EEL: machine-independent executable editing
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
Embra: fast and flexible machine simulation
Proceedings of the 1996 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Dynamo: a transparent dynamic optimization system
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Undocumented Windows NT
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
Recovery of Jump Table Case Statements from Binary Code
IWPC '99 Proceedings of the 7th International Workshop on Program Comprehension
Disassembly of Executable Code Revisited
WCRE '02 Proceedings of the Ninth Working Conference on Reverse Engineering (WCRE'02)
Strata: A Software Dynamic Translation Infrastructure
Strata: A Software Dynamic Translation Infrastructure
Low-overhead Software Dynamic Translation
Low-overhead Software Dynamic Translation
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
ATOM: a system for building customized program analysis tools
ACM SIGPLAN Notices - Best of PLDI 1979-1999
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
An API for Runtime Code Patching
International Journal of High Performance Computing Applications
Static disassembly of obfuscated binaries
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Renovo: a hidden code extractor for packed executables
Proceedings of the 2007 ACM workshop on Recurring malcode
Efficient fine-grained binary instrumentationwith applications to taint-tracking
Proceedings of the 6th annual IEEE/ACM international symposium on Code generation and optimization
On the Limits of Information Flow Techniques for Malware Analysis and Containment
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A Study of the Packer Problem and Its Solutions
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Reconstructing a Packed DLL Binary for Static Analysis
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Application security code analysis: a step towards software assurance
International Journal of Information and Computer Security
Efficient and Automatic Instrumentation for Packed Binaries
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Hybrid analysis and control of malware
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Efficient, sensitivity resistant binary instrumentation
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Anywhere, any-time binary instrumentation
Proceedings of the 10th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools
Alternating control flow reconstruction
VMCAI'12 Proceedings of the 13th international conference on Verification, Model Checking, and Abstract Interpretation
Scalable variable and data type detection in a binary rewriter
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Binary-code obfuscations in prevalent packer tools
ACM Computing Surveys (CSUR)
A platform for secure static binary instrumentation
Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Hi-index | 0.01 |
The majority of security vulnerabilities published in the literature are due to software bugs. Many researchers have developed program transformation and analysis techniques to automatically detect or eliminate such vulnerabilities. So far, most of them cannot be applied to commercially distributed applications on the Windows/x86 platform, because it is almost impossible to disassemble a binary file with 100% accuracy and coverage on that platform. This paper presents the design, implementation, and evaluation of a binary analysis and instrumentation infrastructure for the Windows/x86 platform called BIRD (Binary Interpretation using Runtime Disassembly), which provides two services to developers of security-enhancing program transformation tools: converting binary code into assembly language instructions for further analysis, and inserting instrumentation code at specific places of a given binary without affecting its execution semantics. Instead of requiring a high-fidelity instruction set architectural emulator, BIRD combines static disassembly with an on-demand dynamic disassembly approach to guarantee that each instruction in a binary file is analyzed or transformed before it is executed. It takes 12 student months to develop the first BIRD prototype, which can successfully work for all applications in Microsoft Office suite as well as Internet Explorer and IIS web server, including all DLLs that they use. Moreover, the additional throughput penalty of the BIRD prototype on production server applications such as Apache, IIS, and BIND is uniformly below 4%.