File(s) under permanent embargo
Similarity of binaries across optimization levels and obfuscation
conference contribution
posted on 2020-01-01, 00:00 authored by J Jiang, G Li, M Yu, Gang LiGang Li, C Liu, Z Lv, B Lv, W Huang© Springer Nature Switzerland AG 2020. Binary code similarity evaluation has been widely applied in security. Unfortunately, the compiler optimization and obfuscation techniques exert challenges that have not been well addressed by existing approaches. In this paper, we propose a prototype, ImOpt, for re-optimizing code to boost similarity evaluation. The key contribution is an immediate SSA (static single-assignment) transforming algorithm to provide a very fast pointer analysis for re-optimizing more thoroughly. The algorithm transforms variables and even pointers into SSA form on the fly, so that the information on def-use and reachability can be maintained promptly. By utilizing the immediate SSA transforming algorithm, ImOpt canonicalizes and eliminates junk code to alleviate the perturbation from optimization and obfuscation. We illustrate that ImOpt can improve the accuracy of a state-of-the-art approach on similarity evaluation by 22.7%. Our experiment results demonstrate that the bottleneck part of our SSA transforming algorithm runs 15.7x faster than one of the best similar methods. Furthermore, we show that ImOpt is robust to many obfuscation techniques that based on data dependency.
History
Volume
12308Pagination
295-315Location
Online from Guilford, EnglandPublisher DOI
Start date
2020-09-14End date
2020-09-18ISSN
0302-9743eISSN
1611-3349ISBN-13
9783030589509Language
engPublication classification
E1 Full written paper - refereedEditor/Contributor(s)
Chen L, Li N, Liang K, Schneider STitle of proceedings
ESORICS 2020 : Proceedings of the 25th European Symposium on Research in Computer SecurityEvent
Computer Security. Symposium (25th : 2020 : Online from Guilford, England)Publisher
SpringerPlace of publication
Cham, SwitzerlandSeries
Computer Security SymposiumUsage metrics
Categories
No categories selectedKeywords
Licence
Exports
RefWorksRefWorks
BibTeXBibTeX
Ref. managerRef. manager
EndnoteEndnote
DataCiteDataCite
NLMNLM
DCDC