Towards robust instruction-level trace alignment of binary code

2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE) Pub Date : 2017-10-30 DOI:10.1109/ASE.2017.8115647

Ulf Kargén, N. Shahmehri

{"title":"Towards robust instruction-level trace alignment of binary code","authors":"Ulf Kargén, N. Shahmehri","doi":"10.1109/ASE.2017.8115647","DOIUrl":null,"url":null,"abstract":"Program trace alignment is the process of establishing a correspondence between dynamic instruction instances in executions of two semantically similar but syntactically different programs. In this paper we present what is, to the best of our knowledge, the first method capable of aligning realistically long execution traces of real programs. To maximize generality, our method works entirely on the machine code level, i.e. it does not require access to source code. Moreover, the method is based entirely on dynamic analysis, which avoids the many challenges associated with static analysis of binary code, and which additionally makes our approach inherently resilient to e.g. static code obfuscation. Therefore, we believe that our trace alignment method could prove to be a useful aid in many program analysis tasks, such as debugging, reverse-engineering, investigating plagiarism, and malware analysis. We empirically evaluate our method on 11 popular Linux programs, and show that it is capable of producing meaningful alignments in the presence of various code transformations such as optimization or obfuscation, and that it easily scales to traces with tens of millions of instructions.","PeriodicalId":382876,"journal":{"name":"2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE)","volume":"193 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"24","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ASE.2017.8115647","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 24

Abstract

Program trace alignment is the process of establishing a correspondence between dynamic instruction instances in executions of two semantically similar but syntactically different programs. In this paper we present what is, to the best of our knowledge, the first method capable of aligning realistically long execution traces of real programs. To maximize generality, our method works entirely on the machine code level, i.e. it does not require access to source code. Moreover, the method is based entirely on dynamic analysis, which avoids the many challenges associated with static analysis of binary code, and which additionally makes our approach inherently resilient to e.g. static code obfuscation. Therefore, we believe that our trace alignment method could prove to be a useful aid in many program analysis tasks, such as debugging, reverse-engineering, investigating plagiarism, and malware analysis. We empirically evaluate our method on 11 popular Linux programs, and show that it is capable of producing meaningful alignments in the presence of various code transformations such as optimization or obfuscation, and that it easily scales to traces with tens of millions of instructions.

查看原文本刊更多论文

对二进制代码的鲁棒指令级跟踪对齐

程序跟踪对齐是在执行两个语义相似但语法不同的程序时，在动态指令实例之间建立对应关系的过程。在本文中，据我们所知，我们提出了第一种能够实际地对齐实际程序的长执行轨迹的方法。为了使通用性最大化，我们的方法完全在机器码级别上工作，也就是说，它不需要访问源代码。此外，该方法完全基于动态分析，这避免了与二进制代码的静态分析相关的许多挑战，并且还使我们的方法具有固有的弹性，例如静态代码混淆。因此，我们相信我们的跟踪对齐方法可以证明在许多程序分析任务中是一个有用的帮助，例如调试、逆向工程、调查剽窃和恶意软件分析。我们在11个流行的Linux程序上对我们的方法进行了经验评估，并表明它能够在各种代码转换(如优化或混淆)的存在下产生有意义的对齐，并且它很容易扩展到具有数千万条指令的跟踪。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE)

自引率

0.00%

发文量