Context-sensitive interprocedural points-to analysis in the presence of function pointers
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
EEL: machine-independent executable editing
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
Precise interprocedural dataflow analysis with applications to constant propagation
TAPSOFT '95 Selected papers from the 6th international joint conference on Theory and practice of software development
Interprocedural dataflow analysis in an executable optimizer
Proceedings of the ACM SIGPLAN 1997 conference on Programming language design and implementation
Alias analysis of executable code
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Data Dependence Analysis of Assembly Code
International Journal of Parallel Programming - Special issue on instruction-level parallelism and parallelizing compilation, part 2
Communications of the ACM
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Systematic design of program analysis frameworks
POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Watermarking, tamper-proffing, and obfuscation: tools for software protection
IEEE Transactions on Software Engineering
Intraprocedural Static Slicing of Binary Executables
ICSM '97 Proceedings of the International Conference on Software Maintenance
Static Analysis of Binary Code to Isolate Malicious Behaviors
WETICE '99 Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Assembly to High-Level Language Translation
ICSM '98 Proceedings of the International Conference on Software Maintenance
Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
Cloning-based context-sensitive pointer alias analysis using binary decision diagrams
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Symbolic pointer analysis revisited
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Abstracting Stack to Detect Obfuscated Calls in Binaries
SCAM '04 Proceedings of the Source Code Analysis and Manipulation, Fourth IEEE International Workshop
Practical and Accurate Low-Level Pointer Analysis
Proceedings of the international symposium on Code generation and optimization
Towards scalable flow and context sensitive pointer analysis
Proceedings of the 42nd annual Design Automation Conference
A Method for Detecting Obfuscated Calls in Malicious Binaries
IEEE Transactions on Software Engineering
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Intermediate-representation recovery from low-level code
Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Weighted pushdown systems and their application to interprocedural dataflow analysis
Science of Computer Programming - Special issue: Static analysis symposium (SAS 2003)
Normalizing Metamorphic Malware Using Term Rewriting
SCAM '06 Proceedings of the Sixth IEEE International Workshop on Source Code Analysis and Manipulation
A semantics-based approach to malware detection
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Hiding Information in Completeness Holes: New Perspectives in Code Obfuscation and Watermarking
SEFM '08 Proceedings of the 2008 Sixth IEEE International Conference on Software Engineering and Formal Methods
An Abstract Interpretation-Based Framework for Control Flow Reconstruction from Binaries
VMCAI '09 Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation
Data Flow Analysis: Theory and Practice
Data Flow Analysis: Theory and Practice
Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection
Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection
Semantics-based code obfuscation by abstract interpretation
Journal of Computer Security
Automatic Static Unpacking of Malware Binaries
WCRE '09 Proceedings of the 2009 16th Working Conference on Reverse Engineering
WYSINWYX: What you see is not what you eXecute
ACM Transactions on Programming Languages and Systems (TOPLAS)
Improved memory-access analysis for x86 executables
CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
Modelling metamorphism by abstract interpretation
SAS'10 Proceedings of the 17th international conference on Static analysis
Improving pushdown system model checking
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
There's plenty of room at the bottom: analyzing and verifying machine code
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Directed proof generation for machine code
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Analyzing memory accesses in obfuscated x86 executables
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Opaque predicates detection by abstract interpretation
AMAST'06 Proceedings of the 11th international conference on Algebraic Methodology and Software Technology
Context-Sensitive points-to analysis: is it worth it?
CC'06 Proceedings of the 15th international conference on Compiler Construction
| Hi-index | 0.00 |
Since Sharir and Pnueli, algorithms for context-sensitivity have been defined in terms of `valid' paths in an interprocedural flow graph. The definition of valid paths requires atomic call and ret statements, and encapsulated procedures. Thus, the resulting algorithms are not directly applicable when behavior similar to call and ret instructions may be realized using non-atomic statements, or when procedures do not have rigid boundaries, such as with programs in low level languages like assembly or RTL.We present a framework for context-sensitive analysis that requires neither atomic call and ret instructions, nor encapsulated procedures. The framework presented decouples the transfer of control semantics and the context manipulation semantics of statements. A new definition of context-sensitivity, called stack contexts, is developed. A stack context, which is defined using trace semantics, is more general than Sharir and Pnueli's interprocedural path based calling-context. An abstract interpretation based framework is developed to reason about stack-contexts and to derive analogues of calling-context based algorithms using stack-context.The framework presented is suitable for deriving algorithms for analyzing binary programs, such as malware, that employ obfuscations with the deliberate intent of defeating automated analysis. The framework is used to create a context-sensitive version of Venable et al.'s algorithm for analyzing x86 binaries without requiring that a binary conforms to a standard compilation model for maintaining procedures, calls, and returns. Experimental results show that a context-sensitive analysis using stack-context performs just as well for programs where the use of Sharir and Pnueli's calling-context produces correct approximations. However, if those programs are transformed to use call obfuscations, a context-sensitive analysis using stack-context still provides the same, correct results and without any additional overhead.