Abstract
Static binary analysis is more difficult than if source code is available. In many cases, the analyses are unsound and behaviours are omitted to make problems feasible. Heuristics may be required to separate code and data in a disassembly or pointer behaviour may be weakly modelled to make statically analysing programs feasible. Nevertheless, static analysis of binaries is an important area of research with a number of practical applications including the detection of software theft and the classification and detection of malware. This chapter examines static analysis of binaries with the intent that properties and features of binary programs can be extracted to create useful birthmarks for software similarity and classification.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kruegel C, Robertson W, Valeur F, Vigna G (2004) Static disassembly of obfuscated binaries. In: USENIX security symposium, p 18
Dullien T, Porst S (2009) REIL: a platform-independent intermediate representation of disassembled code for static code analysis. In: CanSecWest applied security conference, 2009
Nethercote N, Seward J (2003) Valgrind a program supervision framework. Electron Notes Theor Comput Sci 89(2):44–66
Song D, Brumley D, Yin H, Caballero J, Jager I, Kang M, Liang Z, Newsome J, Poosankam P, Saxena P (2008) BitBlaze: a new approach to computer security via binary analysis. Information systems security, pp 1–25
Kästner D, Stephan W (2002) Generic control flow reconstruction from assembly code. SIGPLAN Not 37(7):46–55. doi:http://doi.acm.org/10.1145/566225.513839
Theiling H (2000) Extracting safe and precise control flow from binaries. Paper presented at the proceedings of the 7th international conference on real-time systems and applications
Johannes K, Florian Z, Helmut V (2009) An abstract interpretation-based framework for control flow reconstruction from binaries. Paper presented at the proceedings of the 10th international conference on verification, model checking, and abstract interpretation, Savannah
Cullen L, Saumya D (2003) Obfuscation of executable code to improve resistance to static disassembly. Paper presented at the proceedings of the 10th ACM conference on computer and communications security, Washington
Dalla Preda M, Madou M, De Bosschere K, Giacobazzi R (2006) Opaque predicates detection by abstract interpretation. Algebraic methodology and software technology, pp 81–95
Brumley D, Newsome J (2006) Alias analysis for assembly. Technical Report CMU-CS-06-180, Carnegie Mellon University School of Computer Science, 2006
Balakrishnan G, Reps T, Melski D, Teitelbaum T (2007) Wysinwyx: What you see is not what you execute. Verified software: theories, tools, experiments, pp 202–213
Leder F, Steinbock B, Martini P (2009) Classification and detection of metamorphic malware using value set analysis. In: Proceedings of 4th international conference on malicious and unwanted software (Malware 2009), Montreal, 2009
Debray KCS, Townsend TKG (2009) Automatic Static Unpacking of Malware Binaries. Paper presented at the working conference on reverse engineering—WCRE
Cifuentes C (1994) Reverse compilation techniques. Queensland University of Technology
Van Emmerik MJ (2007) Static single assignment for decompilation. The University of Queensland
Hex-Rays S (2008) IDA Pro Disassembler
Moretti E, Chanteperdrix G, Osorio A (2001) New algorithms for control-flow graph structuring. Paper presented at the software maintenance and reengineering
Wei T, Mao J, Zou W, Chen Y (2007) Structuring 2-way branches in binary executables. Paper presented at the international computer software and applications conference
Cesare S, Xiang Y (2010) Classification of malware using structured control flow. In: 8th Australasian symposium on parallel and distributed computing (AusPDC 2010)
Cesare S, Xiang Y (2010) A fast flowgraph based classification system for packed and polymorphic Malware on the Endhost. In: IEEE 24th international conference on advanced information networking and application (AINA)
Mycroft A (1999) Type-based decompilation. Lecture notes in computer science, vol 1576. Springer, Heidelberg, pp 208–223
Horspool RN, Marovac N (1979) An approach to the problem of detranslation of computer programs. Comput J 23(3):223–229
Moser A, Kruegel C, Kirda E (2007) Limits of static analysis for malware detection. In: Annual computer security applications conference (ACSAC), 2007
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2012 The Author(s)
About this chapter
Cite this chapter
Cesare, S., Xiang, Y. (2012). Static Analysis of Binaries. In: Software Similarity and Classification. SpringerBriefs in Computer Science. Springer, London. https://doi.org/10.1007/978-1-4471-2909-7_5
Download citation
DOI: https://doi.org/10.1007/978-1-4471-2909-7_5
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-4471-2908-0
Online ISBN: 978-1-4471-2909-7
eBook Packages: Computer ScienceComputer Science (R0)