Argos and its applications
Argos is a full system emulator capable of automatically protecting any operating system and its processes without modification. System-wide protection is guaranteed by a combination of full system dynamic taint propagation and predefined taint policies, which allow for arbitrarily control flow and code execution attack detection. During and after an attack, Argos is capable of logging a detailed footprint of the attack. Such a footprint allows for automatic remedy generation, as well as automatic forensic analysis of the attack. Both the detection and logging of detailed information makes Argos a powerful analysis tool for creating, among others, sophisticated (client-side) honeypots. In this presentation I will discuss Argos and its application as both a client-side honeypot capable of analyzing injected shell-code and an (semi-) automatic malware recovery system.
I'm a Phd student at the VU University Amsterdam. My research interest include most aspects of system security, but my research is currently more focused towards reverse engineering techniques for stripped binaries.