Wire - a formal intermediate language for binary analysis
conference contribution
posted on 2012-01-01, 00:00authored bySilvio Cesare, Yang Xiang
Wire is a intermediate language to enable static program analysis on low level objects such as native executables. It has practical benefit in analysing the structure and semantics of malware, or for identifying software defects in closed source software. In this paper we describe how an executable program is disassembled and translated to the Wire intermediate language. We define the formal syntax and operational semantics of Wire and discuss our justifications for its language features. We use Wire in our previous work Malwise, a malware variant detection system. We also examine applications for when a formally defined intermediate language is given. Our results include showing the semantic equivalence between obfuscated and non obfuscated code samples. These examples stem from the obfuscations commonly used by malware.
History
Event
IEEE International Conference on Trust, Security and Privacy in Computing and Communications (11th : 2012 : Liverpool, England)
Pagination
515 - 524
Publisher
IEEE
Location
Liverpool, England
Place of publication
Piscataway, N. J.
Start date
2012-06-25
End date
2012-06-27
ISBN-13
9780769547459
ISBN-10
0769547451
Language
eng
Publication classification
E1 Full written paper - refereed
Copyright notice
2012, IEEE
Editor/Contributor(s)
G Min, Y Wu, L Lei, X Jin, S Jarvis, A Al-Dubai
Title of proceedings
TrustCom 2012 : Proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications