Type

Text

Type

Thesis

Advisor

Robert Johnson | R, Sekar | C R. Ramakrishnan.

Date

2010-08-01

Keywords

binary, disassembly, intra-procedural data flow, security, ssa, type analysis

Department

Department of Computer Science

Language

en_US

Source

This work is sponsored by the Stony Brook University Graduate School in compliance with the requirements for completion of degree.

Identifier

http://hdl.handle.net/11401/71077

Publisher

The Graduate School, Stony Brook University: Stony Brook, NY.

Format

application/pdf

Abstract

Disassembly of binaries plays an important role in computer security.Tools for binary analysis and reverse engineering rely heavily on staticdisassembly. Current disassemblers are not able to reliably disassembleexecutables or libraries that contain data (or junk bytes) in the midst ofcode, or make extensive use of indirect jumps or calls. These features cancause these tools to fail silently, thus making them inappropriate forapplications that critically depend on correct disassembly, e.g. | binaryinstrumentation. An incorrectly disassembled binary can lead to incorrectinstrumentation, which can in turn cause the instrumented program to fail,or more generally, exhibit differences in behavior from the originalbinary. In this thesis, we analyze existing disassembly approaches, theirshortcomings, and propose a technique to overcome these shortcomings. Weinvestigate the use of static data flow analysis and type analysis toovercome the many challenges posed by disassembly of commercial off-the-shelfsoftware binaries.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.