Preservation of Proof Obligations from Java to the Java Virtual Machine
IJCAR '08 Proceedings of the 4th international joint conference on Automated Reasoning
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
A static API birthmark for Windows binary executables
Journal of Systems and Software
Untangling Reverse Engineering with Logic and Abstraction
ICLP '09 Proceedings of the 25th International Conference on Logic Programming
Context-sensitive analysis of obfuscated x86 executables
Proceedings of the 2010 ACM SIGPLAN workshop on Partial evaluation and program manipulation
WYSINWYX: What you see is not what you eXecute
ACM Transactions on Programming Languages and Systems (TOPLAS)
Program analysis using weighted pushdown systems
FSTTCS'07 Proceedings of the 27th international conference on Foundations of software technology and theoretical computer science
The advantages of post-link code coverage
HVC'07 Proceedings of the 3rd international Haifa verification conference on Hardware and software: verification and testing
Improved memory-access analysis for x86 executables
CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
A system for generating static analyzers for machine instructions
CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
Analyzing stripped device-driver executables
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Decompiling high-level control structures with propositions
IITA'09 Proceedings of the 3rd international conference on Intelligent information technology application
Automatic abstraction for intervals using Boolean formulae
SAS'10 Proceedings of the 17th international conference on Static analysis
Interprocedural control flow reconstruction
APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
BAP: a binary analysis platform
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
There's plenty of room at the bottom: analyzing and verifying machine code
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
TSL: A System for Generating Abstract Interpreters and its Application to Machine-Code Analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
Abstract interpretation of microcontroller code: Intervals meet congruences
Science of Computer Programming
SEC'13 Proceedings of the 22nd USENIX conference on Security
| Hi-index | 0.00 |
There is an increasing need for tools to help programmers and security analysts understand executables. For instance, commercial companies and the military increasingly use Commercial Off The Shelf (COTS) components to reduce the cost of software development. They are interested in ensuring that COTS components do not perform malicious actions (or can be forced to perform malicious actions). Viruses and worms have become ubiquitous. A tool that aids in understanding their behavior can ensure early dissemination of signatures, and thereby control the extent of damage caused by them. In both domains, the questions that need to be answered cannot be answered perfectly—the problems are undecidable—but static analysis provides a way to answer them conservatively. In recent years, there has been a considerable amount of research activity to develop analysis tools to find bugs and security vulnerabilities. However, most of the effort has been on analysis of source code, and the issue of analyzing executables has largely been ignored. In the security context, this is particularly unfortunate, because performing analysis on the source code can fail to detect certain vulnerabilities due to the WYSINWYX phenomenon: "What You See Is Not What You eXecute". That is, there can be a mismatch between what a programmer intends and what is actually executed on the processor. Even though the advantages of analyzing executables are appreciated and well-understood, there is a dearth of tools that work on executables directly. The overall goal of our work is to develop algorithms for analyzing executables, and to explore their applications in the context of program understanding and automated bug hunting. Unlike existing tools, we want to provide useful information about memory accesses, even in the absence of debugging information. Specifically, the dissertation focuses on the following aspects of the problem: (1) Developing algorithms to extract intermediate representations (IR) from executables that are similar to the IR that would be obtained if we had started from source code. (2) Using the recovered IR to develop tools for program understanding and for finding bugs and security vulnerabilities.