Constructing More Complete Control Flow Graphs Utilizing Directed Gray-Box Fuzzing

Control Flow Graphs (CFGs) provide fundamental data for many program analyses, such as malware analysis, vulnerability detection, code similarity analysis, etc. Existing techniques for constructing control flow graphs include static, dynamic, and hybrid analysis, which each having their own advantages and disadvantages. However, due to the difficulty of resolving indirect jump relations, the existing techniques are limited in completeness. In this paper, we propose a practical technique that applies static analysis and dynamic analysis to construct more complete control flow graphs. The main innovation of our approach is to adopt directed gray-box fuzzing (DGF) instead of coverage-based gray-box fuzzing (CGF) used in the existing approach to generate test cases that can exercise indirect jumps. We first employ a static analysis to construct the static CFGs without indirect jump relations. Then, we utilize directed gray-box fuzzing to generate test cases and resolve indirect jump relations by monitoring the execution traces of these test cases. Finally, we combine the static CFGs with indirect jump relations to construct more complete CFGs. In addition, we also propose an iterative feedback mechanism to further improve the completeness of CFGs. We have implemented our technique in a prototype and evaluated it through comparing with the existing approaches on eight benchmarks. The results show that our prototype can resolve more indirect jump relations and construct more complete CFGs than existing approaches.

Download Full-text

Regression Test Reduction for Object-Oriented Software: A Control Call Graph Based Technique and Associated Tool

ISRN Software Engineering ◽

10.1155/2013/420394 ◽

2013 ◽

Vol 2013 ◽

pp. 1-10 ◽

Cited By ~ 1

Author(s):

Nicolas Frechette ◽

Linda Badri ◽

Mourad Badri

Keyword(s):

Object Oriented ◽

Control Flow ◽

Regression Testing ◽

Test Suite ◽

Reduced Form ◽

Test Cases ◽

Call Graph ◽

Call Graphs ◽

Incremental Update ◽

Flow Graphs

This paper presents a selective regression testing technique and an associated tool for object-oriented software. The technique is based on the concept of Control Call Graphs, which are a reduced form of traditional Control Flow Graphs. It uses static analysis of the source code of the program. The developed tool (1) identifies the Control Call Paths potentially impacted by changes, (2) selects, from an existing test suite, the appropriate test cases, and (3) generates new JUnit test cases for control call paths that are not covered by existing tests (new ones, or those whose structure has been modified after changes). In this way, the approach supports an incremental update of the test suite. The selected JUnit test cases, including the new ones, are automatically executed. Three concrete case studies are reported to provide evidence of the feasibility of the approach and its benefits in terms of reduction of regression testing effort.

Download Full-text

Android malware analysis approach based on control flow graphs and machine learning algorithms

2016 4th International Symposium on Digital Forensic and Security (ISDFS) ◽

10.1109/isdfs.2016.7473512 ◽

2016 ◽

Cited By ~ 6

Author(s):

Mehmet Ali Atici ◽

Seref Sagiroglu ◽

Ibrahim Alper Dogru

Keyword(s):

Machine Learning ◽

Learning Algorithms ◽

Control Flow ◽

Machine Learning Algorithms ◽

Analysis Approach ◽

Malware Analysis ◽

Android Malware ◽

Flow Graphs

Download Full-text

Extended differential control flow graphs for the selection of test cases in regression testing

2016 IEEE/ACIS 15th International Conference on Computer and Information Science (ICIS) ◽

10.1109/icis.2016.7550885 ◽

2016 ◽

Author(s):

Shun Akimoto ◽

Shunta Nakanishi ◽

Rihito Yaegashi ◽

Tomohiko Takagi

Keyword(s):

Control Flow ◽

Regression Testing ◽

Test Cases ◽

Differential Control ◽

Flow Graphs ◽

Selection Of

Download Full-text

Neural reverse engineering of stripped binaries using augmented control flow graphs

Proceedings of the ACM on Programming Languages ◽

10.1145/3428293 ◽

2020 ◽

Vol 4 (OOPSLA) ◽

pp. 1-28 ◽

Cited By ~ 1

Author(s):

Yaniv David ◽

Uri Alon ◽

Eran Yahav

Keyword(s):

Reverse Engineering ◽

Control Flow ◽

Flow Graphs

Download Full-text

Hypervisor-assisted dynamic malware analysis

Cybersecurity ◽

10.1186/s42400-021-00083-9 ◽

2021 ◽

Vol 4 (1) ◽

Author(s):

Roee S. Leon ◽

Michael Kiperberg ◽

Anat Anatey Leon Zabag ◽

Nezer Jacob Zaidenberg

Keyword(s):

Dynamic Analysis ◽

Static Analysis ◽

Cyber Security ◽

Malware Analysis ◽

Analysis Tools ◽

Significant Performance

AbstractMalware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.

Download Full-text

Investigation of Data Dependencies by Dynamic Analysis of Sapfor

Russian Digital Libraries Journal ◽

10.26907/1562-5419-2020-23-3-473-493 ◽

2020 ◽

Vol 23 (3) ◽

pp. 473-493

Author(s):

Nikita Andreevich Kataev ◽

Alexander Andreevich Smirnov ◽

Andrey Dmitrievich Zhukov

Keyword(s):

Dynamic Analysis ◽

Programming Languages ◽

Static Analysis ◽

Automatic Parallelization ◽

Parallel Execution ◽

Control Flow ◽

Analysis Tool ◽

Data Dependencies ◽

Program Parallelization ◽

Memory Accesses

The use of pointers and indirect memory accesses in the program, as well as the complex control flow are some of the main weaknesses of the static analysis of programs. The program properties investigated by this analysis are too conservative to accurately describe program behavior and hence they prevent parallel execution of the program. The application of dynamic analysis allows us to expand the capabilities of semi-automatic parallelization. In the SAPFOR system (System FOR Automated Parallelization), a dynamic analysis tool has been implemented, based on on the instrumentation of the LLVM representation of an analyzed program, which allows the system to explore programs in both C and Fortran programming languages. The capabilities of the static analysis implemented in SAPFOR are used to reduce the overhead program execution, while maintaining the completeness of the analysis. The use of static analysis allows to reduce the number of analyzed memory accesses and to ignore scalar variables, which can be explored in a static way. The developed tool was tested on performance tests from the NAS Parallel Benchmarks package for C and Fortran languages. The implementation of dynamic analysis, in addition to traditional types of data dependencies (flow, anit, output), allows us to determine privitizable variables and a possibility of pipeline execution of loops. Together with the capabilities of DVM and OpenMP these greatly facilitates program parallelization and simplify insertion of the appropriate compiler directives.

Download Full-text

Generating Functionally Equivalent Programs Having Non-isomorphic Control-Flow Graphs

Secure IT Systems - Lecture Notes in Computer Science ◽

10.1007/978-3-319-70290-2_16 ◽

2017 ◽

pp. 265-279 ◽

Cited By ~ 1

Author(s):

Rémi Géraud ◽

Mirko Koscina ◽

Paul Lenczner ◽

David Naccache ◽

David Saulpic

Keyword(s):

Control Flow ◽

Flow Graphs

Download Full-text

A Unified Software Reengineering Approach towards Model Driven Architecture Environment

Software Evolution with UML and XML ◽

10.4018/978-1-59140-462-0.ch003 ◽

2011 ◽

pp. 55-100

Author(s):

Bing Qiao ◽

Hongji Yang ◽

Alan O’Callaghan

Keyword(s):

Control Flow ◽

Point Of View ◽

Software System ◽

Model Driven Architecture ◽

Unified Framework ◽

Software Reengineering ◽

Model Driven ◽

Incremental Development ◽

Flow Graphs ◽

And Control

When developing a software system, there are a number of principles, paradigms, and tools available to choose from. For a specific platform or programming language, a standard way can usually be found to archive the ultimate system; for example, a combination of an incremental development process, object-oriented analysis and design, and a well supported CASE (Computer-Aided Software Engineering) tool. Regardless of the technology to be adopted, the final outcome of the software development is always a working software system. However, when it comes to software reengineering, there is rather less consensus on either approaches or outcomes. Shall we use black-box or white-box reverse engineering for program understanding? Shall we produce data and control flow graphs, or some kind of formal specifications as the output of analysis? Each of these techniques has its pros and cons of tackling various software reengineering problems, and none of them on its own suffices to a whole reengineering project. A proper integration of various techniques capable of solving a specific issue could be an effective way to unravel a complicated software system. This kind of integration has to be done from an architectural point of view. One of the most exciting outcomes of recent efforts on software architecture is the Object Management Group’s (OMG) Model-Driven Architecture (MDA). MDA provides a unified framework for developing middleware-based modern distributed systems, and also a definite goal for software reengineering. This chapter presents a unified software reengineering methodology based on Model-Driven Architecture, which consists of a framework, a process, and related techniques.

Download Full-text

Efficient Implementation of Application-Aware Spinlock Control in MPSoCs

International Journal of Embedded and Real-Time Communication Systems ◽

10.4018/jertcs.2013010104 ◽

2013 ◽

Vol 4 (1) ◽

pp. 64-84 ◽

Cited By ~ 3

Author(s):

Diandian Zhang ◽

Li Lu ◽

Jeronimo Castrillon ◽

Torsten Kempf ◽

Gerd Ascheid ◽

...

Keyword(s):

High Efficiency ◽

A Priori ◽

Control Flow ◽

Specific Information ◽

Centralized Control ◽

Shared Resources ◽

Complete Control ◽

Application Aware ◽

High Level ◽

Application Specific

Spinlocks are a common technique in Multi-Processor Systems-on-Chip (MPSoCs) to protect shared resources and prevent data corruption. Without a priori application knowledge, the control of spinlocks is often highly random which can degrade the system performance significantly. To improve this, a centralized control mechanism for spinlocks is proposed in this paper, which utilizes application-specific information during spinlock control. The complete control flow is presented, which starts from integrating high-level user-defined information down to a low-level realization of the control. An Application-Specific Instruction-set Processor (ASIP) called OSIP, which was originally designed for task scheduling and mapping, is extended to support this mechanism. The case studies demonstrate the high efficiency of the proposed approach and at the same time highlight the efficiency and flexibility advantages of using an ASIP as the system controller in MPSoCs.

Download Full-text

Control-Flow Semantics for Assembly-Level Data-Flow Graphs

Relational Methods in Computer Science - Lecture Notes in Computer Science ◽

10.1007/11734673_12 ◽

2006 ◽

pp. 147-160 ◽

Cited By ~ 4

Author(s):

Wolfram Kahl ◽

Christopher K. Anand ◽

Jacques Carette

Keyword(s):

Data Flow ◽

Control Flow ◽

Level Data ◽

Data Flow Graphs ◽

Flow Graphs

Download Full-text