Skip to main content
SpringerLink
Log in

BitBlaze: A New Approach to Computer Security via Binary Analysis

  • Conference paper
Information Systems Security (ICISS 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5352))

Included in the following conference series:

Abstract

In this paper, we give an overview of the BitBlaze project, a new approach to computer security via binary analysis. In particular, BitBlaze focuses on building a unified binary analysis platform and using it to provide novel solutions to a broad spectrum of different security problems. The binary analysis platform is designed to enable accurate analysis, provide an extensible architecture, and combines static and dynamic analysis as well as program verification techniques to satisfy the common needs of security applications. By extracting security-related properties from binary programs directly, BitBlaze enables a principled, root-cause based approach to computer security, offering novel and effective solutions, as demonstrated with over a dozen different security applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CVC Lite documentation (Page checked 7/26/2008), http://www.cs.nyu.edu/acsys/cvcl/doc/

  2. The DOT language (Page checked 7/26/2008), http://www.graphviz.org/doc/info/lang.html

  3. On the run - building dynamic modifiers for optimization, detection, and security. Original DynamoRIO announcement via PLDI tutorial (June 2002)

    Google Scholar 

  4. ARM. ARM Architecture Reference Manual (2005) Doc. No. DDI-0100I

    Google Scholar 

  5. Balakrishnan, G.: WYSINWYX: What You See Is Not What You eXecute. PhD thesis, Computer Science Department, University of Wisconsin at Madison (August 2007)

    Google Scholar 

  6. Balakrishnan, G., Gruian, R., Reps, T., Teitelbaum, T.: Codesurfer/x86 - a platform for analyzing x86 executables. In: Proceedings of the International Conference on Compiler Construction (April 2005)

    Google Scholar 

  7. Brumley, D., Caballero, J., Liang, Z., Newsome, J., Song, D.: Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation. In: Proceedings of the USENIX Security Symposium, Boston, MA (August 2007)

    Google Scholar 

  8. Brumley, D., Hartwig, C., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Song, D.: Bitscope: Automatically dissecting malicious binaries. Technical Report CS-07-133, School of Computer Science, Carnegie Mellon University (March 2007)

    Google Scholar 

  9. Brumley, D., Hartwig, C., Liang, Z., Newsome, J., Poosankam, P., Song, D., Yin, H.: Automatically identifying trigger-based behavior in malware. In: Lee, W., Wang, C., Dagon, D. (eds.) Botnet Detection. Countering the Largest Security Threat Series: Advances in Information Security, vol. 36, Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  10. Brumley, D., Hartwig, C., Liang, Z., Newsome, J., Song, D., Yin, H.: Towards automatically identifying trigger-based behavior in malware using symbolic execution and binary analysis. Technical Report CMU-CS-07-105, Carnegie Mellon University School of Computer Science (January 2007)

    Google Scholar 

  11. Brumley, D., Newsome, J., Song, D., Wang, H., Jha, S.: Towards automatic generation of vulnerability-based signatures. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, pp. 2–16 (2006)

    Google Scholar 

  12. Brumley, D., Poosankam, P., Song, D., Zheng, J.: Automatic patch-based exploit generation is possible: Techniques and implications. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy (2008)

    Google Scholar 

  13. Brumley, D., Wang, H., Jha, S., Song, D.: Creating vulnerability signatures using weakest pre-conditions. In: Proceedings of Computer Security Foundations Symposium (July 2007)

    Google Scholar 

  14. Caballero, J., Yin, H., Liang, Z., Song, D.: Polyglot: Automatic extraction of protocol message format using dynamic binary analysis. In: Proceedings of the 14th ACM Conferences on Computer and Communication Security (CCS 2007) (October 2007)

    Google Scholar 

  15. Caballero, J., Yin, H., Liang, Z., Song, D.: Polyglot: Automatic extraction of protocol message format using dynamic binary analysis. In: Proceedings of the ACM Conference on Computer and Communications Security (October 2007)

    Google Scholar 

  16. Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding data lifetime via whole system simulation. In: Proceedings of the 13th USENIX Security Symposium (Security 2004) (August 2004)

    Google Scholar 

  17. Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P.: Vigilante: End-to-end containment of internet worms. In: In Proceedings of the Symposium on Systems and Operating Systems Principles (SOSP 2005) (2005)

    Google Scholar 

  18. Crandall, J.R., Chong, F.T.: Minos: Control data attack prevention orthogonal to memory model. In: Proceedings of the 37th International Symposium on Microarchitecture (MICRO 2004) (December 2004)

    Google Scholar 

  19. DataRescue. IDA Pro. (Page checked 7/31/2008), http://www.datarescue.com

  20. Dijkstra, E.W.: A Discipline of Programming. Prentice Hall, Englewood Cliffs (1976)

    MATH  Google Scholar 

  21. Ganesh, V., Dill, D.: STP: A decision procedure for bitvectors and arrays, http://theory.stanford.edu/~vganesh/stp

  22. Ganesh, V., Dill, D.L.: A decision procedure for bit-vectors and arrays. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 524–536. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  23. Intel Corporation. Intel 64 and IA-32 Architectures Software Developer’s Manual, Volumes 1-5 (April 2008)

    Google Scholar 

  24. Jackson, D., Rollins, E.J.: Chopping: A generalization of slicing. Technical Report CS-94-169, Carnegie Mellon University School of Computer Science (1994)

    Google Scholar 

  25. Kang, M.G., Poosankam, P., Yin, H.: Renovo: A hidden code extractor for packed executables. In: Proceedings of the 5th ACM Workshop on Recurring Malcode (WORM 2007) (October 2007)

    Google Scholar 

  26. Kruegel, C., Robertson, W., Valeur, F., Vigna, G.: Static disassembly of obfuscated binaries. In: Proceedings of the USENIX Security Symposium (2004)

    Google Scholar 

  27. Luk, C.-K., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V.J., Hazelwood, K.: Pin: Building customized program analysis tools with dynamic instrumentation. In: Proceedings of the ACM Conference on Programming Language Design and Implementation (June 2005)

    Google Scholar 

  28. Microsoft. Phoenix framework (Paged checked 7/31/2008), http://research.microsoft.com/phoenix/

  29. Microsoft. Phoenix project architect posting (Page checked 7/31/2008) (July 2008), http://forums.msdn.microsoft.com/en-US/phoenix/thread/90f5212c-05a-4aea-9a8f-a5840a6d101d

  30. Muchnick, S.S.: Advanced Compiler Design and Implementation. Academic Press, London (1997)

    Google Scholar 

  31. Nethercote, N.: Dynamic Binary Analysis and Instrumentation or Building Tools is Easy. PhD thesis, Trinity College, University of Cambridge (2004)

    Google Scholar 

  32. Newsome, J., Brumley, D., Franklin, J., Song, D.: Replayer: Automatic protocol replay by binary analysis. In: Write, R., De Capitani di Vimercati, S., Shmatikov, V. (eds.) Proceedings of the ACM Conference on Computer and Communications Security, pp. 311–321 (2006)

    Google Scholar 

  33. Newsome, J., Brumley, D., Song, D.: Sting: An end-to-end self-healing system for defending against zero-day worm attacks. Technical Report CMU-CS-05-191, Carnegie Mellon University School of Computer Science (2006)

    Google Scholar 

  34. Newsome, J., Brumley, D., Song, D.: Vulnerability-specific execution filtering for exploit prevention on commodity software. In: Proceedings of the 13th Annual Network and Distributed Systems Security Symposium, NDSS (2006)

    Google Scholar 

  35. Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS 2005) (February 2005)

    Google Scholar 

  36. Qemu, http://fabrice.bellard.free.fr/qemu/

  37. Simpson, L.T.: Value-Driven Redundancy Elimination. PhD thesis, Rice University Department of Computer Science (1996)

    Google Scholar 

  38. Suh, G.E., Lee, J.W., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. In: Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2004) (October 2004)

    Google Scholar 

  39. Tridgell, A.: How samba was written (Checked on 8/21/2008) (August 2003), http://www.samba.org/ftp/tridge/misc/french_cafe.txt

  40. Tucek, J., Newsome, J., Lu, S., Huang, C., Xanthos, S., Brumley, D., Zhou, Y., Song, D.: Sweeper: A lightweight end-to-end system for defending against fast worms. In: Proceedings of the EuroSys Conference (2007)

    Google Scholar 

  41. Valgrind, http://valgrind.org

  42. Yin, H., Liang, Z., Song, D.: HookFinder: Identifying and understanding malware hooking behaviors. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS 2008) (February 2008)

    Google Scholar 

  43. Yin, H., Song, D., Manuel, E., Kruegel, C., Kirda, E.: Panorama: Capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM Conferences on Computer and Communication Security (CCS 2007) (October 2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. UC Berkeley, USA

    Dawn Song, Heng Yin, Juan Caballero, Min Gyung Kang, Pongsin Poosankam & Prateek Saxena

  2. Carnegie Mellon University, USA

    David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Gyung Kang, Zhenkai Liang, James Newsome & Pongsin Poosankam

  3. College of William and Mary, USA

    Heng Yin

Authors
  1. Dawn Song
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Brumley
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Heng Yin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Juan Caballero
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ivan Jager
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Min Gyung Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Zhenkai Liang
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. James Newsome
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Pongsin Poosankam
    View author publications

    You can also search for this author in PubMed Google Scholar

  10. Prateek Saxena
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Stony Brook University, NY 11794-4400, Stony Brook, USA

    R. Sekar

  2. Department of Computer and Information Sciences, University of Hyderabad, 500 046, Hyderabad, India

    Arun K. Pujari

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Song, D. et al. (2008). BitBlaze: A New Approach to Computer Security via Binary Analysis. In: Sekar, R., Pujari, A.K. (eds) Information Systems Security. ICISS 2008. Lecture Notes in Computer Science, vol 5352. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89862-7_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-89862-7_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-89861-0

  • Online ISBN: 978-3-540-89862-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation