Deductive Binary Code Verification Against Source-Code-Level Specifications

A system for synthesizing abstraction-enabled simulators for binary code verification

International Symposium on Industrial Embedded System (SIES) ◽

10.1109/sies.2010.5551382 ◽

2010 ◽

Author(s):

Dominique Guckel ◽

Jorg Brauer ◽

Stefan Kowalewski

Keyword(s):

Binary Code ◽

Code Verification

Download Full-text

Applying source-code verification to a microkernel

10.1145/1133373.1133405 ◽

2002 ◽

Cited By ~ 11

Author(s):

Michael Hohmuth ◽

Hendrik Tews ◽

Shane G. Stephens

Keyword(s):

Source Code ◽

Code Verification ◽

Source Code Verification

Download Full-text

Finding Software License Violations Through Binary Code Clone Detection - A Retrospective

ACM SIGSOFT Software Engineering Notes ◽

10.1145/3468744.3468752 ◽

2021 ◽

Vol 46 (3) ◽

pp. 24-25

Author(s):

Armijn Hemel ◽

Karl Trygve Kalleberg ◽

Rob Vermaas ◽

Eelco Dolstra

Keyword(s):

Open Source ◽

Original Problem ◽

Binary Code ◽

Source Code ◽

Clone Detection ◽

Problem Statement ◽

Open Source Code ◽

Code Clone ◽

Software License ◽

The Impact

Ten years ago, we published the article Finding software license violations through binary code clone detection at the MSR 2011 conference. Our paper was motivated by the tendency of em- bedded hardware vendors to only release binary blobs of their rmware, often violating the licensing terms of open-source soft- ware present inside those blobs. The techniques presented in our paper were designed to accurately identify open-source code hid- den inside binary blobs. Here, we give our perspectives on the impact of our work, both industrially and academically, and re- visit the original problem statement to see what has happened in the eld of open-source compliance in the intervening decade.

Download Full-text

Estimation of similarity between functions extracted from x86 executable files

Serbian Journal of Electrical Engineering ◽

10.2298/sjee1502253b ◽

2015 ◽

Vol 12 (2) ◽

pp. 253-262

Author(s):

Katarina Berta ◽

Sasa Stojanovic ◽

Milos Cvetanovic ◽

Zaharije Radivojevic

Keyword(s):

Machine Learning ◽

Software Engineering ◽

Binary Code ◽

Source Code ◽

Future Research ◽

Malware Analysis ◽

Previous Knowledge ◽

The Third

Comparison of functions is required in various domains of software engineering. In most domains, comparison is done using source code, but in some domains, such as license violation or malware analysis, only binary code is available. The goal of this paper is to evaluate whether the existing solution meant for ARM architecture can be applied to x86 architecture. The existing solution encompasses multiple approaches, but for the purpose of this paper three representative approaches are implemented; two are based on machine learning, and the third does not require previous knowledge. Results show that the best recalls obtained for the first ten positions on both architectures are comparable and do not differ significantly. The results confirm that adaptation of all approaches of the existing solution is not only possible but also promising and represent adequate basis for future research.

Download Full-text

Testing Platform Invoke as a Tool for Shellcode Injection in Windows Applications

Journal of Physics Conference Series ◽

10.1088/1742-6596/2096/1/012048 ◽

2021 ◽

Vol 2096 (1) ◽

pp. 012048

Author(s):

V K Fedorov ◽

E G Balenko ◽

N V Gololobov ◽

K E Izrailov

Keyword(s):

Binary Code ◽

Source Code ◽

Malicious Code ◽

System Call ◽

System Calls ◽

Injection Methods ◽

Windows Applications ◽

Control Modules ◽

Analysis Models ◽

Software Attacks

Abstract This paper investigates software attacks based on shellcode injection in Windows applications. The attack uses platform invoke to inject binary code by means of system calls. This creates a separate threat that carries the payload. The paper overviews protections against shellcode injection and thus analyzes the injection methods as well. Analysis models the injection of malicious code in a Windows app process. As a result, the paper proposes a step-by-step injection method. Experimental injection of user code in PowerShell is performed to test the method. The paper further shows the assembly code of the system call as an example of finding their IDs in the global system call table; it also shows part of the source code for the injection of binary executable code. Various counterattacks are proposed in the form of software control modules based on architecture drivers. The paper analyzes the feasibility of using dynamic invoke, which the authors plan to do later on.

Download Full-text

The Method of Rotated Solutions: A Highly Efficient Procedure for Code Verification

Journal of Verification Validation and Uncertainty Quantification ◽

10.1115/1.4049322 ◽

2020 ◽

Author(s):

Marc Horner

Keyword(s):

Analytical Solution ◽

Analytical Solutions ◽

Source Code ◽

Numerical Algorithms ◽

Coordinate Transformations ◽

Code Verification ◽

Efficient Procedure ◽

One Dimensional ◽

Engineering Problems

Abstract Code verification provides mathematical evidence that the source code of a scientific computing software platform is free of bugs and that the numerical algorithms are consistent. The most stringent form of code verification requires the user to demonstrate agreement between the formal and observed orders of accuracy. The observed order is based on a determination of the discretization error, and therefore requires the existence of an analytical solution. One drawback of analytical solutions based on traditional engineering problems is that most derivatives are identically zero, which limits their scope during code verification. The Method of Rotated Solutions is introduced herein as a methodology that utilizes coordinate transformations to generate additional non-zero derivatives in the numerical and analytical solutions. These transformations extend the utility of even the simplest one-dimensional solutions to be able to perform more thorough evaluations. This paper outlines the rotated solutions methodology and provides an example that demonstrates and confirms the utility of this new technique.

Download Full-text

Osiris: A Malware Behavior Capturing System Implemented at Virtual Machine Monitor Layer

Mathematical Problems in Engineering ◽

10.1155/2013/402438 ◽

2013 ◽

Vol 2013 ◽

pp. 1-11 ◽

Cited By ~ 4

Author(s):

Ying Cao ◽

Qiguang Miao ◽

Jiachen Liu ◽

Weisheng Li

Keyword(s):

Virtual Machine ◽

Binary Code ◽

Source Code ◽

Detection Algorithm ◽

Main Process ◽

Malware Analysis ◽

Network Environment ◽

Virtual Machine Monitor ◽

Analysis Process ◽

Malicious Behaviors

To perform behavior based malware analysis, behavior capturing is an important prerequisite. In this paper, we present Osiris system which is a tool to capture behaviors of executable files in Windows system. It collects API calls invoked not only by main process of the analysis file, but also API calls invoked by child processes which are created by main process, injected processes if process injection happens, and service processes if the main process creates services. By modifying the source code of Qemu, Osiris is implemented at the virtual machine monitor layer and has the following advantages. First, it does not rewrite the binary code of analysis file or interfere with its normal execution, so that behavior data are obtained more stealthily and transparently. Second, it employs a multi-virtual machine framework to simulate the network environment for malware analysis, so that network behaviors of a malware are stimulated to a large extend. Third, besides network environment, it also simulates most common host events to stimulate potential malicious behaviors of a malware. The experimental results show that Osiris automates the malware analysis process and provides good behavior data for the following detection algorithm.

Download Full-text

Hardware Support for Efficient Testing of Embedded Software

Volume 3: 2011 ASME/IEEE International Conference on Mechatronic and Embedded Systems and Applications, Parts A and B ◽

10.1115/detc2011-47139 ◽

2011 ◽

Cited By ~ 1

Author(s):

Thomas Reinbacher ◽

Andreas Steininger ◽

Tobias Mu¨ller ◽

Martin Horauer ◽

Jo¨rg Brauer ◽

...

Keyword(s):

Binary Code ◽

Source Code ◽

Test Cases ◽

False Negatives ◽

Worked Example ◽

Efficient Test ◽

Modeling Errors ◽

High Level ◽

Specific Implementation ◽

Target Platform

Verification of software for embedded systems is crucial for ensuring a product’s integrity. Formal approaches like static analysis and model checking are gaining momentum in this context. To make an exhaustive examination of the system’s state space tractable in practice, these methods perform an abstraction and over-approximation of the possible behavior. As a side-effect, however, this leads to “false negatives” -property violations that exist only in the model and not on the real system. Ruling out such spurious property violations by manual valuation is a tedious and error-prone process. This paper reports on the concepts and design of a hardware unit to support the identification of false negatives. Our approach has several advantages: (i) It works on microcontroller binary code, thus avoiding the need for availability of high-level source code, and covering compiler bugs as well, (ii) Moving the verification directly to the target platform rules out modeling errors. (iii) The cases suspected to lead to spurious property violations can serve as very efficient test cases for a specific implementation later on. We illustrate principle and benefits of the proposed approach by a worked example.

Download Full-text

Source code verification of a secure payment applet

The Journal of Logic and Algebraic Programming ◽

10.1016/j.jlap.2003.07.007 ◽

2004 ◽

Vol 58 (1-2) ◽

pp. 107-120 ◽

Cited By ~ 4

Author(s):

Bart Jacobs ◽

Martijn Oostdijk ◽

Martijn Warnier

Keyword(s):

Source Code ◽

Code Verification ◽

Source Code Verification

Download Full-text

A Survey of Binary Code Similarity

ACM Computing Surveys ◽

10.1145/3446371 ◽

2021 ◽

Vol 54 (3) ◽

pp. 1-38

Author(s):

Irfan Ul Haq ◽

Juan Caballero

Keyword(s):

Real World ◽

Binary Code ◽

Source Code ◽

Malware Detection ◽

Research Area ◽

The Past ◽

Real World Applications ◽

Similarities And Differences

Binary code similarityapproaches compare two or more pieces of binary code to identify their similarities and differences. The ability to compare binary code enables many real-world applications on scenarios where source code may not be available such as patch analysis, bug search, and malware detection and analysis. Over the past 22 years numerous binary code similarity approaches have been proposed, but the research area has not yet been systematically analyzed. This article presents the first survey of binary code similarity. It analyzes 70 binary code similarity approaches, which are systematized on four aspects: (1) the applications they enable, (2) their approach characteristics, (3) how the approaches are implemented, and (4) the benchmarks and methodologies used to evaluate them. In addition, the survey discusses the scope and origins of the area, its evolution over the past two decades, and the challenges that lie ahead.

Download Full-text