a testbed would allow one to examine a program to ascertain if it is suspicious. In the following... more a testbed would allow one to examine a program to ascertain if it is suspicious. In the following section. This paper proposes an environment for detecting many we present a taxonomy of malicious code with examtypes of malicious code, including computer viruses, pies. Following the taxonomy, we discuss many of tile Trojan horses, and timet'logic bombs. This malicious known methodsofcopingwith maliciouscode. We Lhen code testbed (MCT) is based upon both static and dy-summarize the progress which has been made at UC ,amic analysis tools developed at the University of Col-Davis. Finally, we propose the idea of the malicious ,fornia, Davis, which have been shown to be .effective code te.stbed, which combines this previous work into a against certain types of malicious code. The testbed ex-more effective system. te,ds the usefulness of these tools by using them in a complementary fashion to detect more general cases of malicious code. Perhaps more importantly, the MCT allows administrators and security analysts to check a 2 Taxonomy of Malicious Code program before installation, thereby avoiding any damage a malicious program might inflict. Computer security should insure that no unauthorized A'eywords: Detection of Malicious Code, Static Analy-actions are carried out on a computer system. Security sis, Dynamic Analysis. is violated when someone succeeds in retrieving data without authorization, destroying or altering data be
Sequential debuggers are lacking, but little efont is spent researching ways to improve them. Thi... more Sequential debuggers are lacking, but little efont is spent researching ways to improve them. This system, based on h igh-level abstraction, helps redress this shortcoming.
ABSTRACT Dynamically-linked programs in general do not perform as well as statically-linked progr... more ABSTRACT Dynamically-linked programs in general do not perform as well as statically-linked programs. This paper identifies three main areas that account for the performance loss. First, symbols are referenced indirectly and thus extra instructions are required. Second, the overhead in run-time symbol resolution is significant. Third, poor locality of functions in shared libraries and data structures maintained by the run-time linker may result in poor memory utilization. This paper presents new optimization techniques we developed that address these three areas and significantly improve the performance of dynamically-linked programs. Also, we provide measurements of the performance improvement achieved. Most importantly, we show that all desirable features of shared libraries can be achieved without sacrificing performance.
Proceedings of the Usenix 1995 Technical Conference Proceedings, 1995
ABSTRACT Dynamically-linked programs in general do not perform as well as statically-linked progr... more ABSTRACT Dynamically-linked programs in general do not perform as well as statically-linked programs. This paper identifies three main areas that account for the performance loss. First, symbols are referenced indirectly and thus extra instructions are required. Second, the overhead in run-time symbol resolution is significant. Third, poor locality of functions in shared libraries and data structures maintained by the run-time linker may result in poor memory utilization. This paper presents new optimization techniques we developed that address these three areas and significantly improve the performance of dynamically-linked programs. Also, we provide measurements of the performance improvement achieved. Most importantly, we show that all desirable features of shared libraries can be achieved without sacrificing performance.
a testbed would allow one to examine a program to ascertain if it is suspicious. In the following... more a testbed would allow one to examine a program to ascertain if it is suspicious. In the following section. This paper proposes an environment for detecting many we present a taxonomy of malicious code with examtypes of malicious code, including computer viruses, pies. Following the taxonomy, we discuss many of tile Trojan horses, and timet'logic bombs. This malicious known methodsofcopingwith maliciouscode. We Lhen code testbed (MCT) is based upon both static and dy-summarize the progress which has been made at UC ,amic analysis tools developed at the University of Col-Davis. Finally, we propose the idea of the malicious ,fornia, Davis, which have been shown to be .effective code te.stbed, which combines this previous work into a against certain types of malicious code. The testbed ex-more effective system. te,ds the usefulness of these tools by using them in a complementary fashion to detect more general cases of malicious code. Perhaps more importantly, the MCT allows administrators and security analysts to check a 2 Taxonomy of Malicious Code program before installation, thereby avoiding any damage a malicious program might inflict. Computer security should insure that no unauthorized A'eywords: Detection of Malicious Code, Static Analy-actions are carried out on a computer system. Security sis, Dynamic Analysis. is violated when someone succeeds in retrieving data without authorization, destroying or altering data be
Sequential debuggers are lacking, but little efont is spent researching ways to improve them. Thi... more Sequential debuggers are lacking, but little efont is spent researching ways to improve them. This system, based on h igh-level abstraction, helps redress this shortcoming.
ABSTRACT Dynamically-linked programs in general do not perform as well as statically-linked progr... more ABSTRACT Dynamically-linked programs in general do not perform as well as statically-linked programs. This paper identifies three main areas that account for the performance loss. First, symbols are referenced indirectly and thus extra instructions are required. Second, the overhead in run-time symbol resolution is significant. Third, poor locality of functions in shared libraries and data structures maintained by the run-time linker may result in poor memory utilization. This paper presents new optimization techniques we developed that address these three areas and significantly improve the performance of dynamically-linked programs. Also, we provide measurements of the performance improvement achieved. Most importantly, we show that all desirable features of shared libraries can be achieved without sacrificing performance.
Proceedings of the Usenix 1995 Technical Conference Proceedings, 1995
ABSTRACT Dynamically-linked programs in general do not perform as well as statically-linked progr... more ABSTRACT Dynamically-linked programs in general do not perform as well as statically-linked programs. This paper identifies three main areas that account for the performance loss. First, symbols are referenced indirectly and thus extra instructions are required. Second, the overhead in run-time symbol resolution is significant. Third, poor locality of functions in shared libraries and data structures maintained by the run-time linker may result in poor memory utilization. This paper presents new optimization techniques we developed that address these three areas and significantly improve the performance of dynamically-linked programs. Also, we provide measurements of the performance improvement achieved. Most importantly, we show that all desirable features of shared libraries can be achieved without sacrificing performance.
Uploads
Papers by Wilson Ho