Vine, on the other hand, looks really interesting. The idea of combining static analysis with a satisfiability solver and automated theorem prover is well met. I wasn’t aware of CVC3, which looks like an interesting project.

The nice part about this research is that it moves us beyond pattern-matching and using IDA Pro import signatures for binary analysis. However, there is still little research published on pattern-matching for both malware and vulnerability-finding techniques in binaries. The only books I can cite are Reversing: Secret of Reverse Engineering (Chapter 7 for finding vulnerabilities in binaries), and The Art of Computer Virus Research and Defense, section 15.4.3. The bugreport project is probably the only open-source project out there for this specific purpose (although FindBugs and FxCop are nice — Java and .NET can already be decompiled). Commercial tools such as Veracode SecurityReview and Aspect Check aren’t available as products to purchase, so the patterns used are unknown to the community.

Mark/John/Justin even expressed concern on their website, saying that there is “a void in the market for a good binary analysis book focusing on security”.

I’ve always wondered where/when there was going to be more research on extracting UML from C++/Java/C# binaries. Alternatively, it could be a different ADL. I see a strong future for dependency injection in frameworks such as Spring MVC for this purpose. Analyzing the UML without the class files themselves would be more difficult for finding classic vulnerabilities, but the diagrams can be helpful to determine problem areas — especially in the domain logic, access-control, or for attack-path purposes.

Malware, backdoor, and protocol dissection are still interesting research topics, so thanks for the link to the BitBlaze project.