Deakin University
Browse

File(s) under permanent embargo

Similarity of binaries across optimization levels and obfuscation

conference contribution
posted on 2020-01-01, 00:00 authored by J Jiang, G Li, M Yu, Gang LiGang Li, C Liu, Z Lv, B Lv, W Huang
© Springer Nature Switzerland AG 2020. Binary code similarity evaluation has been widely applied in security. Unfortunately, the compiler optimization and obfuscation techniques exert challenges that have not been well addressed by existing approaches. In this paper, we propose a prototype, ImOpt, for re-optimizing code to boost similarity evaluation. The key contribution is an immediate SSA (static single-assignment) transforming algorithm to provide a very fast pointer analysis for re-optimizing more thoroughly. The algorithm transforms variables and even pointers into SSA form on the fly, so that the information on def-use and reachability can be maintained promptly. By utilizing the immediate SSA transforming algorithm, ImOpt canonicalizes and eliminates junk code to alleviate the perturbation from optimization and obfuscation. We illustrate that ImOpt can improve the accuracy of a state-of-the-art approach on similarity evaluation by 22.7%. Our experiment results demonstrate that the bottleneck part of our SSA transforming algorithm runs 15.7x faster than one of the best similar methods. Furthermore, we show that ImOpt is robust to many obfuscation techniques that based on data dependency.

History

Volume

12308

Pagination

295-315

Location

Online from Guilford, England

Start date

2020-09-14

End date

2020-09-18

ISSN

0302-9743

eISSN

1611-3349

ISBN-13

9783030589509

Language

eng

Publication classification

E1 Full written paper - refereed

Editor/Contributor(s)

Chen L, Li N, Liang K, Schneider S

Title of proceedings

ESORICS 2020 : Proceedings of the 25th European Symposium on Research in Computer Security

Event

Computer Security. Symposium (25th : 2020 : Online from Guilford, England)

Publisher

Springer

Place of publication

Cham, Switzerland

Series

Computer Security Symposium

Usage metrics

    Research Publications

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC