Open Access10.17877/DE290R-2007
Structural Comparison of Executable Objects
Halvar Flake
- 01 Jul 2004
- pp 161-173
TL;DR: A method to heuristically construct an isomorphism between the sets of functions in two similar but differing versions of the same executable file has multiple practical applications, specifically the ability to detect programmatic changes between the two executable versions.
read more
Abstract: A method to heuristically construct an isomorphism between the sets of functions in two similar but differing versions of the same executable file is presented. Such an isomorphism has multiple practical applications, specifically the ability to detect programmatic changes between the two executable versions. Moreover, information (function names) which is available for one of the two versions can also be made available for the other . A framework implementing the described methods is presented, along with empirical data about its performance when used to analyze patches to recent security vulnerabilities. As a more practical example, a security update which fixes a critical vulnerability in an H.323 parsing component is analyzed, the relevant vulnerability extracted and the implications of the vulnerability and the fix discussed.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Learning and Classification of Malware Behavior
Konrad Rieck,Thorsten Holz,Carsten Willems,Patrick Düssel,Pavel Laskov +4 more
- 10 Jul 2008
TL;DR: The effectiveness of the proposed method for learning and discrimination of malware behavior is demonstrated, especially in detecting novel instances of malware families previously not recognized by commercial anti-virus software.
•Book
The Security Development Lifecycle
Michael Howard,Steve Lipner +1 more
- 01 Jun 2006
TL;DR: In this article, an introduction to the security development lifecycle (SDL) provides a history of the methodology and guides you through each stage of a proven process-from design to release-that helps minimize security defects.
Scalable Graph-based Bug Search for Firmware Images
Qian Feng,Rundong Zhou,Chengcheng Xu,Yao Cheng,Brian Testa,Heng Yin +5 more
- 24 Oct 2016
TL;DR: A new bug search scheme is proposed which addresses the scalability challenge in existing cross-platform bug search techniques and further improves search accuracy, and implemented a bug search engine, Genius, and compared it with state-of-art bug search approaches.
464
discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code.
Sebastian Eschweiler,Khaled Yakdan,Elmar Gerhards-Padilla +2 more
- 01 Jan 2016
TL;DR: A new approach to efficiently search for similar functions in binary code, called discovRE, that supports four instruction set architectures (x86, x64, ARM, MIPS) and is four orders of magnitude faster than the state-of-the-art academic approach for cross-architecture bug search in binaries.
338
BinHunt: Automatically Finding Semantic Differences in Binary Programs
Debin Gao,Michael K. Reiter,Dawn Song +2 more
- 20 Oct 2008
TL;DR: A system based on BinHunt is implemented and the application of the system is demonstrated with three case studies in which BinHunt manages to identify the semantic differences between an executable and its patched version, revealing the vulnerability that the patch eliminates.
References
Algorithms for the Longest Common Subsequence Problem
TL;DR: A lgor i thm is appl icable in the genera l case and requi res O ( p n + n log n) t ime for any input strings o f lengths m and n even though the lower bound on T ime of O ( m n ) need not apply to all inputs.
A fast algorithm for computing longest common subsequences
James Hunt,Thomas G. Szymanski +1 more
TL;DR: An algorithm for finding the longest common subsequence of two sequences of length n which has a running time of O((r + n) log n), where r is the total number of ordered pairs of positions at which the two sequences match.
802
•Journal Article
BMAT -- A Binary Matching Tool for Stale Profile Propagation
TL;DR: BMAT is presented, a fast and effective tool that matches two versions of a binary program without knowledge of source code changes and enables the propagation of profile information from an older, extensively profiled build to a newer build, thus greatly reducing or even eliminating the need for re-profiling.
•Proceedings Article
Deducing similarities in Java sources from bytecodes
Brenda S. Baker,Udi Manber +1 more
- 15 Jun 1998
TL;DR: Experimental results indicate that these techniques can be very effective, even changes of 30% to the source file will usually result in bytecode that can be associated with the original.