Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

Augmenting Vulnerability Analysis of Binary Code

Paper
View File
pdf
250KB

Sean Heelan
Immunity Inc
United Kingdom

Agustin Gianni
Immunity Inc
Argentina

Abstract:
Discovering and understanding security vulnerabilities in complex, binary code can be a difficult and time consuming problem. While there has been notable progress in the development of automatic solutions for vulnerability detection, manual analysis remains a necessary component of any binary auditing task. In this paper we present an approach based on run time data tracking that works to narrow down the attack surface of an application and prioritize code regions for manual analysis. By supporting arbitrary data sources and sinks we can track the spread of direct and indirect attacker influence throughout a program. Alerts are generated once this influence reaches potentially sensitive code and the results are post-processed, prioritized, and integrated into common reverse engineering tools. The data recorded is used to inform the decisions of users, rather than replace them. By avoiding the processing required for semantic analysis and automated reasoning our approach is sufficiently fast to integrate into the normal workflow of manual vulnerability detection.

 

Powered by OpenConf®
Copyright ©2002-2012 Zakon Group LLC