Cross-Architecture Bug Search in Binary Executables

Pewny, Jannik; Garmany, Behrad; Gawlik, Robert; Rossow, Christian; Holz, Thorsten

doi:10.1109/sp.2015.49

Cited by 220 publications

(98 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…First, static plagiarism detection or clone detection includes string-based [2], [5], [15], AST-based [32], [57], [63], [36], token-based [33], [55], [54], and PDGbased [22], [40], [11], [39]. Source code-based approaches are Recent works have applied traditional approaches to addressing the cross-architecture scenario [53], [19], [8], [20], [13], [14], [12]. Multi-MH and Multi-k-MH [53] are the first two methods for comparing functions of different ISAs.…”

Section: Related Workmentioning

confidence: 99%

“…Source code-based approaches are Recent works have applied traditional approaches to addressing the cross-architecture scenario [53], [19], [8], [20], [13], [14], [12]. Multi-MH and Multi-k-MH [53] are the first two methods for comparing functions of different ISAs. But their fuzzing-based basic-block similarity comparison and graph (i.e., CFG) matching-based algorithms are very expensive.…”

Section: Related Workmentioning

confidence: 99%

“…When the source code of programs is not available, binary code analysis becomes indispensable for a variety of important tasks, such as plagiarism detection [41], [31], malware classification [66], [30], and vulnerability discovery [53], [62]. Increasingly, software is cross-compiled for various architectures.…”

Section: Introductionmentioning

confidence: 99%

“…For example, hardware vendors often use the same code base to compile firmware for different devices that operate on varying architectures (e.g., x86 and ARM): this could cause a single vulnerability at source-code level to spread across binaries across diverse devices. As a result, cross-architecture binary code analysis has become an emerging problem that draws great attention [53], [19], [21], [62], [67]. Analysis of binaries across instruction set architectures (ISAs), however, is non-trivial: binaries of varying ISAs differ greatly in instruction sets; calling conventions; general-and special-purpose CPU register usages; and memory addressing modes.…”

Section: Introductionmentioning

confidence: 99%

“…Given a function in x86 that contains, for instance, the Heartbleed function, by searching for functions similar to it from a large database of functions of varying architectures, more vulnerability instances may be found. This question has gained intense research interest [53], [19], [21], [62]. A core subtask involved is the comparison of basic blocks across architectures.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

A Cross-Architecture Instruction Embedding Model for Natural Language Processing-Inspired Binary Code Analysis

Redmond¹,

Luo²,

Zeng³

2019

Proceedings 2019 Workshop on Binary Analysis Research

View full text Add to dashboard Cite

Given a closed-source program, such as most of proprietary software and viruses, binary code analysis is indispensable for many tasks, such as code plagiarism detection and malware analysis. Today, source code is very often compiled for various architectures, making cross-architecture binary code analysis increasingly important. A binary, after being disassembled, is expressed in an assembly languages. Thus, recent work starts exploring Natural Language Processing (NLP) inspired binary code analysis. In NLP, words are usually represented in high-dimensional vectors (i.e., embeddings) to facilitate further processing, which is one of the most common and critical steps in many NLP tasks. We regard instructions as words in NLPinspired binary code analysis, and aim to represent instructions as embeddings as well.To facilitate cross-architecture binary code analysis, our goal is that similar instructions, regardless of their architectures, have embeddings close to each other. To this end, we propose a joint learning approach to generating instruction embeddings that capture not only the semantics of instructions within an architecture, but also their semantic relationships across architectures. To the best of our knowledge, this is the first work on building crossarchitecture instruction embedding model. As a showcase, we apply the model to resolving one of the most fundamental problems for binary code similarity comparison-semantics-based basic block comparison, and the solution outperforms the code statistics based approach. It demonstrates that it is promising to apply the model to other cross-architecture binary code analysis tasks.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

A Cross-Architecture Instruction Embedding Model for Natural Language Processing-Inspired Binary Code Analysis

Redmond¹,

Luo²,

Zeng³

2019

Proceedings 2019 Workshop on Binary Analysis Research

View full text Add to dashboard Cite

show abstract

Focus : Function clone identification on cross‐platform

Liu

et al. 2021

Int J of Intelligent Sys

View full text Add to dashboard Cite

Automatic identification of function clones on crossplatform aims at determining whether two functions are identical or not without access to the source code, which is a fundamental challenge in vulnerability search, code plagiarism detection, and malware classification. With the rapid development of deep neural network in pro-K E Y W O R D S attention mechanism, binary similarity, graph neural network, program analysis | INTRODUCTIONBinary code similarity detection is a key foundation in maintaining software security, which can be generally applied in searching critical vulnerability 1 and detecting malware, 2 and so forth. Today, with the booming development of billions of Internet of Things (IoT) devices, the similarity analysis of binary code has become even more important than ever, because (1) code reuse is quite common in IoT which spreads a single vulnerability at source code level across thousands or more embedded devices that have diverse hardware architectures and software platforms 3 and (2) a known vulnerability that has been exploited in the past can also cause unprecedented damage and significant revenue losses to our daily life. 4 Worryingly, accurate and efficient analysis of stripped binary code is difficult because debug information such as symbol names, types, and location of commercial off-the-shelf (COTS) binary is unavailable. Besides, compared to binary code similarity detection on single-platform, function identification on cross-platform needs to deal with the binary code differences caused by various architectures, optimization levels, and compilers, which is even more challenging.Traditional binary code similarity detection approaches 5 adopt symbolic execution, constraint solving, or theorem prover to directly check binary code equivalence. However, these methods are inefficient especially when the number of function pairs is large, making them difficult to be utilized in large-scale applications. Graph matching-based methods use program flow diagrams to represent functions and detect similar functions. [6][7][8][9][10][11] These methods are usually inaccurate or their detection performance is limited by the efficiency of graph matching algorithms. 1,12 For instance, Genius 10 takes more than 1 week to construct their proposed codebook for only three software packages and the time complexity is quadratic in the number of training samples and linear in the cost of the bipartite graph matching algorithm.Recently, with the rapid development of deep learning and graph neural network (GNN), 13,14 graph matching and classification problems such as social network graph analytics 15 and chemical formula matching 13 can be solved well by transforming a representative graph to an embedding.

show abstract

SoProtector: Securing Native C/C++ Libraries for Mobile Applications

Zhang

Meng

et al. 2018

Algorithms and Architectures for Parallel Processing

View full text Add to dashboard Cite

Cross-Architecture Bug Search in Binary Executables

Cited by 220 publications

References 23 publications

A Cross-Architecture Instruction Embedding Model for Natural Language Processing-Inspired Binary Code Analysis

A Cross-Architecture Instruction Embedding Model for Natural Language Processing-Inspired Binary Code Analysis

Focus : Function clone identification on cross‐platform

SoProtector: Securing Native C/C++ Libraries for Mobile Applications

Contact Info

Product

Resources

About