Filters








79 Hits in 4.7 sec

BIRD: Binary Interpretation using Runtime Disassembly

S. Nanda, Wei Li, Lap-Chung Lam, Tzi-cker Chiueh
International Symposium on Code Generation and Optimization (CGO'06)  
This paper presents the design, implementation, and evaluation of a binary analysis and instrumentation infrastructure for the Windows/x86 platform called BIRD (Binary Interpretation using Runtime Disassembly  ...  Instead of requiring a highfidelity instruction set architectural emulator, BIRD combines static disassembly with an on-demand dynamic disassembly approach to guarantee that each instruction in a binary  ...  We are currently enhancing the instrumentation API for BIRD so that it can be used as a general binary instrumentation system.  ... 
doi:10.1109/cgo.2006.6 dblp:conf/cgo/NandaLLC06 fatcat:izd7wi6bovft5k523m6nbyypba

Foreign Code Detection on the Windows/X86 Platform

Susanta Nanda, Wei Li, Lap-chung Lam, Tzi-cker Chiueh
2006 Proceedings of the Computer Security Applications Conference  
FOOD verifies the legitimacy of binary images involved in process creation and library loading to ensure that only authorized binaries are used in these operations.  ...  One particular way to lock down a user computer is to guarantee that only authorized binary programs are allowed to run on that computer.  ...  In fact, BIRD itself uses binary instrumentation to redirect all indirect calls/jumps to its runtime engine.  ... 
doi:10.1109/acsac.2006.29 dblp:conf/acsac/NandaLLC06 fatcat:37nmb3gxe5aztd2h2kslv6uqhu

Hijacker: Efficient static software instrumentation with applications in high performance computing: Poster paper

Alessandro Pellegrini
2013 2013 International Conference on High Performance Computing & Simulation (HPCS)  
Static Binary Instrumentation is a technique that allows compile-time program manipulation.  ...  This technique has been effectively used, e.g., to support code profiling, performance analysis, error detection, attack detection, or behavior monitoring.  ...  BIRD [11] is a binary rewriting platform for Windows/x86 only.  ... 
doi:10.1109/hpcsim.2013.6641486 dblp:conf/ieeehpcs/Pellegrini13 fatcat:clmaui4t55hppl5jvbvmrxi4fq

How to Automatically and Accurately Sandbox Microsoft IIS

Wei Li, Lap-chung Lam, Tzi-cker Chiueh
2006 Proceedings of the Computer Security Applications Conference  
BASS is built on a binary interpretation and analysis infrastructure called BIRD, which can handle application binaries with dynamically linked libraries, exception handlers and multi-threading, and has  ...  paper describes the design, implementation and evaluation of a sandboxing system called BASS 1 that can automatically extract a highly accurate application-specific sandboxing policy from a Win32/X86 binary  ...  Runtime interception is through direct binary re-writing. This check-and-invoke logic forms the run-time engine of BIRD.  ... 
doi:10.1109/acsac.2006.31 dblp:conf/acsac/LiLC06 fatcat:sgyezih7s5gxteqvnjbaok64yu

PEBIL: Efficient static binary instrumentation for Linux

Michael A. Laurenzano, Mustafa M. Tikir, Laura Carrington, Allan Snavely
2010 2010 IEEE International Symposium on Performance Analysis of Systems & Software (ISPASS)  
To this end, PEBIL uses function level code relocation in order to insert large but fast control structures.  ...  There are two main approaches to binary instrumentation: static and dynamic binary instrumentation.  ...  BIRD [14] is a binary rewriting platform for Windows/x86.  ... 
doi:10.1109/ispass.2010.5452024 dblp:conf/ispass/LaurenzanoTCS10 fatcat:yhrzzw2ifnfcfjz46mqjipf7qy

Automated Format String Attack Prevention for Win32/X86 Binaries

Wei Li, Tzi-cker Chiueh
2007 Proceedings of the Computer Security Applications Conference  
Moreover, none of them has been applied to commercially distributed Win32 binaries.  ...  This paper describes the design, implementation and evaluation of a Win32 binary transformation tool called Lisbon, which transparently inserts into Win32 binaries additional checks that protect them from  ...  However, to safely instrument executable binaries requires 100% disassembly accuracy. To achieve 100% disassembly accuracy, BIRD performs both static and dynamic disassembly.  ... 
doi:10.1109/acsac.2007.4413006 fatcat:4nd2mx6pkvhkxnkh5jzcarxhfa

Automated Format String Attack Prevention for Win32/X86 Binaries

Wei Li, Tzi-cker Chiueh
2007 Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)  
Moreover, none of them has been applied to commercially distributed Win32 binaries.  ...  This paper describes the design, implementation and evaluation of a Win32 binary transformation tool called Lisbon, which transparently inserts into Win32 binaries additional checks that protect them from  ...  However, to safely instrument executable binaries requires 100% disassembly accuracy. To achieve 100% disassembly accuracy, BIRD performs both static and dynamic disassembly.  ... 
doi:10.1109/acsac.2007.23 dblp:conf/acsac/LiC07 fatcat:fyn7sm54oraptgdhldhjglzp6q

SaBRe: load-time selective binary rewriting

Paul-Antoine Arras, Anastasios Andronidis, Luís Pina, Karolis Mituzas, Qianyi Shu, Daniel Grumberg, Cristian Cadar
2022 International Journal on Software Tools for Technology Transfer (STTT)  
We present SaBRe, a load-time system for selective binary rewriting.  ...  We also discuss the theoretical underpinnings of disassembling and rewriting.  ...  BIRD partly relies on dynamic speculative disassembly, which incurs a significant runtime overhead. Both of them are specifically aimed at Windows binaries.  ... 
doi:10.1007/s10009-021-00644-w fatcat:t3wufyp2rzga5dpi3xhykbmski

An Evaluation of WebAssembly and eBPF as Offloading Mechanisms in the Context of Computational Storage [article]

Wenjun Huang, Marcus Paradies
2021 arXiv   pre-print
For many use cases, the host endianness is not that relevant, as they do not involve parsing and interpreting data at the byte level.  ...  Here is an example of this text format: (module (func (export "addTwo") (param i32 i32) (result i32) local.get 0 local.get 1 i32.add)) One can also disassemble WebAssembly binaries using wasm- objdump:  ... 
arXiv:2111.01947v1 fatcat:ouwh2zauxngjhbagwvgmqktcjm

Efficient fine-grained binary instrumentationwith applications to taint-tracking

Prateek Saxena, R Sekar, Varun Puranik
2008 Proceedings of the sixth annual IEEE/ACM international symposium on Code generation and optimization - CGO '08  
In contrast, source-code based techniques have achieved better performance using high level optimizations.  ...  For instance, previous software based techniques for taint-tracking on binary code have typically slowed down programs by a factor of 3 or more.  ...  For instance, our approach can work well with robust disassembly techniques that rely on a hybrid approach, such as BIRD [21] , which perform static disassembly of most code, while relying on runtime disassembly  ... 
doi:10.1145/1356058.1356069 dblp:conf/cgo/SaxenaSP08 fatcat:62gg3bzz6rcrddwuxgmws576me

Alternating Control Flow Reconstruction [chapter]

Johannes Kinder, Dmitry Kravchenko
2012 Lecture Notes in Computer Science  
We give an example instantiation of our framework using dynamically observed execution traces and constant propagation.  ...  We provide an abstract interpretation framework for control flow reconstruction that alternates between over-and under-approximation.  ...  Related Work Several approaches use runtime control flow information to improve the results of analyzing binaries. Nanda et al. introduced hybrid disassembly in their tool BIRD [16] .  ... 
doi:10.1007/978-3-642-27940-9_18 fatcat:xowujkb34zashjthtzlbj6oj34

CoDisasm

Guillaume Bonfante, Jose Fernandez, Jean-Yves Marion, Benjamin Rouxel, Fabrice Sabatier, Aurélien Thierry
2015 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15  
Current state-of-the-art disassemblers fail to interpret these two common forms of obfuscation, causing an incorrect disassembly of large parts of the input.  ...  In this paper, we focus on the disassembly of x86 selfmodifying binaries with overlapping instructions.  ...  The platform BIRD of Nanda et al. [27] apply speculative disassembly by mixing static and dynamic techniques. The difference with our work is that BIRD is designed for non-obfuscated binaries.  ... 
doi:10.1145/2810103.2813627 dblp:conf/ccs/BonfanteFMRST15 fatcat:nmg5w4tktzckliwhg4qj5g65zm

Binary-code obfuscations in prevalent packer tools

Kevin A. Roundy, Barton P. Miller
2013 ACM Computing Surveys  
ASProtect-packed binaries carry a polymorphic code-generation engine which adds considerably to their size and to the difficulty of automatically reverse-engineering binaries that have been packed by ASProtect  ...  ASProtect (28856 bytes): ASProtect's large bootstrap code shares some code with ASPack, its sister tool, and its main features are likewise directed towards control-flow and anti-disassembler obfuscations  ...  Our Dyninst instrumenter and the Bird interpreter [Nanda et al. 2006 ] instead apply static code-parsing techniques before the program executes, and use dynamic instrumentation to identify gaps in that  ... 
doi:10.1145/2522968.2522972 fatcat:rqeni3v24rddlbfyvi3aiymgii

Retrofitting Security in COTS Software with Binary Rewriting [chapter]

Pádraig O'Sullivan, Kapil Anand, Aparna Kotha, Matthew Smithson, Rajeev Barua, Angelos D. Keromytis
2011 IFIP Advances in Information and Communication Technology  
Using SecondWrite, we insert a variety of defenses into program binaries.  ...  Our approach is based on SecondWrite, an advanced binary rewriter that operates without need for debugging information or other assist.  ...  Any opinions, findings, conclusions or recommendations expressed herein are those of the authors, and do not necessarily reflect those of the US Government, the Air Force, DARPA, or the NSF.  ... 
doi:10.1007/978-3-642-21424-0_13 fatcat:z3vwf5fnvbdevid47khggua644

A Survey of Binary Code Similarity [article]

Irfan Ul Haq, Juan Caballero
2019 arXiv   pre-print
(4) the benchmarks and methodologies used to evaluate them.  ...  Binary code similarity approaches compare two or more pieces of binary code to identify their similarities and differences.  ...  Out of 15 approaches, 5 use VINE provided by BITBLAZE (BIN-HUNT, IBINHUNT, COP, MXW2015, BINSIM), another 5 use VEX provided with VALGRIND (MULTI-MH, MOCKING-BIRD, CACOMPARE, GITZ, FIRMUP), and two use  ... 
arXiv:1909.11424v1 fatcat:dry5hbq3qjdvdnvrjaoxwoztlq
« Previous Showing results 1 — 15 out of 79 results