Extracting Models of Security-Sensitive Operations Using String-Enhanced White-Box Exploration on Binaries

Free registration required

Executive Summary

Models of security-sensitive code enable reasoning about the security implications of code. In this paper the authors present an approach for extracting models of security-sensitive operations directly from program binaries, which lets third-party analysts reason about a program when the source code is not available. The approach is based on string-enhanced white-box exploration, a new technique that improves the effectiveness of current white-box exploration techniques on programs that use strings, by reasoning directly about string operations, rather than about the individual byte-level operations that comprise them.

  • Format: PDF
  • Size: 218.1 KB