Context-sensitive analysis without calling-context


Autoria(s): Lakhotia, Arun; Boccardo, Davidson R.; Singh, Anshuman; Manacero Jr., Aleardo
Contribuinte(s)

Universidade Estadual Paulista (UNESP)

Data(s)

27/05/2014

27/05/2014

01/09/2010

Resumo

Since Sharir and Pnueli, algorithms for context-sensitivity have been defined in terms of 'valid' paths in an interprocedural flow graph. The definition of valid paths requires atomic call and ret statements, and encapsulated procedures. Thus, the resulting algorithms are not directly applicable when behavior similar to call and ret instructions may be realized using non-atomic statements, or when procedures do not have rigid boundaries, such as with programs in low level languages like assembly or RTL. We present a framework for context-sensitive analysis that requires neither atomic call and ret instructions, nor encapsulated procedures. The framework presented decouples the transfer of control semantics and the context manipulation semantics of statements. A new definition of context-sensitivity, called stack contexts, is developed. A stack context, which is defined using trace semantics, is more general than Sharir and Pnueli's interprocedural path based calling-context. An abstract interpretation based framework is developed to reason about stack-contexts and to derive analogues of calling-context based algorithms using stack-context. The framework presented is suitable for deriving algorithms for analyzing binary programs, such as malware, that employ obfuscations with the deliberate intent of defeating automated analysis. The framework is used to create a context-sensitive version of Venable et al.'s algorithm for analyzing x86 binaries without requiring that a binary conforms to a standard compilation model for maintaining procedures, calls, and returns. Experimental results show that a context-sensitive analysis using stack-context performs just as well for programs where the use of Sharir and Pnueli's calling-context produces correct approximations. However, if those programs are transformed to use call obfuscations, a contextsensitive analysis using stack-context still provides the same, correct results and without any additional overhead. © Springer Science+Business Media, LLC 2011.

Formato

275-313

Identificador

http://dx.doi.org/10.1007/s10990-011-9080-1

Higher-Order and Symbolic Computation, v. 23, n. 3, p. 275-313, 2010.

1388-3690

http://hdl.handle.net/11449/71846

10.1007/s10990-011-9080-1

2-s2.0-84855665553

Idioma(s)

eng

Relação

Higher-Order and Symbolic Computation

Direitos

closedAccess

Palavras-Chave #Analysis of binaries #Context-sensitive analysis #Deobfuscation #Obfuscation #Abstract interpretations #Automated analysis #Binary programs #Context sensitivity #Context-sensitive #Flow graph #Inter-procedural #Malwares #Path-based #Rigid boundaries #Trace semantics #Abstracting #Algorithms #Atoms #Semantics #Java programming language
Tipo

info:eu-repo/semantics/conferencePaper