Seminar details


Ensimag Amphi H

20 October 2017 - 10h15
Reverse Engineering binary code in one execution - A lightweight function based dynamic execution. (Phd Defense)
by Franck De Goer from LIG/VASCO et VERIMAG/PACSS



Abstract: In this thesis we propose a new approach for dynamic analysis of binary codes. This work takes place in the context of reverse engineering of binary codes, with some security-oriented objectives ins mind. like malware analysis or vulnerability detection.
In particular we aim to retrieve high-level information from a binary program through a single code execution. Typical information we are interested in are function prototypes, function ``coupling'' (input-output data-flow relations between functions) and retrieving dynamic
memory allocators. The approach we proposed is based on heuristics in order to efficiently analyze large programs. Experiments show that the results obtained remain accurate enough, with respect to more expensive analysis techniques.
Our approach is guided by the following principles: 1) universality - assumptions on the target programs are weak (no need to re-compile the code, can be applied on stripped binaries), 2) scalability - the analysis is light enough to deal with large programs,
3) accuracy favouring correctness - we try to minimize as much as possible the number of false positives (e.g., detecting spurious parameters on a given function).



Composition du Jury
Roland Groz
Professeur, Grenoble INP, Directeur de these
Laurent Mounier
Maître de conférences, Université Grenoble Alpes, CoDirecteur de these
Kavé Salamatian
Professeur des universités, Université de Savoie, Examinateur
Valérie Viet Triem Tong
Professeur associé, Centrale Supelec, Rapporteur
Jacques Klein
Senior Research scientist, Université du Luxembourg , Rapporteur
Andy King
Professeur, University of Kent, Examinateur
Sarah Zennou
Ingénieur de recherche, Airbus Group, Examinateur
Marion Videau
Maître de conférences, LORIA, Examinateur

Contact | Site Map | Site powered by SPIP 4.2.8 + AHUNTSIC [CC License]

info visites 3900490