Dynamic Analysis and Debugging of Binary Code for Security Applications

Dynamic analysis techniques have made a significant impact in security practice, e.g. by automating some of the most tedious processes in detecting vulnerabilities. However, a significant gap remains between existing software tools and what many security applications demand. In this paper, we present our work on developing a cross-platform interactive analysis tool, which leverages techniques such as symbolic execution and taint tracking to analyze binary code on a range of platforms. The tool builds upon IDA, a popular reverse engineering platform, and provides a unified analysis engine to handle various instruction sets and operating systems. We have evaluated the tool on a set of real-world applications and shown that it can help identify the root causes of security vulnerabilities quickly.

[1]  Zhenkai Liang,et al.  BitBlaze: A New Approach to Computer Security via Binary Analysis , 2008, ICISS.

[2]  R. Sekar An Efficient Black-box Technique for Defeating Web Application Attacks , 2009, NDSS.

[3]  Aarti Gupta,et al.  DTAM: dynamic taint analysis of multi-threaded programs for relevancy , 2012, SIGSOFT FSE.

[4]  Thomas Dullien,et al.  REIL: A platform-independent intermediate representation of disassembled code for static code analysis , 2009 .

[5]  Alessandro Orso,et al.  Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.

[6]  Sanjay Bhansali,et al.  Framework for instruction-level tracing and analysis of program executions , 2006, VEE '06.

[7]  George Candea,et al.  The S2E Platform: Design, Implementation, and Applications , 2012, TOCS.

[8]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX ATC, FREENIX Track.

[9]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[10]  Patrice Godefroid,et al.  Automated Whitebox Fuzz Testing , 2008, NDSS.

[11]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[12]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[13]  Chao Wang,et al.  Symbolic predictive analysis for concurrent programs , 2009, Formal Aspects of Computing.

[14]  Chris Eagle,et al.  The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler , 2008 .

[15]  Sean Heelan sean. heelan,et al.  Augmenting vulnerability analysis of binary code , 2012, ACSAC '12.

[16]  Chao Wang,et al.  Predicting Concurrency Failures in the Generalized Execution Traces of x86 Executables , 2011, RV.

[17]  Nicholas Nethercote,et al.  Valgrind: A Program Supervision Framework , 2003, RV@CAV.

[18]  Vern Paxson,et al.  A Survey of Support For Implementing Debuggers , 2005 .

[19]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[20]  Herbert Bos,et al.  Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation , 2006, EuroSys.

[21]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[22]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[23]  R. Sekar,et al.  Online Signature Generation for Windows Systems , 2009, 2009 Annual Computer Security Applications Conference.

[24]  Miguel Castro,et al.  Vigilante: end-to-end containment of internet worms , 2005, SOSP '05.