Stony Brook University Logo Department of Computer Science Stony Brook Search Button
Secure Systems Lab

Binary code analysis and transformation

In security research, we are often confronted with the problem of securing third party code that is available only in binary form. This necessitates the development of analysis and instrumentation techniques that work on binaries. There are other significant reasons for working with binary rather than source code: the ability to support programs written in multiple source languages, and independence from compiler optimizations. (With binary code, "what you see is what you execute.")

Our research is concerned with developing robust and efficient instrumentation techniques for binaries. Our earlier work was concerned with binary transformations for defending against memory corruption attacks  [4, 3]. More recently, we have been exploring the development of efficient taint analysis of binaries, and achieved a 3+ factor improvement in performance as compared to previous techniques  [2]. Our continuing research is concerned with the development of robust and efficient disassembly techniques, static analysis and optimization of binaries, etc. Based on these techniques, we are developing binary instrumentation techniques for sandboxing, fault and attack containment, integrity protection, and intrusion detection.

Related Publications

[1]  On the Limits of Information Flow Techniques for Malware Analysis and Containment
Lorenzo Cavallaro, Prateek Saxena and R. Sekar
Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008. (Supercedes SECLAB07-03, November 2007).
[2]  Efficient Fine-Grained Binary Instrumentation with Applications to Taint-Tracking
Prateek Saxena, R. Sekar and Varun Puranik
ACM/IEEE International Symposium on Code Generation and Optimization (CGO) April, 2008.
[3]  SELF: a Transparent Security Extension for ELF Binaries
Daniel DuVarney, V.N. Venkatakrishnan and Sandeep Bhatkar
New Security Paradigms Workshop (NSPW) August, 2003.
[4]  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits
Sandeep Bhatkar, Daniel DuVarney and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2003.
[5]  Empowering mobile code using expressive security policies
V.N. Venkatakrishnan, Ram Peri and R. Sekar
New Security Paradigms Workshop (NSPW) September, 2002.
Overview

Research Areas

Source-code analysis/transformation
Binary analysis/rewriting
Policy/Specification Languages
OS and Virtualization Techniques
Algorithms
Learning/anomaly detection
Formal methods/Foundations

Research Problems

Randomization/Memory Errors
Information flow analysis
Automated Exploit Defenses
Virtual Network Lab
Safe execution/attack recovery
Automated signature generation
Malware/Untrusted code defense
Intrusion/Anomaly detection
Fast packet matching
Policy generation tools

Local Search


Home Contact CEWIT Center for Cyber Security SFS Scholarships

Copyright © 1999-2009 Secure Systems Laboratory, Stony Brook University. All rights reserved.