"Robin J. S."},{"key":"e_1_2_1_37_1","unstructured":"Rutkowska J. 2004. Red Pill\u2026 or how to detect VMM using (almost) one CPU instruction. http:\/\/www.ouah.org\/Red_%20Pill.html. Rutkowska J. 2004. Red Pill\u2026 or how to detect VMM using (almost) one CPU instruction. http:\/\/www.ouah.org\/Red_%20Pill.html."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1831708.1831733"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1081706.1081750"},{"key":"e_1_2_1_40_1","unstructured":"Sun Microsystem. 2011. VirtualBox. http:\/\/www.virtualbox.org. Sun Microsystem. 2011. VirtualBox. http:\/\/www.virtualbox.org."},{"key":"e_1_2_1_41_1","volume-title":"Fuzzing: Brute Force Vulnerability Discovery","author":"Sutton M.","year":"2007"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2001420.2001422"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/1882291.1882330"}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2522920.2522922","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,30]],"date-time":"2022-12-30T08:43:33Z","timestamp":1672389813000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2522920.2522922"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,10]]},"references-count":43,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2013,10]]}},"alternative-id":["10.1145\/2522920.2522922"],"URL":"https:\/\/doi.org\/10.1145\/2522920.2522922","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"value":"1049-331X","type":"print"},{"value":"1557-7392","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,10]]},"assertion":[{"value":"2010-10-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2012-07-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2013-10-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}