Date of Award
Spring 5-2016
Degree Type
Thesis
Degree Name
M.S.
Degree Program
Computer Science
Department
Computer Science
Major Professor
Richard, Golden
Second Advisor
Roussev, Vassil
Third Advisor
Ahmed, Irfan
Abstract
Memory forensics is increasingly used to detect and analyze sophisticated malware. In the last decade, major advances in memory forensics have made analysis of kernel-level malware straightforward. Kernel-level malware has been favored by attackers because it essentially provides complete control over a machine. This has changed recently as operating systems vendors now routinely enforce driving signing and strategies for protecting kernel data, such as Patch Guard, have made userland attacks much more attractive to malware authors.
In this thesis, new techniques for detecting userland malware written in Objective-C on Mac OS X are presented. As the thesis illustrates, Objective-C provides a rich set of APIs that malware uses to manipulate and steal data and to perform other malicious activities. The novel memory forensics techniques presented in this thesis deeply examine the state of the Objective-C runtime, identifying a number of suspicious activities, from keystroke logging to pointer swizzling.
Recommended Citation
Case, Andrew, "Detecting Objective-C Malware through Memory Forensics" (2016). University of New Orleans Theses and Dissertations. 2132.
https://scholarworks.uno.edu/td/2132
Rights
The University of New Orleans and its agents retain the non-exclusive license to archive and make accessible this dissertation or thesis in whole or in part in all forms of media, now or hereafter known. The author retains all other ownership rights to the copyright of the thesis or dissertation.