Download Now Free registration required
Models of security-sensitive code enable reasoning about the security implications of code. In this paper the authors present an approach for extracting models of security-sensitive operations directly from program binaries, which lets third-party analysts reason about a program when the source code is not available. The approach is based on string-enhanced white-box exploration, a new technique that improves the effectiveness of current white-box exploration techniques on programs that use strings, by reasoning directly about string operations, rather than about the individual byte-level operations that comprise them.
- Format: PDF
- Size: 218.1 KB