Symbolic execution with {SymCC}: Don't interpret, compile!
S Poeplau, A Francillon - 29th USENIX Security Symposium (USENIX …, 2020 - usenix.org
A major impediment to practical symbolic execution is speed, especially when compared to
near-native speed solutions like fuzz testing. We propose a compilation-based approach to …
near-native speed solutions like fuzz testing. We propose a compilation-based approach to …
SymQEMU: Compilation-based symbolic execution for binaries
S Poeplau, A Francillon - NDSS 2021, Network and Distributed System …, 2021 - hal.science
Symbolic execution is a powerful technique for software analysis and bug detection.
Compilation-based symbolic execution is a recently proposed flavor that has been shown to …
Compilation-based symbolic execution is a recently proposed flavor that has been shown to …
Debin: Predicting debug information in stripped binaries
We present a novel approach for predicting debug information in stripped binaries. Using
machine learning, we first train probabilistic models on thousands of non-stripped binaries …
machine learning, we first train probabilistic models on thousands of non-stripped binaries …
Revisiting binary code similarity analysis using interpretable feature engineering and lessons learned
Binary code similarity analysis (BCSA) is widely used for diverse security applications,
including plagiarism detection, software license violation detection, and vulnerability …
including plagiarism detection, software license violation detection, and vulnerability …
How far we have come: Testing decompilation correctness of C decompilers
AC decompiler converts an executable (the output from a C compiler) into source code. The
recovered C source code, once recompiled, will produce an executable with the same …
recovered C source code, once recompiled, will produce an executable with the same …
Jest: N+ 1-version differential testing of both javascript engines and specification
J Park, S An, D Youn, G Kim… - 2021 IEEE/ACM 43rd …, 2021 - ieeexplore.ieee.org
Modern programming follows the continuous integration (CI) and continuous deployment
(CD) approach rather than the traditional waterfall model. Even the development of modern …
(CD) approach rather than the traditional waterfall model. Even the development of modern …
BINSEC/REL: symbolic binary analyzer for security with applications to constant-time and secret-erasure
This article tackles the problem of designing efficient binary-level verification for a subset of
information flow properties encompassing constant-time and secret-erasure. These …
information flow properties encompassing constant-time and secret-erasure. These …
Binmatch: A semantics-based hybrid approach on binary code clone analysis
Binary code clone analysis is an important technique which has a wide range of applications
in software engineering (eg, plagiarism detection, bug detection). The main challenge of the …
in software engineering (eg, plagiarism detection, bug detection). The main challenge of the …
Probabilistic naming of functions in stripped binaries
J Patrick-Evans, L Cavallaro, J Kinder - Proceedings of the 36th Annual …, 2020 - dl.acm.org
Debugging symbols in binary executables carry the names of functions and global variables.
When present, they greatly simplify the process of reverse engineering, but they are almost …
When present, they greatly simplify the process of reverse engineering, but they are almost …
Sok: Demystifying binary lifters through the lens of downstream applications
Binary lifters convert executables into an intermediate representation (IR) of a compiler
framework. The recovered IR code is generally deemed “analysis friendly,” bridging low …
framework. The recovered IR code is generally deemed “analysis friendly,” bridging low …