Dynamic binary translation using run-time feedbacks

Dynamic binary translation is the process of translating, modifying and rewriting executable (binary) code from one machine to another at run-time. This process of low-level re-engineering consists of a reverse engineering phase followed by a forward engineering phase. UQDBT, the University of Queensland Dynamic Binary Translator, is a machine-adaptable translator. Adaptability is provided through the specification of properties of machines and their instruction sets, allowing the support of different pairs of source and target machines. Most binary translators are closely bound to a pair of machines, making analyses and code hard to reuse. Like most virtual machines, UQDBT performs generic optimizations that apply to a variety of machines. Frequently executed code is translated to native code by the use of edge weight instrumentation, which makes UQDBT converge more quickly than systems based on instruction speculation. In this paper, we describe the architecture and run-time feedback optimizations performed by the UQDBT system, and provide results obtained in the x86 and SPARC® platforms.

Fighting Evasive Malware with DVasion

Malware is a foundational component of cyber crime that enables an attacker to modify the normal operation of a computer or access sensitive, digital information. Despite the extensive research performed to identify such programs, existing schemes fail to detect evasive malware, an increasingly popular class of malware that can alter its behavior at run-time, making it difficult to detect using today’s state of the art malware analysis systems. In this thesis, we present DVasion, a comprehensive strategy that exposes such evasive behavior through a multi-execution technique. DVasion successfully detects behavior that would have been missed by traditional, single-execution approaches, while addressing the limitations of previously proposed multi-execution systems. We demonstrate the accuracy of our system through strong parallels with existing work on evasive malware, as well as uncover the hidden behavior within 167 of 1,000 samples.

Génération efficace de graphes d’appels dynamiques complets

Analyser le code permet de vérifier ses fonctionnalités, détecter des bogues ou améliorer sa performance. L’analyse du code peut être statique ou dynamique. Des approches combinants les deux analyses sont plus appropriées pour les applications de taille industrielle où l’utilisation individuelle de chaque approche ne peut fournir les résultats souhaités. Les approches combinées appliquent l’analyse dynamique pour déterminer les portions à problèmes dans le code et effectuent par la suite une analyse statique concentrée sur les parties identifiées. Toutefois les outils d’analyse dynamique existants génèrent des données imprécises ou incomplètes, ou aboutissent en un ralentissement inacceptable du temps d’exécution. Lors de ce travail, nous nous intéressons à la génération de graphes d’appels dynamiques complets ainsi que d’autres informations nécessaires à la détection des portions à problèmes dans le code. Pour ceci, nous faisons usage de la technique d’instrumentation dynamique du bytecode Java pour extraire l’information sur les sites d’appels, les sites de création d’objets et construire le graphe d’appel dynamique du programme. Nous démontrons qu’il est possible de profiler dynamiquement une exécution complète d’une application à temps d’exécution non triviale, et d’extraire la totalité de l’information à un coup raisonnable. Des mesures de performance de notre profileur sur trois séries de benchmarks à charges de travail diverses nous ont permis de constater que la moyenne du coût de profilage se situe entre 2.01 et 6.42. Notre outil de génération de graphes dynamiques complets, nommé dyko, constitue également une plateforme extensible pour l’ajout de nouvelles approches d’instrumentation. Nous avons testé une nouvelle technique d’instrumentation des sites de création d’objets qui consiste à adapter les modifications apportées par l’instrumentation au bytecode de chaque méthode. Nous avons aussi testé l’impact de la résolution des sites d’appels sur la performance générale du profileur.

Elaboração de material pré-composicional através de expansão de procedimentos do sistema Schillinger de composição musical

The work aims at investigating possibilities of extending compositional procedures, based on the Schillinger System of Musical Composition (SSMC). I start by elaborating a brief historical review on SSMC, which is followed by a critical review of the System. The work includes a state of the art on the research on this topic, performed upon analysis of the current work conducted by a research group from the UFRN Music School from which I also make part. The main line of the research is to elaborate on the suggestion of extending the SSMC concept of place of attack to the idea of place of instrumentation, through developing a binary instrumentation procedure. The experimentation on the thesis‟ hypothesis is presented in my composition titled “Suíte Grega” (Greek Suite), a compositional memoir for Oboe, Saxophone and 3 Cellos.

Theoretical and Computational Analysis of Static and Dynamic Anomalies in Water-DMSO Binary Mixture at Low DMSO Concentrations

Experiments have repeatedly observed both thermodynamic and dynamic anomalies in aqueous binary mixtures, surprisingly at low solute concentration. Examples of such binary mixtures include water-DMSO, water-ethanol, water-tertiary butyl alcohol (TBA), and water-dioxane, to name a few. The anomalies have often been attributed to the onset of a structural transition, whose nature, however, has been left rather unclear. Here we study the origin of such anomalies using large scale computer simulations and theoretical analysis in water-DMSO binary mixture. At very low DMSO concentration (below 10%), small aggregates of DMSO are solvated by water through the formation of DMSO-(H2O)(2) moieties. As the concentration is increased beyond 10-12% of DMSO, spanning clusters comprising the same moieties appear in the system. Those clusters are formed and stabilized not only through H-bonding but also through the association of CH3 groups of DMSO. We attribute the experimentally observed anomalies to a continuum percolation-like transition at DMSO concentration X-DMSO approximate to 12-15%. The largest cluster size of CH3-CH3 aggregation clearly indicates the formation of such percolating clusters. As a result, a significant slowing down is observed in the decay of associated rotational auto time correlation functions (of the S = O bond vector of DMSO and O-H bond vector of water). Markedly unusual behavior in the mean square fluctuation of total dipole moment again suggests a structural transition around the same concentration range. Furthermore, we map our findings to an interacting lattice model which substantiates the continuum percolation model as the reason for low concentration anomalies in binary mixtures where the solutes involved have both hydrophilic and hydrophobic moieties.

A layered JavaScript virtual machine supporting dynamic instrumentation

L’observation de l’exécution d’applications JavaScript est habituellement réalisée en instrumentant une machine virtuelle (MV) industrielle ou en effectuant une traduction source-à-source ad hoc et complexe. Ce mémoire présente une alternative basée sur la superposition de machines virtuelles. Notre approche consiste à faire une traduction source-à-source d’un programme pendant son exécution pour exposer ses opérations de bas niveau au travers d’un modèle objet flexible. Ces opérations de bas niveau peuvent ensuite être redéfinies pendant l’exécution pour pouvoir en faire l’observation. Pour limiter la pénalité en performance introduite, notre approche exploite les opérations rapides originales de la MV sous-jacente, lorsque cela est possible, et applique les techniques de compilation à-la-volée dans la MV superposée. Notre implémentation, Photon, est en moyenne 19% plus rapide qu’un interprète moderne, et entre 19× et 56× plus lente en moyenne que les compilateurs à-la-volée utilisés dans les navigateurs web populaires. Ce mémoire montre donc que la superposition de machines virtuelles est une technique alternative compétitive à la modification d’un interprète moderne pour JavaScript lorsqu’appliqué à l’observation à l’exécution des opérations sur les objets et des appels de fonction.

Dynamic mechanical analysis of binary and ternary polymer blends based on nylon copolymer/EPDM rubber and EPM grafted maleic anhydride compatibilizer

The dynamic mechanical properties such as storage modulus, loss modulus and damping properties of blends of nylon copolymer (PA6,66) with ethylene propylene diene (EPDM) rubber was investigated with special reference to the effect of blend ratio and compatibilisation over a temperature range –100°C to 150°C at different frequencies. The effect of change in the composition of the polymer blends on tanδ was studied to understand the extent of polymer miscibility and damping characteristics. The loss tangent curve of the blends exhibited two transition peaks, corresponding to the glass transition temperature (Tg) of individual components indicating incompatibility of the blend systems. The morphology of the blends has been examined by using scanning electron microscopy. The Arrhenius relationship was used to calculate the activation energy for the glass transition of the blends. Finally, attempts have been made to compare the experimental data with theoretical models.

Dynamic viscosity of binary and ternary mixtures containing poly(ethylene glycol), potassium phosphate, and water

Dynamic viscosity of binary mixtures of poly(ethylene glycol) molar mass 1500 da + water, potassium phosphate + water, and ternary mixtures of poly(ethylene glycol) molar mass 1500 da + potassium phosphate + water were determined at 303.15 K Binary and ternary mixture viscosities showed a direct logarithm-type relation with the increase of poly(ethylene glycol) and potassium phosphate contents. The models used for viscosity correlation gave a good fit to the experimental data.