Dynamic Analysis and Debugging of Binary Code for Security Applications

Li, Lixin; Wang, Chao

doi:10.1007/978-3-642-40787-1_31

Cited by 10 publications

(2 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Binary analysis. Binary analysis techniques have been applied for different platforms, using static [7,9,12,21], dynamic [6,8,37], hybrid [11,22,54] and machine-learning-based [32,39,68,71] approaches. A recent work [15] tackles the challenging task of analyzing binaries by combining declarative static analysis (using Datalog declarative logic-based programming language) with reverse-engineering techniques to perform x-refs analysis in native libraries using Radare2 [51].…”

Section: Related Workmentioning

confidence: 99%

JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis

Samhi,

Gao,

Daoudi

et al. 2021

Preprint

View full text Add to dashboard Cite

Native code is now commonplace within Android app packages where it co-exists and interacts with Dex bytecode through the Java Native Interface to deliver rich app functionalities. Yet, state-of-theart static analysis approaches have mostly overlooked the presence of such native code, which, however, may implement some key sensitive, or even malicious, parts of the app behavior. This limitation of the state of the art is a severe threat to validity in a large range of static analyses that do not have a complete view of the executable code in apps. To address this issue, we propose a new advance in the ambitious research direction of building a unified model of all code in Android apps. The JuCify approach presented in this paper is a significant step towards such a model, where we extract and merge call graphs of native code and bytecode to make the final model readily-usable by a common Android analysis framework: in our implementation, JuCify builds on the Soot internal intermediate representation. We performed empirical investigations to highlight how, without the unified model, a significant amount of Java methods called from the native code are "unreachable" in apps' call-graphs, both in goodware and malware. Using JuCify, we were able to enable static analyzers to reveal cases where malware relied on native code to hide invocation of payment library code or of other sensitive code in the Android framework. Additionally, JuCify's model enables state-of-the-art tools to achieve better precision and recall in detecting data leaks through native code. Finally, we show that by using JuCify we can find sensitive data leaks that pass through native code.

show abstract

Section: Related Workmentioning

confidence: 99%

JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis

Samhi,

Gao,

Daoudi

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…The importance of porting dynamic analysis techniques to different platforms has been discussed by Li and Wang [41], who proposed a set of tools built on top of IDA Pro and the REIL Intermediate Language to perform symbolic execution in a portable way.…”

Section: Related Workmentioning

confidence: 99%

Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems’ Firmwares

Zaddach

Bruno

Francillon

et al. 2014

Proceedings 2014 Network and Distributed System Security Symposium

254

158

View full text Add to dashboard Cite

Abstract-To address the growing concerns about the security of embedded systems, it is important to perform accurate analysis of firmware binaries, even when the source code or the hardware documentation are not available. However, research in this field is hindered by the lack of dedicated tools. For example, dynamic analysis is one of the main foundations of security analysis, e.g., through dynamic taint tracing or symbolic execution. Unlike static analysis, dynamic analysis relies on the ability to execute software in a controlled environment, often an instrumented emulator. However, emulating firmwares of embedded devices requires accurate models of all hardware components used by the system under analysis. Unfortunately, the lack of documentation and the large variety of hardware on the market make this approach infeasible in practice.In this paper we present Avatar, a framework that enables complex dynamic analysis of embedded devices by orchestrating the execution of an emulator together with the real hardware. We first introduce the basic mechanism to forward I/O accesses from the emulator to the embedded device, and then describe several techniques to improve the system's performance by dynamically optimizing the distribution of code and data between the two environments. Finally, we evaluate our tool by applying it to three different security scenarios, including reverse engineering, vulnerability discovery and hardcoded backdoor detection. To show the flexibility of Avatar, we perform this analysis on three completely different devices: a GSM feature phone, a hard disk bootloader, and a wireless sensor node.

show abstract

Design and implementation of user-level dynamic binary instrumentation on ARM architecture

Kim

Ryou

2016

J Supercomput

View full text Add to dashboard Cite

Dynamic Analysis and Debugging of Binary Code for Security Applications

Cited by 10 publications

References 14 publications

JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis

JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis

Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems’ Firmwares

Design and implementation of user-level dynamic binary instrumentation on ARM architecture

Contact Info

Product

Resources

About