Knowledge-Oriented Binary Analysis

Abstract:

Binary analysis has always been the cornerstone of system security due to the prevalence of binary-only software and the improved fidelity it provides. By analyzing the challenges faced by existing approaches for binary analysis, we have identified the lack of knowledge abstraction as the most important problem for binary analysis at scale. Binary analysis can be characterized as a process where knowledge is obtained, corrected, and applied. In this thesis, we investigate how knowledge can be automatically recovered, how can we minimize the knowledge required for binary analysis and how can these knowledge be effectively managed. For knowledge extraction, we present EKLAVYA, a method for recovering function argument signatures using a recurrent neural network and techniques to understand the results. TAINTINDUCE is an inductive method to learn the data dependency of an instruction with minimal achitecture knowledge. Using TAINTINDUCE, we developed a proof-of-concept universal taint engine. As an on-going work, we propose and develop a new binary analysis framework that is based on a knowledge-oriented methodology called SQUIRREL. SQUIRREL is a knowledge management framework which de-couple results of analysis from methods that generate them, storing them as acorns(sessions) allowing for different views to be built on top while keeping track of the dependencies between results. The knowledge-oriented paradigm allows us to effectively share knowledge and make use of inherently probabilistic results, e.g., heuristics or learning. Concretely, we showcase the efficacy of such a knowledge-oriented approach by retrofitting two source-based security applications and also developing a reassembler, SQUIRRELREASM, for the ARM32 ISA using the framework.