Publication Type

Conference Proceeding Article

Publication Date

12-2012

Abstract

Techniques have been proposed to find the semantic differences between two binary programs when the source code is not available. Analyzing control flow, and in particular, intra-procedural control flow, has become an attractive technique in the latest binary diffing tools since it is more resistant to syntactic, but non-semantic, differences. However, this makes such techniques vulnerable to simple function obfuscation techniques (e.g., function inlining) attackers any malware writers could use. In this paper, we first show function obfuscation as an attack to such binary diffing techniques, and then propose iBinHunt which uses deep taint and automatic input generation to find semantic differences in inter-procedural control flows. Evaluation on comparing various versions of a http server and gzip shows that iBinHunt not only is capable of comparing inter-procedural control flows of two programs, but offers substantially better accuracy and efficiency in binary diffing.

Keywords

binary diffing, semantic difference, taint analysis

Discipline

Information Security | Software Engineering

Research Areas

Cybersecurity

Publication

Information Security and Cryptology - ICISC 2012: 15th International Conference, Seoul, Korea, November 28-30, 2012: Revised Selected Papers

Volume

7839

First Page

92

Last Page

109

ISBN

9783642376818

Identifier

10.1007/978-3-642-37682-5_8

Publisher

Springer Verlag

City or Country

Berlin

Creative Commons License

Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Additional URL

http://dx.doi.org/10.1007/978-3-540-85886-7_9

Share

COinS