Challenges in firmware re-hosting, emulation, and analysis
System emulation and firmware re-hosting have become popular techniques to answer
various security and performance related questions, such as determining whether a …
various security and performance related questions, such as determining whether a …
Manticore: A user-friendly symbolic execution framework for binaries and smart contracts
M Mossberg, F Manzano, E Hennenfent… - 2019 34th IEEE/ACM …, 2019 - ieeexplore.ieee.org
An effective way to maximize code coverage in software tests is through dynamic symbolic
execution-a technique that uses constraint solving to systematically explore a program's …
execution-a technique that uses constraint solving to systematically explore a program's …
[PDF][PDF] Avatar 2: A multi-target orchestration platform
Dynamic binary analysis techniques play a central role to study the security of software
systems and detect vulnerabilities in a broad range of devices and applications. Over the …
systems and detect vulnerabilities in a broad range of devices and applications. Over the …
Binsec/rel: Efficient relational symbolic execution for constant-time at binary-level
The constant-time programming discipline (CT) is an efficient countermeasure against timing
side-channel attacks, requiring the control flow and the memory accesses to be independent …
side-channel attacks, requiring the control flow and the memory accesses to be independent …
Binary-level directed fuzzing for {use-after-free} vulnerabilities
Directed fuzzing focuses on automatically testing specific parts of the code by taking
advantage of additional information such as (partial) bug stack trace, patches or risky …
advantage of additional information such as (partial) bug stack trace, patches or risky …
Hunting the haunter-efficient relational symbolic execution for spectre with haunted relse
Spectre are microarchitectural attacks which were made public in January 2018. They allow
an attacker to recover secrets by exploiting speculations. Detection of Spectre is particularly …
an attacker to recover secrets by exploiting speculations. Detection of Spectre is particularly …
Symbolic deobfuscation: From virtualized code back to the original
Software protection has taken an important place during the last decade in order to protect
legit software against reverse engineering or tampering. Virtualization is considered as one …
legit software against reverse engineering or tampering. Virtualization is considered as one …
BINSEC/REL: symbolic binary analyzer for security with applications to constant-time and secret-erasure
This article tackles the problem of designing efficient binary-level verification for a subset of
information flow properties encompassing constant-time and secret-erasure. These …
information flow properties encompassing constant-time and secret-erasure. These …
Backward-bounded DSE: targeting infeasibility questions on obfuscated codes
Software deobfuscation is a crucial activity in security analysis and especially in malware
analysis. While standard static and dynamic approaches suffer from well-known …
analysis. While standard static and dynamic approaches suffer from well-known …
VMHunt: A verifiable approach to partially-virtualized binary code simplification
Code virtualization is a highly sophisticated obfuscation technique adopted by malware
authors to stay under the radar. However, the increasing complexity of code virtualization …
authors to stay under the radar. However, the increasing complexity of code virtualization …