Knowledge-Oriented Binary Analysis

Abstract:

Binary analysis has always been the cornerstone of system security given the prevalence of binary-only software and the improved fidelity it provides. By analyzing the challenges faced by existing approaches of binary analysis, we have identified knowledge as the most important abstraction for binary analysis at scale. Binary analysis can be characterized as a process where knowledge is obtained, corrected, and applied. In this proposal, we investigate how knowledge can be automatically recovered, minimizing the knowledge required for binary analysis and how can these knowledge be effectively managed. For knowledge extraction, we present EKLAVYA , a method of recovering function argument signatures using a recurrent neural network and methods to understand the results. In addition, TAINTINDUCE is an inductive method to learn taint rules with minimal architecture knowledge and developed a proof-of-concept universal taint engine using it. Finally, as an ongoing work, we propose a new binary analysis framework that is based on a knowledge-oriented methodology. This is achieved by de-coupling results of analyses and methods that generate them, storing them as sessions allowing for different views to be built on top of while keeping track of the result dependencies. The knowledge-oriented paradigm allows us to effectively share knowledge and make use inherently probabilistic results, e.g., heuristics or learning. Concretely, we want to show the efficacy of a knowledge-oriented through the development of a cross-architecture re-assembler for ARM and x86 using the framework.