Accurate Recovery of Functions in COTS Binaries

Dates: 
Tuesday, July 19, 2016 - 14:00 to 16:00
Location: 
Room 220, New CS

Rui Qiao will present his thesis proposal at 2pm in New CS Rm 220.
All are welcome!

Title: Accurate Recovery of Functions in COTS Binaries

Abstract:
Binary analysis and instrumentation play a central role in COTS
software security. They can be used to detect and prevent
vulnerabilities, mitigate exploits, enforce security policies,
and so on.

Many security instrumentations work at the granularity of functions.
However, unlike high-level languages, functions in binaries are
not clearly demarcated. To complicate matters further,
functions in binaries may have multiple entry points and/or
exit points. Many functions are reachable only through indirect
control transfers, while some may be altogether unreachable.
In the first half of this proposal, we present an approach that
overcomes these challenges to accurately identify function
boundaries, as well as calls and returns. Our approach is based
on fine-grained static analysis, relying on precise models of
instruction set semantics derived in part from our previous work.

In the second part of the work, we expand our investigation to
recover the next crucial piece of information that is lost in
high-level language to binary translation: the types and numbers
of function parameters. We propose an approach that combines
fine-grained binary analysis and type inference to address this
problem. We will evaluate this technique by applying it to
enforce fine-grained control-flow integrity policies.

Computed Event Type: 
Mis
Event Title: 
Accurate Recovery of Functions in COTS Binaries