Static analysis of binary code to isolate malicious behaviors

Author

Bergeron, J. ; Debbabi, M. ; Erhioui, M.M. ; Ktari, B.

Author_Institution

Dept. of Comput. Sci., Laval Univ., Que., Canada

fYear

1999

fDate

1999

Firstpage

184

Lastpage

189

Abstract

We address the problem of static slicing on binary executables for the purposes of malicious code detection in COTS components. By operating directly on binary code without any assumption on the availability of source code, our approach is realistic and appropriate for the analysis of COTS software products. To be able to reason on such low-level code, we need a suite of program transformations that aim to get a high level imperative representation of the code. The intention is to significantly improve the analysability while preserving the original semantics. Next we apply slicing techniques to extract those code fragments that are critical from the security standpoint. Finally, these fragments are subjected to verification against behavioral specifications to statically decide whether they exhibit malicious behaviors or not

Keywords

program diagnostics; program slicing; program verification; security of data; software reusability; COTS components; behavioral specification; binary code; binary executables; formal verification; low-level code; malicious behavior; malicious code detection; program slicing; program transformations; semantics; static analysis; Availability; Binary codes; Computer science; Computer security; Costs; Councils; Electronic switching systems; Information security; Libraries; Technology planning;

fLanguage

English

Publisher

ieee

Conference_Titel

Enabling Technologies: Infrastructure for Collaborative Enterprises, 1999. (WET ICE '99) Proceedings. IEEE 8th International Workshops on

Conference_Location

Stanford, CA

ISSN

1080-1383

Print_ISBN

0-7695-0365-9

Type

conf

DOI

10.1109/ENABL.1999.805197

Filename

805197