David Syman - Academia.edu (original) (raw)
Papers by David Syman
Dynamic Syntax Tree: Implementation Results-2012, 2012
In our earlier research[1], we described the Dynamic Syntax Tree method implementation for enhanc... more In our earlier research[1], we described the Dynamic Syntax Tree method implementation for enhancing the Static Analysis process. After 10+ years of experience, we collected the significant results presented in this paper Keywords-dynamic syntax tree, dynamic analysis , static code analysis, abstract syntax tree, parser, semantic I.
Dynamic Syntax Tree: Optimized Binary Sandboxing, 2014
Dynamic Syntax Tree (DST) implementations [1] use Binary Sandboxing for enhancing the Static Anal... more Dynamic Syntax Tree (DST) implementations [1] use Binary Sandboxing for enhancing the Static Analysis process. In this paper we present a new Dynamic Binary analysis method for collecting information on ELF, PE and Mach-O executables and dynamic libraries. This information will enrich DST contents during application scanning Keywords-dynamic syntax tree, binary analysis, sandbox, dynamic analysis , static code analysis, abstract syntax tree, parser I.
Dynamic Syntax Tree: Implementation Results, 2016
Updated Results of a Dynamic Syntax Tree method implementation for enhancing the Static Analysis ... more Updated Results of a Dynamic Syntax Tree method implementation for enhancing the Static Analysis process. We collected the most significant results of latest 4 year, presented in this paper Keywords-dynamic syntax tree, dynamic analysis , static code analysis, abstract syntax tree, parser, semantic I.
Firmware Analysis using a Bootloader Agent, 2020
IoT products are developed with ease of use and connectivity in mind. They may be secure at the t... more IoT products are developed with ease of use and connectivity in mind. They may be secure at the time of purchase but become vulnerable when hackers find new security issues or bugs. For this reason, IoT Firmware is becoming more and more encrypted. Unique part that cannot be encrypted is the Bootloader. It loads the kernel of the operating system. In this paper we present a way to analyze encrypted Firmware images, replacing their Bootloader during emulation.
–Dynamic Syntax Tree (DST) implementations use Binary Sandboxing for enhancing the Static Analysi... more –Dynamic Syntax Tree (DST) implementations use Binary Sandboxing for enhancing the Static Analysis process. In this paper we present a new Dynamic Binary analysis method for collecting information on ELF, PE and Mach-O executables and dynamic libraries. This information will enrich DST contents during application scanning
–In our earlier research[1], we described the Dynamic Syntax Tree method implementation for enhan... more –In our earlier research[1], we described the Dynamic Syntax Tree method implementation for enhancing the Static Analysis process. After 10+ years of experience, we collected the significant results presented in this paper
–Updated Results of a Dynamic Syntax Tree method implementation for enhancing the Static Analysis... more –Updated Results of a Dynamic Syntax Tree method implementation for enhancing the Static Analysis process. We collected the most significant results of latest 4 year, presented in this paper
–Most of Static Analysis tools are nowadays based on Abstract Syntax or Concrete (aka Parser) Tre... more –Most of Static Analysis tools are nowadays based on Abstract Syntax or Concrete (aka Parser) Trees. For analyzing applications written in modern programming languages, were types and objects are dynamically created, those tools cannot provide accurate analysis results because they are designed for static programming languages only. Moreover described is the new Dynamic Syntax Trees-based method for enhancing the Static Analysis process.
–In our earlier research [1] on area of Static Analysis of applications written using modern lang... more –In our earlier research [1] on area of Static Analysis of applications written using modern languages, we discussed about lack of accurate analysis of algorithms based on Abstract Syntax and Concrete (CST, aka Parser) Trees. Moreover described is the Dynamic Syntax Tree method implementation for enhancing the Static Analysis process.
–New generation Web Application Firewalls (ngWAF), new Dynamic Analysis (modern DAST products) RA... more –New generation Web Application Firewalls (ngWAF), new Dynamic Analysis (modern DAST products) RASP and DevOps fever are making Static Analysis (SAST) techniques useless? No, Absolutely not. But commercial Static Analysis vendors have to think different if they want their products to survive. Software solutions performing automatic code analysis are still very important, especially for remediation assistance capabilities or for extracting semantic metadata. These methods gather syntactic information from the source code and/or binaries, and then in general they provide large set of implying semantics. With the increased focus on dynamic techniques for vulnerabilities detection and prevention the problem emerges – modern programming languages are dynamic and the whole code semantic is known only at runtime and the analysis has to estimate larger relations. Moreover described is a new algorithm for better contrasting the jeopardize of dynamic analysis techniques.
Dynamic Syntax Tree: Implementation Results-2012, 2012
In our earlier research[1], we described the Dynamic Syntax Tree method implementation for enhanc... more In our earlier research[1], we described the Dynamic Syntax Tree method implementation for enhancing the Static Analysis process. After 10+ years of experience, we collected the significant results presented in this paper Keywords-dynamic syntax tree, dynamic analysis , static code analysis, abstract syntax tree, parser, semantic I.
Dynamic Syntax Tree: Optimized Binary Sandboxing, 2014
Dynamic Syntax Tree (DST) implementations [1] use Binary Sandboxing for enhancing the Static Anal... more Dynamic Syntax Tree (DST) implementations [1] use Binary Sandboxing for enhancing the Static Analysis process. In this paper we present a new Dynamic Binary analysis method for collecting information on ELF, PE and Mach-O executables and dynamic libraries. This information will enrich DST contents during application scanning Keywords-dynamic syntax tree, binary analysis, sandbox, dynamic analysis , static code analysis, abstract syntax tree, parser I.
Dynamic Syntax Tree: Implementation Results, 2016
Updated Results of a Dynamic Syntax Tree method implementation for enhancing the Static Analysis ... more Updated Results of a Dynamic Syntax Tree method implementation for enhancing the Static Analysis process. We collected the most significant results of latest 4 year, presented in this paper Keywords-dynamic syntax tree, dynamic analysis , static code analysis, abstract syntax tree, parser, semantic I.
Firmware Analysis using a Bootloader Agent, 2020
IoT products are developed with ease of use and connectivity in mind. They may be secure at the t... more IoT products are developed with ease of use and connectivity in mind. They may be secure at the time of purchase but become vulnerable when hackers find new security issues or bugs. For this reason, IoT Firmware is becoming more and more encrypted. Unique part that cannot be encrypted is the Bootloader. It loads the kernel of the operating system. In this paper we present a way to analyze encrypted Firmware images, replacing their Bootloader during emulation.
–Dynamic Syntax Tree (DST) implementations use Binary Sandboxing for enhancing the Static Analysi... more –Dynamic Syntax Tree (DST) implementations use Binary Sandboxing for enhancing the Static Analysis process. In this paper we present a new Dynamic Binary analysis method for collecting information on ELF, PE and Mach-O executables and dynamic libraries. This information will enrich DST contents during application scanning
–In our earlier research[1], we described the Dynamic Syntax Tree method implementation for enhan... more –In our earlier research[1], we described the Dynamic Syntax Tree method implementation for enhancing the Static Analysis process. After 10+ years of experience, we collected the significant results presented in this paper
–Updated Results of a Dynamic Syntax Tree method implementation for enhancing the Static Analysis... more –Updated Results of a Dynamic Syntax Tree method implementation for enhancing the Static Analysis process. We collected the most significant results of latest 4 year, presented in this paper
–Most of Static Analysis tools are nowadays based on Abstract Syntax or Concrete (aka Parser) Tre... more –Most of Static Analysis tools are nowadays based on Abstract Syntax or Concrete (aka Parser) Trees. For analyzing applications written in modern programming languages, were types and objects are dynamically created, those tools cannot provide accurate analysis results because they are designed for static programming languages only. Moreover described is the new Dynamic Syntax Trees-based method for enhancing the Static Analysis process.
–In our earlier research [1] on area of Static Analysis of applications written using modern lang... more –In our earlier research [1] on area of Static Analysis of applications written using modern languages, we discussed about lack of accurate analysis of algorithms based on Abstract Syntax and Concrete (CST, aka Parser) Trees. Moreover described is the Dynamic Syntax Tree method implementation for enhancing the Static Analysis process.
–New generation Web Application Firewalls (ngWAF), new Dynamic Analysis (modern DAST products) RA... more –New generation Web Application Firewalls (ngWAF), new Dynamic Analysis (modern DAST products) RASP and DevOps fever are making Static Analysis (SAST) techniques useless? No, Absolutely not. But commercial Static Analysis vendors have to think different if they want their products to survive. Software solutions performing automatic code analysis are still very important, especially for remediation assistance capabilities or for extracting semantic metadata. These methods gather syntactic information from the source code and/or binaries, and then in general they provide large set of implying semantics. With the increased focus on dynamic techniques for vulnerabilities detection and prevention the problem emerges – modern programming languages are dynamic and the whole code semantic is known only at runtime and the analysis has to estimate larger relations. Moreover described is a new algorithm for better contrasting the jeopardize of dynamic analysis techniques.