Static analysis of x86 executables (Statische Analyse von Programmen in x86-Maschinensprache)

13 Zusammenfassung (German Abstract) 15

[1]  A. Tarski A LATTICE-THEORETICAL FIXPOINT THEOREM AND ITS APPLICATIONS , 1955 .

[2]  N. S. Barnett,et al.  Private communication , 1969 .

[3]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[4]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[5]  Neil D. Jones,et al.  Flow Analysis of Lambda Expressions (Preliminary Version) , 1981, ICALP.

[6]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[7]  Michael A. Schmitt,et al.  Some Bad News and Some Good News from Articles Three and Four , 1982 .

[8]  Eugene W. Myers,et al.  Efficient applicative data types , 1984, POPL.

[9]  M. F.,et al.  Bibliography , 1985, Experimental Gerontology.

[10]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[11]  Olin Shivers,et al.  Control flow analysis in scheme , 1988, PLDI '88.

[12]  Patrick Cousot,et al.  Abstract Interpretation Frameworks , 1992, J. Log. Comput..

[13]  Scott A. Mahlke,et al.  Profile‐guided automatic inline expansion for C programs , 1992, Softw. Pract. Exp..

[14]  Maurice Bruynooghe,et al.  Improving abstract interpretations by combining domains , 1993, PEPM '93.

[15]  Richard L. Sites,et al.  Binary translation , 1993, CACM.

[16]  Paul D. Franzon,et al.  System-level specification of instruction sets , 1993, Proceedings of 1993 IEEE International Conference on Computer Design ICCD'93.

[17]  Ed Harcourt Jon Mauney Functional Specification and Simulation of Instruction Set Architectures , 1994 .

[18]  Cristina Cifuentes,et al.  Decompilation of binary programs , 1995, Softw. Pract. Exp..

[19]  Seung-Soon Im,et al.  Tool interface standard (TIS) executable and linking format (ELF) specification , 1995 .

[20]  Sang Lyul Min,et al.  An Accurate Worst Case Timing Analysis for RISC Processors , 1995, IEEE Trans. Software Eng..

[21]  Reinhard Wilhelm,et al.  Solving shape-analysis problems in languages with destructive updating , 1998, TOPL.

[22]  Kelly E. Murray,et al.  Under the Hood , 1996, J. Object Oriented Program..

[23]  Shane Sendall,et al.  Specifying the semantics of machine instructions , 1998, Proceedings. 6th International Workshop on Program Comprehension. IWPC'98 (Cat. No.98TB100242).

[24]  Per Stenström,et al.  Integrating Path and Timing Analysis Using Instruction-Level Simulation Techniques , 1998, LCTES.

[25]  Jack W. Davidson,et al.  Machine Descriptions to Build Tools for Embedded Systems , 1998, LCTES.

[26]  John Yates,et al.  FX!32 a profile-directed binary translator , 1998, IEEE Micro.

[27]  Walter Oney,et al.  Programming the Microsoft Windows Driver Model , 1999 .

[28]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[29]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[30]  Cristina Cifuentes,et al.  Recovery of jump table case statements from binary code , 1999, Proceedings Seventh International Workshop on Program Comprehension.

[31]  MorrisettGreg,et al.  From system F to typed assembly language , 1999 .

[32]  Henrik Theiling,et al.  Extracting safe and precise control flow from binaries , 2000, Proceedings Seventh International Conference on Real-Time Computing Systems and Applications.

[33]  Vladimir M. Pentkovski,et al.  Implementing Streaming SIMD Extensions on the Pentium III Processor , 2000, IEEE Micro.

[34]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[35]  Cristina Cifuentes,et al.  UQBT: Adaptive Binary Translation at Low Cost , 2000, Computer.

[36]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[37]  Patrick Cousot,et al.  Abstract Interpretation Based Formal Methods and Future Challenges , 2001, Informatics.

[38]  Henrik Theiling,et al.  Reliable and Precise WCET Determination for a Real-Life Processor , 2001, EMSOFT.

[39]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[40]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[41]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[42]  Daniel Kästner,et al.  Generic control flow reconstruction from assembly code , 2002, LCTES/SCOPES '02.

[43]  Sorin Lerner,et al.  ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[44]  Gregory R. Andrews,et al.  Disassembly of executable code revisited , 2002, Ninth Working Conference on Reverse Engineering, 2002. Proceedings..

[45]  Dawson R. Engler,et al.  ARCHER: using symbolic, path-sensitive analysis to detect memory access errors , 2003, ESEC/FSE-11.

[46]  Somesh Jha,et al.  Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[47]  Daniel Kästner,et al.  Architecture Description Languages for Retargetable Compilation , 2002, The Compiler Design Handbook.

[48]  Saumya K. Debray,et al.  Obfuscation of executable code to improve resistance to static disassembly , 2003, CCS '03.

[49]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI '03.

[50]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[51]  Alan Eustace,et al.  ATOM - A System for Building Customized Program Analysis Tools , 1994, PLDI.

[52]  U. Flegel,et al.  Detection of Intrusions and Malware & Vulnerability Assessment , 2004 .

[53]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[54]  Mike Van Emmerik,et al.  Using a decompiler for real-world source recovery , 2004, 11th Working Conference on Reverse Engineering.

[55]  Halvar Flake,et al.  Structural Comparison of Executable Objects , 2004, DIMVA.

[56]  Mark N. Wegman,et al.  Analysis of pointers and structures , 1990, SIGP.

[57]  Sriram K. Rajamani,et al.  SLAM and Static Driver Verifier: Technology Transfer of Formal Methods inside Microsoft , 2004, IFM.

[58]  Christopher Krügel,et al.  Static Disassembly of Obfuscated Binaries , 2004, USENIX Security Symposium.

[59]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[60]  Thomas W. Reps,et al.  Analyzing Memory Accesses in x86 Executables , 2004, CC.

[61]  Stefan Katzenbeisser,et al.  Detecting Malicious Code by Model Checking , 2005, DIMVA.

[62]  Barton P. Miller,et al.  Practical analysis of stripped binary code , 2005, CARN.

[63]  Zijiang Yang,et al.  F-Soft: Software Verification Platform , 2005, CAV.

[64]  Somesh Jha,et al.  Semantics-aware malware detection , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[65]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[66]  Mihai Christodorescu,et al.  String analysis for x86 binaries , 2005, PASTE '05.

[67]  Koen De Bosschere,et al.  Link-time binary rewriting techniques for program compaction , 2005, TOPL.

[68]  Thomas W. Reps,et al.  CodeSurfer/x86-A Platform for Analyzing x86 Executables , 2005, CC.

[69]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[70]  Brian N. Bershad,et al.  Improving the reliability of commodity operating systems , 2005, TOCS.

[71]  Chi-Hua Chen,et al.  Model Checking x86 Executables with CodeSurfer/x86 and WPDS++ , 2005, CAV.

[72]  Thomas A. Henzinger,et al.  SYNERGY: a new algorithm for property checking , 2006, SIGSOFT '06/FSE-14.

[73]  Sumit Gulwani,et al.  Combining abstract interpreters , 2006, PLDI '06.

[74]  Dawn Song,et al.  Malware Detection (Advances in Information Security) , 2006 .

[75]  Tzi-cker Chiueh,et al.  BIRD: binary interpretation using runtime disassembly , 2006, International Symposium on Code Generation and Optimization (CGO'06).

[76]  Thomas W. Reps,et al.  Recency-Abstraction for Heap-Allocated Storage , 2006, SAS.

[77]  Peter W. O'Hearn,et al.  Beyond Reachability: Shape Abstraction in the Presence of Pointer Arithmetic , 2006, SAS.

[78]  Sriram K. Rajamani,et al.  Thorough static analysis of device drivers , 2006, EuroSys.

[79]  George C. Necula,et al.  Analysis of Low-Level Code Using Cooperating Decompilers , 2006, SAS.

[80]  Giovanni Vigna Static Disassembly and Code Analysis , 2007, Malware Detection.

[81]  Nicholas Nethercote,et al.  Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[82]  Gregory R. Andrews,et al.  PLTO: A Link-Time Optimizer for the Intel IA-32 Architecture , 2007 .

[83]  Somesh Jha,et al.  A semantics-based approach to malware detection , 2007, POPL '07.

[84]  Matthew B. Dwyer,et al.  Formal Software Analysis Emerging Trends in Software Model Checking , 2007, Future of Software Engineering (FOSE '07).

[85]  Christopher Krügel,et al.  Exploring Multiple Execution Paths for Malware Analysis , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[86]  Shuvendu K. Lahiri,et al.  A Reachability Predicate for Analyzing Low-Level Software , 2007, TACAS.

[87]  Stefan Katzenbeisser,et al.  Software transformations to improve malware detection , 2007, Journal in Computer Virology.

[88]  David W. Binkley,et al.  Source Code Analysis: A Road Map , 2007, Future of Software Engineering (FOSE '07).

[89]  Thomas A. Henzinger,et al.  Configurable Software Verification: Concretizing the Convergence of Model Checking and Program Analysis , 2007, CAV.

[90]  Helmut Veith,et al.  Using Verification Technology to Specify and Detect Malware , 2007, EUROCAST.

[91]  Thomas W. Reps,et al.  A Next-Generation Platform for Analyzing Executables , 2005, APLAS.

[92]  Thomas W. Reps,et al.  Low-Level Library Analysis and Summarization , 2007, CAV.

[93]  Hovav Shacham,et al.  The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) , 2007, CCS '07.

[94]  Thomas A. Henzinger,et al.  Program Analysis with Dynamic Precision Adjustment , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[95]  Thomas Ball,et al.  Finding and Reproducing Heisenbugs in Concurrent Programs , 2008, OSDI.

[96]  Manuel Fähndrich,et al.  On the Relative Completeness of Bytecode Analysis Versus Source Code Analysis , 2008, CC.

[97]  Patrice Godefroid,et al.  Automated Whitebox Fuzz Testing , 2008, NDSS.

[98]  Thomas W. Reps,et al.  Improved Memory-Access Analysis for x86 Executables , 2008, CC.

[99]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching Time Temporal Logic , 2008, 25 Years of Model Checking.

[100]  Zhenkai Liang,et al.  BitBlaze: A New Approach to Computer Security via Binary Analysis , 2008, ICISS.

[101]  Thomas W. Reps,et al.  Analyzing Stripped Device-Driver Executables , 2008, TACAS.

[102]  Ralf Huuck,et al.  Some Assembly Required - Program Analysis of Embedded System Code , 2008, 2008 Eighth IEEE International Working Conference on Source Code Analysis and Manipulation.

[103]  Helmut Veith,et al.  Jakstab: A Static Analysis Platform for Binaries , 2008, CAV.

[104]  Hovav Shacham,et al.  When good instructions go bad: generalizing return-oriented programming to RISC , 2008, CCS.

[105]  Eran Yahav,et al.  Generating precise and concise procedure summaries , 2008, POPL '08.

[106]  Barton P. Miller,et al.  Learning to Analyze Binary Computer Code , 2008, AAAI.

[107]  Wolfram Schulte,et al.  Vx86: x86 Assembler Simulated in C Powered by Automated Theorem Proving , 2008, AMAST.

[108]  Thomas W. Reps,et al.  A System for Generating Static Analyzers for Machine Instructions , 2008, CC.

[109]  Christopher Krügel,et al.  Effective and Efficient Malware Detection at the End Host , 2009, USENIX Security Symposium.

[110]  Gilles Dowek,et al.  Principles of programming languages , 1981, Prentice Hall International Series in Computer Science.

[111]  Thomas Dullien,et al.  REIL: A platform-independent intermediate representation of disassembled code for static code analysis , 2009 .

[112]  Helmut Veith,et al.  An Abstract Interpretation-Based Framework for Control Flow Reconstruction from Binaries , 2008, VMCAI.

[113]  Thomas W. Reps,et al.  Symbolic analysis via semantic reinterpretation , 2009, International Journal on Software Tools for Technology Transfer.

[114]  Sriram K. Rajamani,et al.  Compositional may-must program analysis: unleashing the power of alternation , 2010, POPL '10.

[115]  Sagar Chaki,et al.  Software model checking without source code , 2010, Innovations in Systems and Software Engineering.

[116]  Michael Eichberg,et al.  Model-Driven Engineering of Machine Executable Code , 2010, ECMFA.

[117]  D. Engler,et al.  A few billion lines of code later , 2010, Commun. ACM.

[118]  Thomas W. Reps,et al.  Directed Proof Generation for Machine Code , 2010, CAV.

[119]  Stefan Katzenbeisser,et al.  Proactive Detection of Computer Worms Using Model Checking , 2010, IEEE Transactions on Dependable and Secure Computing.

[120]  Patrice Godefroid,et al.  Proving memory safety of floating-point computations by combining static and dynamic program analysis , 2010, ISSTA '10.

[121]  Thomas W. Reps,et al.  WYSINWYX: What you see is not what you eXecute , 2005, TOPL.

[122]  Sebastian Altmeyer,et al.  Static Timing Analysis for Hard Real-Time Systems , 2010, VMCAI.

[123]  Helmut Veith,et al.  Precise static analysis of untrusted driver binaries , 2010, Formal Methods in Computer Aided Design.

[124]  Robert J. Simmons,et al.  Proofs from Tests , 2008, IEEE Transactions on Software Engineering.

[125]  Vasanth Bala,et al.  Dynamo: a transparent dynamic optimization system , 2000, SIGP.