Computer security analysis through decompilation and high-level debugging

The extensive use of computers and networks worldwide has raised the awareness of the need for tools and techniques to aid in computer security analysis of binary code, such as the understanding of viruses, trojans, worms, backdoors and general security flaws, in order to provide immediate solutions with or without the aid of software vendors. The paper is a proposal for a high-level debugging tool to be used by computer security experts, which will reduce the amount of time needed to solve security-related problems in executable programs. The current state of the art involves the tracing of thousands of lines of assembly code using a standard debugger. A high-level debugger would be capable of displaying a high-level representation of an executable program in the C language, hence reducing the number of lines that need to be inspected by an order of magnitude (i.e. hundreds instead of thousands of lines). Effectively, these techniques will help in reducing the amount of time needed to trace a security flaw in an executable program, as well as reducing the costs of acquiring or training skilled assembler engineers.

[1]  Liu Zongtian,et al.  Design and Implementation Techniques of the 8086 C Decompiling System , 1995 .

[2]  Maurice H. Halstead Machine-independence and third-generation computers , 1967, AFIPS '67 (Fall).

[3]  Shane Sendall,et al.  Specifying the semantics of machine instructions , 1998, Proceedings. 6th International Workshop on Program Comprehension. IWPC'98 (Cat. No.98TB100242).

[4]  Mike Van,et al.  UQBT: Adaptable Binary Translation at Low Cost , 2000 .

[5]  Alan Mycroft,et al.  Type-Based Decompilation (or Program Reconstruction via Type Reconstruction) , 1999, ESOP.

[6]  Cristina Cifuentes,et al.  Decompilation of binary programs , 1995, Softw. Pract. Exp..

[7]  Doug Simon,et al.  Procedure abstraction recovery from binary code , 2000, Proceedings of the Fourth European Conference on Software Maintenance and Reengineering.

[8]  M. Halstead Machine-independent computer programming , 1962 .

[9]  Richard M. Stallman Using and porting gnu cc (version 2 , 1992 .

[10]  Cristina Cifuentes,et al.  Interprocedural data flow decompilation , 1996, J. Program. Lang..

[11]  Cristina Cifuentes,et al.  Structuring Decompiled Graphs , 1996, CC.

[12]  Norman Ramsey,et al.  The design of a resourceable and retargetable binary translator , 1999, Sixth Working Conference on Reverse Engineering (Cat. No.PR00303).

[13]  Norman Ramsey,et al.  Specifying representations of machine instructions , 1997, TOPL.

[14]  Manuel E. Benitez,et al.  A portable global optimizer and linker , 1988, PLDI '88.