Development of Storage for Data Format Specifications and Their Refinement by Program Trace Set Analysis

Student: Sobolev Sergey

Supervisor:

Educational Programme: System Programming (Master)

Final Grade: 10

Year of Graduation: 2020

Protocol reverse engineering is the process of extracting data format specifications and states from network traffic or implementations. Such specifications very useful in security-related tasks, for example, black-box fuzzing, malware neutralization, to perform deep packet inspection to detect and prevent intrusions. Use of protective mechanisms by developers prevents manual protocol analysis. This graduation paper offers an automated way to solve the problem of data format specifications recovery based on a dynamic approach to the analysis of binary code by program traces. The advantages and disadvantages of alternative approaches to solving the problem are considered. Methods have been developed and implemented to resolve the disadvantages of the chosen approach and obtain more accurate results.

Full text (added May 22, 2020)

Student Theses at HSE must be completed in accordance with the University Rules and regulations specified by each educational programme.

Summaries of all theses must be published and made freely available on the HSE website.

The full text of a thesis can be published in open access on the HSE website only if the authoring student (copyright holder) agrees, or, if the thesis was written by a team of students, if all the co-authors (copyright holders) agree. After a thesis is published on the HSE website, it obtains the status of an online publication.

Student theses are objects of copyright and their use is subject to limitations in accordance with the Russian Federation’s law on intellectual property.

In the event that a thesis is quoted or otherwise used, reference to the author’s name and the source of quotation is required.

Search all student theses