skip to main content
research-article
Open Access

BDA: practical dependence analysis for binary executables by unbiased whole-program path sampling and per-path abstract interpretation

Published:10 October 2019Publication History
Skip Abstract Section

Abstract

Binary program dependence analysis determines dependence between instructions and hence is important for many applications that have to deal with executables without any symbol information. A key challenge is to identify if multiple memory read/write instructions access the same memory location. The state-of-the-art solution is the value set analysis (VSA) that uses abstract interpretation to determine the set of addresses that are possibly accessed by memory instructions. However, VSA is conservative and hence leads to a large number of bogus dependences and then substantial false positives in downstream analyses such as malware behavior analysis. Furthermore, existing public VSA implementations have difficulty scaling to complex binaries. In this paper, we propose a new binary dependence analysis called BDA enabled by a randomized abstract interpretation technique. It features a novel whole program path sampling algorithm that is not biased by path length, and a per-path abstract interpretation avoiding precision loss caused by merging paths in traditional analyses. It also provides probabilistic guarantees. Our evaluation on SPECINT2000 programs shows that it can handle complex binaries such as gcc whereas VSA implementations from the-state-of-art platforms have difficulty producing results for many SPEC binaries. In addition, the dependences reported by BDA are 75 and 6 times smaller than Alto, a scalable binary dependence analysis tool, and VSA, respectively, with only 0.19% of true dependences observed during dynamic execution missed (by BDA). Applying BDA to call graph generation and malware analysis shows that BDA substantially supersedes the commercial tool IDA in recovering indirect call targets and outperforms a state-of-the-art malware analysis tool Cuckoo by disclosing 3 times more hidden payloads.

Skip Supplemental Material Section

Supplemental Material

a137-zhang

Presentation at OOPSLA '19

References

  1. ATA. 2018. SPEC2000. http://www.spec2000.com/ .Google ScholarGoogle Scholar
  2. Gogul Balakrishnan and Thomas Reps. 2004. Analyzing memory accesses in x86 executables. In International conference on compiler construction. Springer, 5–23.Google ScholarGoogle ScholarCross RefCross Ref
  3. Thomas Ball and James R Larus. 1996a. Efficient path profiling. In Proceedings of the 29th annual ACM/IEEE international symposium on Microarchitecture. IEEE Computer Society, 46–57.Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Thomas Ball and James R. Larus. 1996b. Efficient Path Profiling. In Proceedings of the 29th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 29, Paris, France, December 2-4, 1996. 46–57.Google ScholarGoogle ScholarCross RefCross Ref
  5. Jonathan Bell, Gail E. Kaiser, Eric Melski, and Mohan Dattatreya. 2015. Efficient dependency detection for safe Java test acceleration. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2015, Bergamo, Italy, August 30 - September 4, 2015. 770–781.Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Jean-Francois Bergeretti and Bernard Carré. 1985. Information-Flow and Data-Flow Analysis of while-Programs. ACM Trans. Program. Lang. Syst. 7, 1 (1985), 37–61.Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Mateus Borges, Antonio Filieri, Marcelo d’Amorim, and Corina S. Pasareanu. 2015. Iterative distribution-aware sampling for probabilistic symbolic execution. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2015, Bergamo, Italy, August 30 - September 4, 2015. 866–877.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. David Brumley, Ivan Jager, Thanassis Avgerinos, and Edward J. Schwartz. 2011. BAP: A Binary Analysis Platform. In Computer Aided Verification - 23rd International Conference, CAV 2011, Snowbird, UT, USA, July 14-20, 2011. Proceedings. 463–469.Google ScholarGoogle Scholar
  9. Juan Caballero, Heng Yin, Zhenkai Liang, and Dawn Xiaodong Song. 2007. Polyglot: automatic extraction of protocol message format using dynamic binary analysis. In Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, October 28-31, 2007. 317–329.Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Yan Cai, Jian Zhang, Lingwei Cao, and Jian Liu. 2016. A deployable sampling strategy for data race detection. In Proceedings of the 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, FSE 2016, Seattle, WA, USA, November 13-18, 2016. 810–821.Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Zheng Leong Chua, Shiqi Shen, Prateek Saxena, and Zhenkai Liang. 2017. Neural Nets Can Learn Function Type Signatures From Binaries. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017. 99–116.Google ScholarGoogle Scholar
  12. James A. Clause, Wanchun Li, and Alessandro Orso. 2007. Dytan: a generic dynamic taint analysis framework. In Proceedings of the ACM/SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2007, London, UK, July 9-12, 2007. 196–206.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Emanuele Cozzi, Mariano Graziano, Yanick Fratantonio, and Davide Balzarotti. 2018. Understanding Linux Malware. In 2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, 21-23 May 2018, San Francisco, California, USA. 161–175.Google ScholarGoogle Scholar
  14. Cuckoo. 2014. Cuckoo Sandbox. https://cuckoosandbox.org/ .Google ScholarGoogle Scholar
  15. Manuvir Das, Sorin Lerner, and Mark Seigle. 2002. ESP: Path-Sensitive Program Verification in Polynomial Time. In Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Berlin, Germany, June 17-19, 2002. 57–68.Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Saumya K. Debray, Robert Muth, and Matthew Weippert. 1998. Alias Analysis of Executable Code. In POPL ’98, Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Diego, CA, USA, January 19-21, 1998. 12–24.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Alain Deutsch. 1994. Interprocedural May-Alias Analysis for Pointers: Beyond k-limiting. In Proceedings of the ACM SIGPLAN’94 Conference on Programming Language Design and Implementation (PLDI), Orlando, Florida, USA, June 20-24, 1994. 230–241.Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Isil Dillig, Thomas Dillig, and Alex Aiken. 2008. Sound, complete and scalable path-sensitive analysis. In Proceedings of the ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation, Tucson, AZ, USA, June 7-13, 2008. 270–280.Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Steven H. H. Ding, Benjamin C. M. Fung, and Philippe Charland. 2019. Asm2Vec: Boosting Static Representation Robustness for Binary Clone Search against Code Obfuscation and Compiler Optimization. In 40th IEEE Symposium on Security and Privacy, S&P 2019.Google ScholarGoogle ScholarCross RefCross Ref
  20. Alastair F. Donaldson, Alice Miller, and David Parker. 2009. Language-Level Symmetry Reduction for Probabilistic Model Checking. In QEST 2009, Sixth International Conference on the Quantitative Evaluation of Systems, Budapest, Hungary, 13-16 September 2009. 289–298.Google ScholarGoogle Scholar
  21. Maryam Emami, Rakesh Ghiya, and Laurie J. Hendren. 1994. Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers. In Proceedings of the ACM SIGPLAN’94 Conference on Programming Language Design and Implementation (PLDI), Orlando, Florida, USA, June 20-24, 1994. 242–256.Google ScholarGoogle Scholar
  22. Kostas Ferles, Valentin Wüstholz, Maria Christakis, and Isil Dillig. 2017. Failure-directed program trimming. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2017, Paderborn, Germany, September 4-8, 2017. 174–185.Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Jeanne Ferrante, Karl J. Ottenstein, and Joe D. Warren. 1987. The Program Dependence Graph and Its Use in Optimization. ACM Trans. Program. Lang. Syst. 9, 3 (1987), 319–349.Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Antonio Filieri, Carlo Ghezzi, and Giordano Tamburrelli. 2011. Run-time efficient probabilistic model checking. In Proceedings of the 33rd International Conference on Software Engineering, ICSE 2011, Waikiki, Honolulu , HI, USA, May 21-28, 2011. 341–350.Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Keith Brian Gallagher and James R. Lyle. 1991. Using Program Slicing in Software Maintenance. IEEE Trans. Software Eng. 17, 8 (1991), 751–761.Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Jaco Geldenhuys, Matthew B. Dwyer, and Willem Visser. 2012. Probabilistic symbolic execution. In International Symposium on Software Testing and Analysis, ISSTA 2012, Minneapolis, MN, USA, July 15-20, 2012. 166–176.Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. GrammaTech. 2008. CodeSurfer. https://www.grammatech.com/products/codesurfer .Google ScholarGoogle Scholar
  28. Sumit Gulwani and George C. Necula. 2003. Discovering affine equalities using random interpretation. In Conference Record of POPL 2003: The 30th SIGPLAN-SIGACT Symposium on Principles of Programming Languages, New Orleans, Louisisana, USA, January 15-17, 2003. 74–84.Google ScholarGoogle Scholar
  29. Sumit Gulwani and George C. Necula. 2004. Global value numbering using random interpretation. In Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2004, Venice, Italy, January 14-16, 2004. 342–352.Google ScholarGoogle Scholar
  30. Sumit Gulwani and George C. Necula. 2005. Precise interprocedural analysis using random interpretation. In Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2005, Long Beach, California, USA, January 12-14, 2005. 324–337.Google ScholarGoogle Scholar
  31. Wenbo Guo, Dongliang Mu, Min Du, Xinyu Xing, and Dawn Song. 2019. DEEPVSA: Facilitating Value-set Analysis with Deep Learning for Postmortem Program Analysis. In 28th USENIX Security Symposium, USENIX Security 2019.Google ScholarGoogle Scholar
  32. Matthias Hauswirth and Trishul M. Chilimbi. 2004. Low-overhead memory leak detection using adaptive statistical profiling. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2004, Boston, MA, USA, October 7-13, 2004. 156–164.Google ScholarGoogle Scholar
  33. Hex-Rays. 2008. IDA. https://www.hex- rays.com/products/ida .Google ScholarGoogle Scholar
  34. Martin Hirzel, Daniel von, Dincklage, Amer Diwan, and Michael Hind. 2007. Fast online pointer analysis. ACM Trans. Program. Lang. Syst. 29, 2 (2007), 11.Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Vineet Kahlon. 2008. Bootstrapping: a technique for scalable flow and context-sensitive pointer alias analysis. In Proceedings of the ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation, Tucson, AZ, USA, June 7-13, 2008. 249–259.Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Clemens Kolbitsch, Thorsten Holz, Christopher Kruegel, and Engin Kirda. 2010. Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries. In 31st IEEE Symposium on Security and Privacy, S&P 2010, 16-19 May 2010, Berleley/Oakland, California, USA. 29–44.Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Marta Z. Kwiatkowska, Gethin Norman, and David Parker. 2011. PRISM 4.0: Verification of Probabilistic Real-Time Systems. In Computer Aided Verification - 23rd International Conference, CAV 2011, Snowbird, UT, USA, July 14-20, 2011. Proceedings. 585–591.Google ScholarGoogle Scholar
  38. JongHyup Lee, Thanassis Avgerinos, and David Brumley. 2011. TIE: Principled Reverse Engineering of Types in Binary Programs. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2011, San Diego, California, USA, 6th February - 9th February 2011.Google ScholarGoogle Scholar
  39. Ondrej Lhoták and Kwok-Chiang Andrew Chung. 2011. Points-to analysis with efficient strong updates. In Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2011, Austin, TX, USA, January 26-28, 2011. 3–16.Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Yuekang Li, Bihuan Chen, Mahinthan Chandramohan, Shang-Wei Lin, Yang Liu, and Alwen Tiu. 2017. Steelix: program-state based binary fuzzing. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2017, Paderborn, Germany, September 4-8, 2017. 627–637.Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Donglin Liang and Mary Jean Harrold. 1999. Efficient Points-to Analysis for Whole-Program Analysis. In Software Engineering - ESEC/FSE’99, 7th European Software Engineering Conference, Held Jointly with the 7th ACM SIGSOFT Symposium on the Foundations of Software Engineering, Toulouse, France, September 1999, Proceedings. 199–215.Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Zhiqiang Lin, Xuxian Jiang, Dongyan Xu, and Xiangyu Zhang. 2008. Automatic Protocol Format Reverse Engineering through Context-Aware Monitored Execution. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2008, San Diego, California, USA, 10th February - 13th February 2008.Google ScholarGoogle Scholar
  43. Zhiqiang Lin, Xiangyu Zhang, and Dongyan Xu. 2010. Automatic Reverse Engineering of Data Structures from Binary Execution. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2010, San Diego, California, USA, 28th February - 3rd March 2010.Google ScholarGoogle Scholar
  44. Joseph P. Loyall and Susan A. Mathisen. 1993. Using Dependence Analysis to Support the Software Maintenance Process. In Proceedings of the Conference on Software Maintenance, ICSM 1993, Montréal, Quebec, Canada, September 1993. 282–291.Google ScholarGoogle Scholar
  45. Jérémie Lumbroso. 2013. Optimal discrete uniform generation from coin flips, and applications. arXiv preprint arXiv:1304.1916 (2013).Google ScholarGoogle Scholar
  46. Kenneth Miller, Yonghwi Kwon, Yi Sun, Zhuo Zhang, Xiangyu Zhang, and Zhiqiang Lin. 2019. Probabilistic Disassembly. In Proceedings of the 41st ACM/IEEE International Conference on Software Engineering (ICSE 2019).Google ScholarGoogle Scholar
  47. Robert Muth, Saumya Debray, Scott Watterson, Koen De Bosschere, and Vakgroep Elektronica En Informatiesystemen. 1998. alto: A link-time optimizer for the DEC Alpha. (1998).Google ScholarGoogle Scholar
  48. Andrew C. Myers. 1999. JFlow: Practical Mostly-Static Information Flow Control. In POPL ’99, Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Antonio, TX, USA, January 20-22, 1999. 228–241.Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. James Newsome and Dawn Xiaodong Song. 2005. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2005, San Diego, California, USA.Google ScholarGoogle Scholar
  50. Karina Olmos and Eelco Visser. 2005. Composing Source-to-Source Data-Flow Transformations with Rewriting Strategies and Dependent Dynamic Rewrite Rules. In Compiler Construction, 14th International Conference, CC 2005, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2005, Edinburgh, UK, April 4-8, 2005, Proceedings. 204–220.Google ScholarGoogle Scholar
  51. Vijay Krishna Palepu, Guoqing (Harry) Xu, and James A. Jones. 2013. Improving efficiency of dynamic analysis with dynamic dependence summaries. In 2013 28th IEEE/ACM International Conference on Automated Software Engineering, ASE 2013, Silicon Valley, CA, USA, November 11-15, 2013. 59–69.Google ScholarGoogle Scholar
  52. Pancake. 2018. Radare2. https://rada.re/r/ .Google ScholarGoogle Scholar
  53. Mathias Payer, Antonio Barresi, and Thomas R. Gross. 2015. Fine-Grained Control-Flow Integrity Through Binary Hardening. In Detection of Intrusions and Malware, and Vulnerability Assessment - 12th International Conference, DIMVA 2015, Milan, Italy, July 9-10, 2015, Proceedings. 144–164.Google ScholarGoogle Scholar
  54. Fei Peng, Zhui Deng, Xiangyu Zhang, Dongyan Xu, Zhiqiang Lin, and Zhendong Su. 2014. X-Force: Force-Executing Binary Programs for Security Applications. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014. 829–844.Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Anh Quach, Aravind Prakash, and Lok-Kwong Yan. 2018. Debloating Software through Piece-Wise Compilation and Loading. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018. 869–886.Google ScholarGoogle Scholar
  56. Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, and Herbert Bos. 2017. VUzzer: Applicationaware Evolutionary Fuzzing. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017.Google ScholarGoogle Scholar
  57. Andrei Sabelfeld and Andrew C. Myers. 2003. Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21, 1 (2003), 5–19.Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. Andreas Sæbjørnsen, Jeremiah Willcock, Thomas Panas, Daniel J. Quinlan, and Zhendong Su. 2009. Detecting code clones in binary executables. In Proceedings of the Eighteenth International Symposium on Software Testing and Analysis, ISSTA 2009, Chicago, IL, USA, July 19-23, 2009. 117–128.Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. Eui Chul Richard Shin, Dawn Song, and Reza Moazzezi. 2015. Recognizing Functions in Binaries with Neural Networks. In 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015. 611–626.Google ScholarGoogle Scholar
  60. Asia Slowinska, Traian Stancescu, and Herbert Bos. 2011. Howard: A Dynamic Excavator for Reverse Engineering Data Structures. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2011, San Diego, California, USA, 6th February - 9th February 2011.Google ScholarGoogle Scholar
  61. Dawn Xiaodong Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Gyung Kang, Zhenkai Liang, James Newsome, Pongsin Poosankam, and Prateek Saxena. 2008. BitBlaze: A New Approach to Computer Security via Binary Analysis. In Information Systems Security, 4th International Conference, ICISS 2008, Hyderabad, India, December 16-20, 2008. Proceedings. 1–25.Google ScholarGoogle Scholar
  62. Bjarne Steensgaard. 1996. Points-to Analysis in Almost Linear Time. In Conference Record of POPL’96: The 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Papers Presented at the Symposium, St. Petersburg Beach, Florida, USA, January 21-24, 1996. 32–41.Google ScholarGoogle Scholar
  63. Bjorn De Sutter, Bruno De Bus, Koenraad De Bosschere, P. Keyngnaert, and Bart Demoen. 2000. On the Static Analysis of Indirect Control Transfers in Binaries. In Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications, PDPTA 2000, June 24-29, 2000, Las Vegas, Nevada, USA.Google ScholarGoogle Scholar
  64. Henrik Theiling. 2000. Extracting safe and precise control flow from binaries. In 7th International Workshop on Real-Time Computing and Applications Symposium (RTCSA 2000), 12-14 December 2000, Cheju Island, South Korea. 23–30.Google ScholarGoogle ScholarCross RefCross Ref
  65. Rei Thiessen and Ondrej Lhoták. 2017. Context transformations for pointer analysis. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, Barcelona, Spain, June 18-23, 2017. 263–277.Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. Neil Toronto, Jay McCarthy, and David Van Horn. 2015. Running Probabilistic Programs Backwards. In Programming Languages and Systems - 24th European Symposium on Programming, ESOP 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015. Proceedings. 53–79.Google ScholarGoogle Scholar
  67. UCSB. 2008. ANGR. https://angr.io/ .Google ScholarGoogle Scholar
  68. VirusTotal. 2018. VirusTotal. https://www.virustotal.com/ .Google ScholarGoogle Scholar
  69. Shuai Wang, Wenhao Wang, Qinkun Bao, Pei Wang, XiaoFeng Wang, and Dinghao Wu. 2017. Binary Code Retrofitting and Hardening Using SGX. In Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, [email protected] 2017, Dallas, TX, USA, November 3, 2017. 43–49.Google ScholarGoogle ScholarDigital LibraryDigital Library
  70. Guoqing (Harry) Xu and Atanas Rountev. 2008. Merging equivalent contexts for scalable heap-cloning-based contextsensitive points-to analysis. In Proceedings of the ACM/SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2008, Seattle, WA, USA, July 20-24, 2008. 225–236.Google ScholarGoogle ScholarDigital LibraryDigital Library
  71. Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, and Dawn Song. 2017. Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017. 363–376.Google ScholarGoogle ScholarDigital LibraryDigital Library
  72. Zhaogui Xu, Xiangyu Zhang, Lin Chen, Kexin Pei, and Baowen Xu. 2016. Python probabilistic type inference with natural language support. In Proceedings of the 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, FSE 2016, Seattle, WA, USA, November 13-18, 2016. 607–618.Google ScholarGoogle ScholarDigital LibraryDigital Library
  73. Jun Yang and Rajiv Gupta. 2002. Frequent value locality and its applications. ACM Transactions on Embedded Computing Systems (TECS) 1, 1 (2002), 79–105.Google ScholarGoogle ScholarDigital LibraryDigital Library
  74. Heng Yin, Dawn Xiaodong Song, Manuel Egele, Christopher Kruegel, and Engin Kirda. 2007. Panorama: capturing systemwide information flow for malware detection and analysis. In Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, October 28-31, 2007. 116–127.Google ScholarGoogle ScholarDigital LibraryDigital Library
  75. Wei You, Zhuo Zhang, Yonghwi Kwon, Yousra Aafer, Fei Peng, Yu Shi, Carson Harmon, and Xiangyu Zhang. 2020. PMP: Cost-effective Forced Execution with Probabilistic Memory Pre-planning. In 2020 IEEE Symposium on Security and Privacy, SP 2020, Proceedings, 18-20 May 2020, San Francisco, California, USA. IEEE Computer Society.Google ScholarGoogle Scholar
  76. Junyuan Zeng, Yangchun Fu, Kenneth A. Miller, Zhiqiang Lin, Xiangyu Zhang, and Dongyan Xu. 2013. Obfuscation resilient binary code reuse through trace-oriented programming. In 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS’13, Berlin, Germany, November 4-8, 2013. 487–498.Google ScholarGoogle ScholarDigital LibraryDigital Library
  77. Zhuo Zhang, Wei You, Guanhong Tao, Guannan Wei, Yonghwi Kwon, and Xiangyu Zhang. 2019a. BDA. https://github.com/ bda- tool/bda .Google ScholarGoogle Scholar
  78. Zhuo Zhang, Wei You, Guanhong Tao, Guannan Wei, Yonghwi Kwon, and Xiangyu Zhang. 2019b. BDA Supplementary Material. https://github.com/bda- tool/bda/blob/master/Supplementary_Material.pdf .Google ScholarGoogle Scholar
  79. Xin Zheng and Radu Rugina. 2008. Demand-driven alias analysis for C. In Proceedings of the 35th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2008, San Francisco, California, USA, January 7-12, 2008. 197–208.Google ScholarGoogle ScholarDigital LibraryDigital Library
  80. Yutao Zhong and Wentao Chang. 2008. Sampling-based program locality approximation. In Proceedings of the 7th International Symposium on Memory Management, ISMM 2008, Tucson, AZ, USA, June 7-8, 2008. 91–100.Google ScholarGoogle ScholarDigital LibraryDigital Library
  81. Erzhou Zhu, Feng Liu, Zuo Wang, Alei Liang, Yiwen Zhang, Xuejian Li, and Xuejun Li. 2015. Dytaint: The implementation of a novel lightweight 3-state dynamic taint analysis framework for x86 binary programs. Computers & Security 52 (2015), 51–69.Google ScholarGoogle Scholar

Index Terms

  1. BDA: practical dependence analysis for binary executables by unbiased whole-program path sampling and per-path abstract interpretation

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!