Software Security through Binary Analysis

The project "Software Security through Binary Analysis" aims to advance the state-of-the-art in binary analysis to improve software security. Binary analysis is the analysis of the machine code representation of an executable software program with the aim of understanding its design, functionality, and operations. The task of binary analysis is to identify and extract certain properties of interest. Based on these properties, it is possible to make statements about the program`s run-time behavior. Binary analysis is an approach with a wide range of security-relevant applications. Application areas include the detection of malware (i.e., malicious programs such as viruses and worms), rootkits (i.e., tools used by an intruder to hide from the system administrator) and Trojan horses. In addition, binary analysis can be used to analyze more general security properties such as the presence of buffer overflow or race condition vulnerabilities. An important advantage of binary analysis is that it can be used transparently on executable code. Thus, no access to source code is required. This allows one to perform analysis in cases where source code is not available or where the vulnerability is not visible in source code. However, working on machine code presents major research challenges. These challenges include the design of a robust disassembler in case of variable length machine instructions, a mix of code instructions with data elements, obfuscation and binary encryption. In addition, the lack of type information and higher-level semantic structures (e.g., loops) complicates the analysis. In this project, we propose to develop a solid theoretical foundation to formalize the semantics of machine code. Based on this semantic specification, we will develop techniques and algorithms to reliably disassemble hostile binaries, and to semantically analyze machine instructions. The theoretical concepts will be implemented and verified in a tool that is based on a virtual execution environment. This virtual environment enables us to combine static and dynamic analysis.

The project "Software Security through Binary Analysis" aims to advance the state-of-the-art in binary analysis to improve software security. Binary analysis is the analysis of the machine code representation of an executable software program with the aim of understanding its design, functionality, and operations. The task of binary analysis is to identify and extract certain properties of interest. Based on these properties, it is possible to make statements about the program`s run-time behavior. Binary analysis is an approach with a wide range of security-relevant applications. Application areas include the detection of malware (i.e., malicious programs such as viruses and worms), rootkits (i.e., tools used by an intruder to hide from the system administrator) and Trojan horses. In addition, binary analysis can be used to analyze more general security properties such as the presence of buffer overflow or race condition vulnerabilities. An important advantage of binary analysis is that it can be used transparently on executable code. Thus, no access to source code is required. This allows one to perform analysis in cases where source code is not available or where the vulnerability is not visible in source code. However, working on machine code presents major research challenges. These challenges include the design of a robust disassembler in case of variable length machine instructions, a mix of code instructions with data elements, obfuscation and binary encryption. In addition, the lack of type information and higher-level semantic structures (e.g., loops) complicates the analysis. In this project, we propose to develop a solid theoretical foundation to formalize the semantics of machine code. Based on this semantic specification, we will develop techniques and algorithms to reliably disassemble hostile binaries, and to semantically analyze machine instructions. The theoretical concepts will be implemented and verified in a tool that is based on a virtual execution environment. This virtual environment enables us to combine static and dynamic analysis.