TEMU: The BitBlaze Dynamic Analysis Component
[Overview] [Publications] [Downloads] [Acknowledgement] [Mailing List] [Back to BitBlaze]
The BitBlaze infrastructure provides a component, called TEMU, for
dynamic binary analysis. TEMU is built upon a whole-system emulator,
QEMU, and provides the following
functionality:
- Dynamic taint analysis. TEMU is able to perform whole-system
dynamic taint analysis. Marking certain information sources (e.g.,
keystrokes, network inputs, reads for certain memory locations, and
function call outputs) as tainted, TEMU keeps track of the tainted
information propagating in the system. This feature also provides a
plug-in environment for dynamic symbolic execution, in
which symbolic values are marked as tainted, and concrete values as
untainted.
- OS awareness. Information about OS-level abstractions like
processes and files is important for many kinds of analysis. Using
knowledge of the guest operating system (Windows XP or Linux), TEMU
can determine what process and module is currently executing, what
API calls have been invoked (with their arguments), and what disk
locations belong to which files.
- In-depth behavioral analysis. TEMU is able to understand how an
analyzed binary interacts with the environment, such as what API calls are
invoked, and what outstanding memory locations are accessed. By marking the
inputs as tainted (i.e., symbolic), TEMU provides insights about how outputs
are formulated from inputs.
- BitBlaze: A New Approach
to Computer Security via Binary Analysis
-
- Dawn Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager,
Min Gyung Kang, Zhenkai Liang, James Newsome, Pongsin Poosankam,
and Prateek Saxena. Keynote Invited Paper, In Proceedings of the 4th
International Conference on Information Systems Security,
December 2008.
A high-level overview covering Vine, TEMU, and Rudder.
- TEMU Installation
and User Manual (HTML) (or PDF)
- Describes how to build TEMU, and gives a tutorial-style
introduction to its usage.
TEMU 1.0 is now available for download. The release includes the
source code for the TEMU core (based on QEMU 0.9.1) and a sample
tainting plugin, released under the GNU LGPL, as well as a Linux
binary for the tracing plugin Tracecap.
This release does not include many other analysis plugins we have
built using TEMU, but stay subscribed to the bitblaze-announcements
list for updates about future releases.
temu-1.0.tar.gz (8.9MB)
To acknowledge the use of the downloaded software, please include both
of the following two citations:
@InProceedings{SBYCJKLNPS2008,
author = {Dawn Song and David Brumley and Heng Yin and Juan Caballero and
Ivan Jager and Min Gyung Kang and Zhenkai Liang and James Newsome and
Pongsin Poosankam and Prateek Saxena},
title = {{BitBlaze}: A New Approach to Computer Security via Binary Analysis},
booktitle = {Proceedings of the 4th International Conference on Information Systems Security. Keynote invited paper.},
address = {Hyderabad, India},
year = 2008,
month = dec,
}
@Misc{BitBlazeWebSite,
key = {BitBlaze},
title = {{BitBlaze}: Binary Analysis for Computer Security},
note = {\url{http://bitblaze.cs.berkeley.edu/}}
}
Though we are not providing formal support for TEMU at this time,
we would like to hear if you are making use of it, if you run into
any bugs or problems, or if you have suggestions for feature
additions. Please subscribe to the bitblaze-users
mailing list (via Google Groups) and share your experiences.
For general questions regarding the BitBlaze project,
please send email to bitblaze at gmail.com.
To receive announcements about code releases and
other bitblaze related updates, please subscribe to the
Bitblaze Announcement List
Back to BitBlaze