2017
DOI: 10.1515/itit-2016-0040
|View full text |Cite
|
Sign up to set email alerts
|

Cross-architecture bug search in binary executables

Abstract: Abstract:With the general availability of closed-source software for various CPU architectures, there is a need to identify security-critical vulnerabilities at the binary level. Unfortunately, existing bug finding methods fall short in that they i) require source code, ii) only work on a single architecture (typically x86), or iii) rely on dynamic analysis, which is difficult for embedded devices. In this paper, we propose a system to derive bug signatures for known bugs. First, we compute semantic hashes for… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

1
177
0

Year Published

2017
2017
2021
2021

Publication Types

Select...
4
2
2

Relationship

0
8

Authors

Journals

citations
Cited by 71 publications
(178 citation statements)
references
References 17 publications
1
177
0
Order By: Relevance
“…(1) for each α ∈ M do (2) for each node β ∈ α do (3) if β is a leaf node then (4) tm � sequentia_mutating(β) (5) result � sending_monitoring(tm) (6) if interesting(result) then (7) alert(tm) (8) end if (9) end if (10) end for (11) end for (12) loop (13) for each α ∈ M do (14) indexList � randomIndexList(0, len(α)) (15) for each λ ∈ indexList do (16) tm � random_mutating(λ) (17) end for (18) result � sending_monitoring(tm) (19) if interesting(result) then (20) alert(tm) (21) end if (22) end for (23) end loop ALGORITHM 2: WMIFuzzer fuzz scheduling algorithm. be infected and this can be monitored outside.…”
Section: Remote Monitoringmentioning
confidence: 99%
See 1 more Smart Citation
“…(1) for each α ∈ M do (2) for each node β ∈ α do (3) if β is a leaf node then (4) tm � sequentia_mutating(β) (5) result � sending_monitoring(tm) (6) if interesting(result) then (7) alert(tm) (8) end if (9) end if (10) end for (11) end for (12) loop (13) for each α ∈ M do (14) indexList � randomIndexList(0, len(α)) (15) for each λ ∈ indexList do (16) tm � random_mutating(λ) (17) end for (18) result � sending_monitoring(tm) (19) if interesting(result) then (20) alert(tm) (21) end if (22) end for (23) end loop ALGORITHM 2: WMIFuzzer fuzz scheduling algorithm. be infected and this can be monitored outside.…”
Section: Remote Monitoringmentioning
confidence: 99%
“…irdly, static methods [16][17][18] or dynamic methods [6,15,19,20] are deployed to detect aws in these unpacked les. However, rmware-based approaches su er from known drawbacks.…”
Section: Introductionmentioning
confidence: 99%
“…Regardless of their end goal, one of the important steps in these techniques is to correctly identify the Instruction Set Architecture (ISA) of the op-codes within the binary code. Some techniques can perform the analysis using architecture-independent or crossarchitecture methods [16,17,32]. However, many of those techniques still require the exact knowledge of the binary code's ISA.…”
Section: Introductionmentioning
confidence: 99%
“…In detail, we leverage the technique in our previous work [68] In our semantic analysis, for both patched and original partial traces, we first generate various configurations of pre-state and run the partial traces and measure the corresponding post-state values. Then, we compute the semantic summary for patched and original partial traces, and compare them following the techniques in [68,69]. Finally, if the semantic difference is below a pre-defined threshold value (i.e., < ∆ d ).…”
Section: Identifying Security Patchesmentioning
confidence: 99%
“…Such vulnerability types include, side-channel information leakage, memory leakage and uninitialized variables whose patterns are particular to the OpenSSL binaries. However, summarizing these pattern will enable us to identify clone or copypaste type vulnerabilities that are very commonly observed in the wild [69,75].…”
Section: Patch and Vulnerability Patterns (Rq2)mentioning
confidence: 99%