Ghidra, National Security Agency’s powerful reverse engineering framework, was recently released open-source in April 2019 and is capable of lifting instructions from a wide variety of processor architectures into its own register transfer language called p-code. In this project, we present a new tool which leverages Ghidra’s specific architecture-neutral intermediate representation to construct a control flow graph modeling all program executions of a given binary and apply static taint analysis. This technique is capable of identifying the information flow of malicious input from untrusted sources that may interact with key sinks or parts of the system without needing access to the source code itself and can be retargetable to analyze the...
Taint analysis detects if data coming from a source, such as user input, flows into a sink, such as ...
Illicit software that seeks to steal user information, deny service, or cause general mayhem on comp...
Taint analysis is a popular method in software analysis field including vulnerability/malware analys...
This dissertation is concerned with static analysis of binary executables in a theoretically well-fo...
A technique to improve computer security is to test an executable for the presence of malicious code...
Software is ubiquitous in society, but understanding it, especially without access to source code, i...
Lots of work has been done on analyzing software distributed in binary form. This is a challenging p...
Binary code analysis is widely used in many applications, including reverse engineering, software fo...
Software security vulnerabilities and leakages of private information are two of the main issues in ...
Many source code tools help software programmers analyze programs as they are being developed, but s...
Applications frequently use data coming from untrusted sources. Such data can be used to exploit vul...
Static analysis is a powerful tool for detecting security vulnerabilities and other programming prob...
Software security vulnerabilities are a major threat for software systems. In the worst case, vulner...
Taint-tracking is emerging as a general technique in software security to complement virtualization ...
Taint analysis detects if data coming from a source, such as user input, flows into a sink, such as ...
Taint analysis detects if data coming from a source, such as user input, flows into a sink, such as ...
Illicit software that seeks to steal user information, deny service, or cause general mayhem on comp...
Taint analysis is a popular method in software analysis field including vulnerability/malware analys...
This dissertation is concerned with static analysis of binary executables in a theoretically well-fo...
A technique to improve computer security is to test an executable for the presence of malicious code...
Software is ubiquitous in society, but understanding it, especially without access to source code, i...
Lots of work has been done on analyzing software distributed in binary form. This is a challenging p...
Binary code analysis is widely used in many applications, including reverse engineering, software fo...
Software security vulnerabilities and leakages of private information are two of the main issues in ...
Many source code tools help software programmers analyze programs as they are being developed, but s...
Applications frequently use data coming from untrusted sources. Such data can be used to exploit vul...
Static analysis is a powerful tool for detecting security vulnerabilities and other programming prob...
Software security vulnerabilities are a major threat for software systems. In the worst case, vulner...
Taint-tracking is emerging as a general technique in software security to complement virtualization ...
Taint analysis detects if data coming from a source, such as user input, flows into a sink, such as ...
Taint analysis detects if data coming from a source, such as user input, flows into a sink, such as ...
Illicit software that seeks to steal user information, deny service, or cause general mayhem on comp...
Taint analysis is a popular method in software analysis field including vulnerability/malware analys...