Abstract. Security analysis often requires understanding both the con-trol and data-flow structure of a binary. We introduce a new program representation, a hybrid information- and control-flow graph (HI-CFG), and give algorithms to infer it from an instruction-level trace. As an application, we consider the task of generalizing an attack against a pro-gram whose inputs undergo complex transformations before reaching a vulnerability. We apply the HI-CFG to find the parts of the program that implement each transformation, and then generate new attack in-puts under a user-specified combination of transformations. Structural knowledge allows our approach to scale to applications that are infeasible with monolithic symbolic execution. Such atta...
System programming languages such as C and C++ are ubiquitously used for systems software such as br...
Abstract. Techniques have been proposed to find the semantic differ-ences between two binary program...
Static binary analysis is a key tool to assess the security of thirdparty binaries and legacy progra...
AbstractBinary analysis is useful in many practical applications, such as the detection of malware o...
Metamorphism is a technique that mutates the binary code using different obfuscations and never keep...
In 2005, Kruegel et al. proposed a variation of the traditional mimicry attack, to which we will ref...
Part 3: Attacks to Software and Network SystemsInternational audienceWe present a generic framework ...
Part 1: Keynote SpeechInternational audienceIn addition to its usual complexity assumptions, cryptog...
Finding and exploiting vulnerabilities in binary code is a challenging task. The lack of high-level,...
Abstract Tackling binary program analysis problems has traditionally implied manually defining rules...
This report addresses de-obfuscation on programs. The targeted obfuscation scheme is the control flo...
Binary code analysis has attracted much attention. The difficulty lies in constructing a Control Flo...
Abstract—Modern obfuscation techniques are intended to dis-courage reverse engineering and malicious...
With the widespread deployment of Control-Flow Integrity (CFI), control-flow hijacking attacks, and ...
With the growing popularity of emerging technologies, the prevalence of digital systems is more than...
System programming languages such as C and C++ are ubiquitously used for systems software such as br...
Abstract. Techniques have been proposed to find the semantic differ-ences between two binary program...
Static binary analysis is a key tool to assess the security of thirdparty binaries and legacy progra...
AbstractBinary analysis is useful in many practical applications, such as the detection of malware o...
Metamorphism is a technique that mutates the binary code using different obfuscations and never keep...
In 2005, Kruegel et al. proposed a variation of the traditional mimicry attack, to which we will ref...
Part 3: Attacks to Software and Network SystemsInternational audienceWe present a generic framework ...
Part 1: Keynote SpeechInternational audienceIn addition to its usual complexity assumptions, cryptog...
Finding and exploiting vulnerabilities in binary code is a challenging task. The lack of high-level,...
Abstract Tackling binary program analysis problems has traditionally implied manually defining rules...
This report addresses de-obfuscation on programs. The targeted obfuscation scheme is the control flo...
Binary code analysis has attracted much attention. The difficulty lies in constructing a Control Flo...
Abstract—Modern obfuscation techniques are intended to dis-courage reverse engineering and malicious...
With the widespread deployment of Control-Flow Integrity (CFI), control-flow hijacking attacks, and ...
With the growing popularity of emerging technologies, the prevalence of digital systems is more than...
System programming languages such as C and C++ are ubiquitously used for systems software such as br...
Abstract. Techniques have been proposed to find the semantic differ-ences between two binary program...
Static binary analysis is a key tool to assess the security of thirdparty binaries and legacy progra...