Bitte warten...
Bitte warten...
English
Hilfe
Login
Forschungsportal
Suche
Forschungsprofile
Forschungsprojekte
Projektvollmacht
Lehre
Forschung
Organisation
Software Sicherheit durch Programmanalyse
01.10.2005 - 31.08.2008
Forschungsförderungsprojekt
The project "Software Security through Binary Analysis" aims to advance the state-of-the-art in binary analysis to improve software security. Binary analysis is the analysis of the machine code representation of an executable software program with the aim of understanding its design, functionality, and operations. The task of binary analysis is to identify and extract certain properties of interest. Based on these properties, it is possible to make statements about the program's run-time behavior. Binary analysis is an approach with a wide range of security-relevant applications. Application areas include the detection of malware (i.e., malicious programs such as viruses and worms), rootkits (i.e., tools used by an intruder to hide from the system administrator) and Trojan horses. In addition, binary analysis can be used to analyze more general security properties such as the presence of buffer overflow or race condition vulnerabilities. An important advantage of binary analysis is that it can be used transparently on executable code. Thus, no access to source code is required. This allows one to perform analysis in cases where source code is not available or where the vulnerability is not visible in source code. However, working on machine code presents major research challenges. These challenges include the design of a robust disassembler in case of variable length machine instructions, a mix of code instructions with data elements, obfuscation and binary encryption. In addition, the lack of type information and higher-level semantic structures (e.g., loops) complicates the analysis. In this project, we propose to develop a solid theoretical foundation to formalize the semantics of machine code. Based on this semantic specification, we will develop techniques and algorithms to reliably disassemble hostile binaries, and to semantically analyze machine instructions. The theoretical concepts will be implemented and verified in a tool that is based on a virtual execution environment. This virtual environment enables us to combine static and dynamic analysis.
Personen
Projektleiter_in
Christopher Krügel
(E183)
Projektmitarbeiter_innen
Andreas Moser
(E183)
Institut
E183 - Institut für Rechnergestützte Automation
Förderungsmittel
FWF - Österr. Wissenschaftsfonds (National)
Fonds zur Förderung der wissenschaftlichen Forschung (FWF)
Forschungsschwerpunkte
Information and Communication Technology
Schlagwörter
Deutsch
Englisch
Security
Security
Reverse Engineering
Reverse Engineering
Binary Analysis
Binary Analysis
Malware Detection
Malware Detection
Buffer Overflow Detection
Buffer Overflow Detection
Publikationen
Publikationsliste