WYSINWYX: What You See Is Not What You eXecute Seminars/Workshops
Speaker: | Gogul Balakrishnan |
---|---|
Time: | 2009-06-02 ~ 02 |
Place: | Room 308, Bldg 302, SNU |
Abstract
What You See Is Not What You eXecute: computers do not execute
source-code programs; they execute machine-code programs that are
generated from source code. Not only can the WYSINWYX phenomenon
create a mismatch between what a programmer intends and what is
actually executed by the processor, it can cause analyses that are
performed on source code -- which is the approach followed by most
security-analysis tools -- to fail to detect bugs and security
vulnerabilities. Moreover, source code is not available for a lot of
programs such as viruses, worms, Commercial Off the Shelf (COTS)
components, etc.
In this talk, I will highlight some of the advantages of analyzing
executables directly, and discuss the algorithms we have developed to
recover information from stripped executables about the memory-access
operations that the program performs. These algorithms are used in the
CodeSurfer/x86 tool to construct intermediate representations that are
used for browsing, inspecting, and analyzing stripped x86 executables.
Finally, I will show the results of using CodeSurfer/x86 to find bugs in
Windows Device Drivers.
Joint work with T. Reps (UW), J. Lim (UW), and T. Teitelbaum
(Cornell and GrammaTech, Inc.).
Resources
[ List ]