notice
Master Thesis Defense - March 1, 2016: Reverse Engineering Unknown Binaries by Matching Binaries to Source Code
Arash Shahkar
Tuesday, March 1, 2016 at 12:00 p.m.
Room EV001.162
You are invited to attend the following M.A.Sc. (Information Systems Security) thesis examination.
Examining Committee
Dr. J.Y. Yu, Chair
Dr. M. Mannan, Supervisor
Dr. L. Wang, CIISE Examiner
Dr. Z. Zhu, External Examiner (BCEE)
Abstract
Reverse engineering of unknown executable binary programs has diverse applications in computer security and forensics, and often involves identifying parts of code that are reused from third party software projects. Identification of code clones by comparing and fingerprinting low-level binaries has been explored in various pieces of work as an effective approach for accelerating the reverse engineering process. Binary clone detection across different environments and computing platforms bears significant challenges, and reasoning about sequences of low-level machine instructions is a tedious and time-consuming process. Because of these reasons, the ability of matching reused functions to their source code is highly advantageious, despite being rarely explored to date.
In this thesis, we systematically assess the feasibility of automatic binary to source matching to aid the reverse engineering process. We highlight the challenges, elaborate on the shortcomings of existing proposals, and design a new approach that is targeted at addressing the challenges while delivering more extensive and detailed results in a fully automated fashion. By evaluating our approach, we show that it is generally capable of uniquely matching over 50% of reused functions, while narrowing down over 75% of reused functions to, at most, five candidates in most cases. Finally, we investigate and discuss the limitations and provide directions for future work.
Graduate Program Coordinators
For more information, contact Silvie Pasquarelli or Mireille Wahba.