SANER 2018

2018 IEEE 25th International Conference on Software Analysis, Evolution, and Reengineering (SANER), March 20-23, 2018, Campobasso, Italy

Desktop Layout

Binary Analysis
Technical Research Papers
Room 2
Efficient Features for Function Matching between Binary Executables
Chariton Karamitas and Athanasios Kehagias
(CENSUS, Greece; University of Thessaloniki, Greece)
Abstract: Binary diffing is the process of reverse engineering two programs, when source code is not available, in order to study their syntactic and semantic differences. For large programs, binary diffing can be performed by function matching which, in turn, is reduced to a graph isomorphism problem between the compared programs' CFGs (Control Flow Graphs) and/or CGs (Call Graphs). In this paper we provide a set of carefully chosen features, extracted from a binary's CG and CFG, which can be used by BinDiff algorithm variants to, first, build a set of initial exact matches with minimal false positives (by scanning for unique perfect matches) and, second, propagate approximate matching information using, for example, a nearest-neighbor scheme. Furthermore, we investigate the benefits of applying Markov lumping techniques to function CFGs (to our knowledge, this technique has not been previously studied). The proposed function features are evaluated in a series of experiments on various versions of the Linux kernel (Intel64), the OpenSSH server (Intel64) and Firefox's xul.dll (IA-32). Our prototype system is also compared to Diaphora, the current state-of-the-art binary diffing software.

Authors:


Time stamp: 2019-09-16T02:51:01+02:00