{"title":"软件可执行文件的静态分析","authors":"David Melski, T. Teitelbaum, T. Reps","doi":"10.1109/CATCH.2009.42","DOIUrl":null,"url":null,"abstract":"In recent years, there has been a growing need for tools that an analyst can use to understand the workings of COTS software as well as malicious code. Static analysis provides techniques that can help with such problems; however, there are several obstacles that must be overcome, including the absence of source code and the difficulty of analyzing machine code. We have created CodeSurfer/x86, a prototype tool for browsing, inspecting, and analyzing x86 executables. From an x86 executable, CodeSurfer/x86 recovers intermediate representations that are similar to what would be created by a compiler for a program written in a high-level language. These facilities provide a platform for the development of additional tools for analyzing the security properties of executables. CodeSurfer/x86 analyses are automatically generated from a formal specification of the x86 instruction semantics. This makes the analyses more accurate and robust, and makes it easier to retarget the tool to analyze executables for other platforms besides x86.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Static Analysis of Software Executables\",\"authors\":\"David Melski, T. Teitelbaum, T. Reps\",\"doi\":\"10.1109/CATCH.2009.42\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, there has been a growing need for tools that an analyst can use to understand the workings of COTS software as well as malicious code. Static analysis provides techniques that can help with such problems; however, there are several obstacles that must be overcome, including the absence of source code and the difficulty of analyzing machine code. We have created CodeSurfer/x86, a prototype tool for browsing, inspecting, and analyzing x86 executables. From an x86 executable, CodeSurfer/x86 recovers intermediate representations that are similar to what would be created by a compiler for a program written in a high-level language. These facilities provide a platform for the development of additional tools for analyzing the security properties of executables. CodeSurfer/x86 analyses are automatically generated from a formal specification of the x86 instruction semantics. This makes the analyses more accurate and robust, and makes it easier to retarget the tool to analyze executables for other platforms besides x86.\",\"PeriodicalId\":130933,\"journal\":{\"name\":\"2009 Cybersecurity Applications & Technology Conference for Homeland Security\",\"volume\":\"9 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-03-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Cybersecurity Applications & Technology Conference for Homeland Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CATCH.2009.42\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CATCH.2009.42","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
In recent years, there has been a growing need for tools that an analyst can use to understand the workings of COTS software as well as malicious code. Static analysis provides techniques that can help with such problems; however, there are several obstacles that must be overcome, including the absence of source code and the difficulty of analyzing machine code. We have created CodeSurfer/x86, a prototype tool for browsing, inspecting, and analyzing x86 executables. From an x86 executable, CodeSurfer/x86 recovers intermediate representations that are similar to what would be created by a compiler for a program written in a high-level language. These facilities provide a platform for the development of additional tools for analyzing the security properties of executables. CodeSurfer/x86 analyses are automatically generated from a formal specification of the x86 instruction semantics. This makes the analyses more accurate and robust, and makes it easier to retarget the tool to analyze executables for other platforms besides x86.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
