Intraprocedural static slicing of binary executables

Cifuentes, Cristina; Fraboulet, Antoine

doi:10.1109/icsm.1997.624245

Cited by 74 publications

(54 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The static analysis technical analysis method does not perform binaries, such as disassembly, source code analysis, binary statistical analysis, decompile, belong to the reverse analysis methods [1,2] . Determined by static analysis of malicious code after its general structure, the feature string, feature code section [3] .…”

Section: ) Static Analysis Techniquesmentioning

confidence: 99%

Malicious Code Detection Based on Software Fingerprint

Yin¹,

Yu²,

Niu³

2013

Proceedings of the 2013 International Conference on Advanced Computer Science and Electronics Information

View full text Add to dashboard Cite

Abstract-The malicious code on the network is increasingly rampant that the traditional detection method of characteristic code has been difficult to deal with malicious code, with features of various variants, deformations and other problems. In this paper we present a new static analysis model based on software fingerprint to distinguish malicious codes. Through obtaining the software call graph by disassembling the binary file and mapping it as an image, shape moments can be obtained as the software fingerprint based on the retrieval theory of content image, combined with moment theory and the image's color, texture and shape features. The idea of pattern matching is used to measure the extracted software fingerprint similarity to determine whether it is malicious code or not. Then, we analyze the collected program samples. Test and verify whether the program has good performance in uniqueness, invariability and sensibility.

show abstract

Section: ) Static Analysis Techniquesmentioning

confidence: 99%

Malicious Code Detection Based on Software Fingerprint

Yin¹,

Yu²,

Niu³

2013

Proceedings of the 2013 International Conference on Advanced Computer Science and Electronics Information

View full text Add to dashboard Cite

show abstract

“…We focus on program slicing, because it has many applications, including re-engineering [11], maintenance [19], [21], debugging [32], [49], testing [8], [23], refactoring [17], reuse [4], [12], and comprehension [15], [30], [43]. Static slicing also illustrates many issues that affect attempts to construct a 'safe' static analysis.…”

Section: Introductionmentioning

confidence: 99%

ORBS and the limits of static slicing

Binkley

Gold

Harman

et al. 2015

2015 IEEE 15th International Working Conference on Source Code Analysis and Manipulation (SCAM)

View full text Add to dashboard Cite

Abstract-Observation-based slicing is a recently-introduced, language-independent, slicing technique based on the dependencies observable from program behaviour. Due to the wellknown limits of dynamic analysis, we may only compute an under-approximation of the true observation-based slice. However, because the observation-based slice captures all possible dependence that can be observed, even such approximations can yield insight into the limitations of static slicing. For example, a static slice, S that is strictly smaller than the corresponding observation based slice is guaranteed to be unsafe. We present the results of three sets of experiments on 12 different programs, including benchmarks and larger programs, which investigate the relationship between static and observation-based slicing. We show that, in extreme cases, observation-based slices can find the true static minimal slice, where static techniques cannot. For more typical cases, our results illustrate the potential for observation-based slicing to highlight unsafe static slices. Finally, we report on the sensitivity of observation-based slicing to test quality.

show abstract

“…This is crucial for analyzing executables because numeric values and addresses are indistinguishable at runtime. Moreover, unlike earlier algorithms that analyze executables [8,11], VSA takes into account data manipulations involving memory locations also. To track the contents of memory locations, the initial run of VSA uses the variables recovered via the Semi-Naïve approach from §3.1.…”

Section: Value-set Analysis (Vsa)mentioning

confidence: 99%

“…His implementation does not support analysis of programs that use heap-allocated storage. Moreover, his techniques are not able to infer from loop access patterns-as ASI can-that an unstructured cell (e.g., unsigned char z[32] has internal array substructures, (e.g., int y [8]; or struct {int a [3]; int b;} x [2];).…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

DIVINE: DIscovering Variables IN Executables

Balakrishnan¹,

Reps²

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. This paper addresses the problem of recovering variable-like entities when analyzing executables in the absence of debugging information. We show that variable-like entities can be recovered by iterating Value-Set Analysis (VSA), a combined numeric-analysis and pointer-analysis algorithm, and Aggregate Structure Identification, an algorithm to identify the structure of aggregates. Our initial experiments show that the technique is successful in correctly identifying 88% of the local variables and 89% of the fields of heap-allocated objects. Previous techniques recovered 83% of the local variables, but 0% of the fields of heap-allocated objects. Moreover, the values computed by VSA using the variables recovered by our algorithm would allow any subsequent analysis to do a better job of interpreting instructions that use indirect addressing to access arrays and heap-allocated data objects: indirect operands can be resolved better at 4% to 39% of the sites of writes and up to 8% of the sites of reads. (These are the memory-access operations for which it is the most difficult for an analyzer to obtain useful results.)

show abstract

Intraprocedural static slicing of binary executables

Cited by 74 publications

References 20 publications

Malicious Code Detection Based on Software Fingerprint

Malicious Code Detection Based on Software Fingerprint

ORBS and the limits of static slicing

DIVINE: DIscovering Variables IN Executables

Contact Info

Product

Resources

About