Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

Augmenting Vulnerability Analysis of Binary Code

Discovering and understanding security vulnerabilities in complex, binary code can be a difficult and time consuming problem. While there has been notable progress in the development of automatic solutions for vulnerability detection, manual analysis remains a necessary component of any binary auditing task. In this paper we present an approach based on run time data tracking that works to narrow down the attack surface of an application and prioritize code regions for manual analysis. By supporting arbitrary data sources and sinks we can track the spread of direct and indirect attacker influence throughout a program. Alerts are generated once this influence reaches potentially sensitive code and the results are post-processed, prioritized, and integrated into common reverse engineering tools. The data recorded is used to inform the decisions of users, rather than replace them. By avoiding the processing required for semantic analysis and automated reasoning our approach is sufficiently fast to integrate into the normal workflow of manual vulnerability detection.

Author(s):

Sean Heelan    
Immunity Inc
United Kingdom

Agustin Gianni    
Immunity Inc
Argentina

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC