On February 14th, Dawn Song of UC Berkeley held a seminar on binary analysis: TRUST Seminar: BitBlaze: a Binary-centric Approach to Computer Security. This seminar was open to the public.

Binary analysis is imperative for protecting COTS (common off-the-shelf) programs and analyzing and defending against the myriad of malicious code, where source code is unavailable, and the binary may even be obfuscated. Also, binary analysis provides the ground truth about program behavior since computers execute binaries (executables), not source code. In this talk, I will present the BitBlaze project, a binary-centric approach to computer security: how we can address a wide-spectrum of different security problems by analyzing program binaries and automatically extracting security related properties from them. In particular, I will describe the two central research directions of BitBlaze: (1) the design and development of the underlying BitBlaze Binary Analysis Platform, and (2) applying the BitBlaze Binary Analysis Platform to addressing real-world security problems, including automatic vulnerability signature generation, a unified framework for malware analysis, and automatic deviation detection.

Dawn Song is an Assistant Professor at UC Berkeley and oversees the BitBlaze binary analysis project.

About Chris Wysopal

Chris Wysopal, co-founder and CTO of Veracode, is recognized as an expert and a well-known speaker in the information security field. He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. At Veracode, Mr. Wysopal is responsible for the security analysis capabilities of Veracode technology.

Comments (1)

dre | February 2, 2008 11:00 pm

Vine and TEMU seem to be a lot like IDA Pro. I'm not certain what TEMU would have over using IDA Pro as a debugger, except some of the DBI work, which is probably best done using valgrind/catchconv.

Vine, on the other hand, looks really interesting. The idea of combining static analysis with a satisfiability solver and automated theorem prover is well met. I wasn't aware of <a href="http://www.cs.nyu.edu/acsys/cvc3/" rel="nofollow">CVC3</a>, which looks like an interesting project.

The nice part about this research is that it moves us beyond pattern-matching and using IDA Pro import signatures for binary analysis. However, there is still little research published on pattern-matching for both malware and vulnerability-finding techniques in binaries. The only books I can cite are Reversing: Secret of Reverse Engineering (Chapter 7 for finding vulnerabilities in binaries), and The Art of Computer Virus Research and Defense, section 15.4.3. The <a href="http://bugreport.sourceforge.net" rel="nofollow">bugreport</a> project is probably the only open-source project out there for this specific purpose (although FindBugs and FxCop are nice -- Java and .NET can already be decompiled). Commercial tools such as Veracode SecurityReview and Aspect Check aren't available as products to purchase, so the patterns used are unknown to the community.

Mark/John/Justin even <a href="http://taossa.com/index.php/suggestions/" rel="nofollow">expressed concern on their website</a>, saying that there is "a void in the market for a good binary analysis book focusing on security".

I've always wondered where/when there was going to be more research on extracting UML from C++/Java/C# binaries. Alternatively, it could be a different ADL. I see a strong future for dependency injection in frameworks such as Spring MVC for this purpose. Analyzing the UML without the class files themselves would be more difficult for finding classic vulnerabilities, but the diagrams can be helpful to determine problem areas -- especially in the domain logic, access-control, or for attack-path purposes.

Malware, backdoor, and protocol dissection are still interesting research topics, so thanks for the link to the BitBlaze project.

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.