TY - GEN
T1 - SOK
T2 - 2016 IEEE Symposium on Security and Privacy, SP 2016
AU - Shoshitaishvili, Yan
AU - Wang, Ruoyu
AU - Salls, Christopher
AU - Stephens, Nick
AU - Polino, Mario
AU - Dutcher, Andrew
AU - Grosen, John
AU - Feng, Siji
AU - Hauser, Christophe
AU - Kruegel, Christopher
AU - Vigna, Giovanni
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/8/16
Y1 - 2016/8/16
N2 - Finding and exploiting vulnerabilities in binary code is a challenging task. The lack of high-level, semantically rich information about data structures and control constructs makes the analysis of program properties harder to scale. However, the importance of binary analysis is on the rise. In many situations binary analysis is the only possible way to prove (or disprove) properties about the code that is actually executed. In this paper, we present a binary analysis framework that implements a number of analysis techniques that have been proposed in the past. We present a systematized implementation of these techniques, which allows other researchers to compose them and develop new approaches. In addition, the implementation of these techniques in a unifying framework allows for the direct comparison of these apporaches and the identification of their advantages and disadvantages. The evaluation included in this paper is performed using a recent dataset created by DARPA for evaluating the effectiveness of binary vulnerability analysis techniques. Our framework has been open-sourced and is available to the security community.
AB - Finding and exploiting vulnerabilities in binary code is a challenging task. The lack of high-level, semantically rich information about data structures and control constructs makes the analysis of program properties harder to scale. However, the importance of binary analysis is on the rise. In many situations binary analysis is the only possible way to prove (or disprove) properties about the code that is actually executed. In this paper, we present a binary analysis framework that implements a number of analysis techniques that have been proposed in the past. We present a systematized implementation of these techniques, which allows other researchers to compose them and develop new approaches. In addition, the implementation of these techniques in a unifying framework allows for the direct comparison of these apporaches and the identification of their advantages and disadvantages. The evaluation included in this paper is performed using a recent dataset created by DARPA for evaluating the effectiveness of binary vulnerability analysis techniques. Our framework has been open-sourced and is available to the security community.
KW - attacks and defenses
KW - security architectures
KW - system security
UR - http://www.scopus.com/inward/record.url?scp=84987622050&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84987622050&partnerID=8YFLogxK
U2 - 10.1109/SP.2016.17
DO - 10.1109/SP.2016.17
M3 - Conference contribution
AN - SCOPUS:84987622050
T3 - Proceedings - 2016 IEEE Symposium on Security and Privacy, SP 2016
SP - 138
EP - 157
BT - Proceedings - 2016 IEEE Symposium on Security and Privacy, SP 2016
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 23 May 2016 through 25 May 2016
ER -