Neural Reverse Engineering of Stripped Binaries using Augmented Control Flow Graphs (SPLASH 2020 - OOPSLA)

Sun 15 - Sat 21 November 2020 Online Conference

Who

Yaniv David, Uri Alon, Eran Yahav

Track

SPLASH 2020 OOPSLA

Time Zone

The program is currently displayed in (GMT-06:00) Central Time (US & Canada).

Use conference time zone: (GMT-06:00) Central Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Fri 20 Nov 2020 13:40 - 14:00 at SPLASH-III - F-4B Chair(s): Aviral Goel, Ton Chanh Le
Sat 21 Nov 2020 01:40 - 02:00 at SPLASH-III - F-4B

Abstract

We address the problem of reverse engineering of stripped executables, which contain no debug information.
This is a challenging problem because of the low amount of syntactic information available in stripped
executables, and the diverse assembly code patterns arising from compiler optimizations.
We present a novel approach for predicting procedure names in stripped executables. Our approach combines
static analysis with neural models. The main idea is to use static analysis to obtain augmented representations
of call sites; encode the structure of these call sites using the control-flow graph (CFG) and finally, generate a
target name while attending to these call sites. We use our representation to drive graph-based, LSTM-based
and Transformer-based architectures.
Our evaluation shows that our models produce predictions that are difficult and time consuming for humans,
while improving on existing methods by 28% and by 100% over state-of-the-art neural textual models that do
not use any static analysis. Code and data for this evaluation are available at https://github.com/tech-srl/Nero.

Link to Publication

https://dl.acm.org/doi/pdf/10.1145/3428293

Link to Preprint

https://arxiv.org/pdf/1902.09122.pdf

DOI

https://doi.org/10.1145/3428293

Yaniv David

Technion

Uri Alon

Technion

Eran Yahav

Technion

Media

Time Zone

The program is currently displayed in (GMT-06:00) Central Time (US & Canada).

Use conference time zone: (GMT-06:00) Central Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Fri 20 Nov
Displayed time zone: Central Time (US & Canada) change

13:00 - 14:20	F-4BOOPSLA at SPLASH-III +12h Chair(s): Aviral Goel Northeastern University, Ton Chanh Le Stevens Institute of Technology

13:00 20m Talk		Certified and Efficient Instruction Scheduling: Application to Interlocked VLIW Processors OOPSLA Cyril Six Kalray / Grenoble Alps University / CNRS / Grenoble INP / VERIMAG, Sylvain Boulmé Grenoble Alps University / CNRS / Grenoble INP / VERIMAG, David Monniaux Grenoble Alps University / CNRS / Grenoble INP / VERIMAG Link to publication DOI Media Attached
13:20 20m Talk		Igloo: Soundly Linking Compositional Refinement and Separation Logic for Distributed System Verification OOPSLA Christoph Sprenger ETH Zurich, Tobias Klenze ETH Zurich, Marco Eilers ETH Zurich, Felix A. Wolf ETH Zurich, Peter Müller ETH Zurich, Martin Clochard ETH Zurich, David Basin ETH Zurich Link to publication DOI Media Attached
13:40 20m Talk		Neural Reverse Engineering of Stripped Binaries using Augmented Control Flow Graphs OOPSLA Yaniv David Technion, Uri Alon Technion, Eran Yahav Technion Link to publication DOI Pre-print Media Attached
14:00 20m Talk		Termination Analysis for Evolving Programs: An Incremental Approach by Reusing Certified Modules OOPSLA Fei He Tsinghua University, Jitao Han Tsinghua University Link to publication DOI Media Attached

Sat 21 Nov
Displayed time zone: Central Time (US & Canada) change

01:00 - 02:20	F-4BOOPSLA at SPLASH-III

01:00 20m Talk		Certified and Efficient Instruction Scheduling: Application to Interlocked VLIW Processors OOPSLA Cyril Six Kalray / Grenoble Alps University / CNRS / Grenoble INP / VERIMAG, Sylvain Boulmé Grenoble Alps University / CNRS / Grenoble INP / VERIMAG, David Monniaux Grenoble Alps University / CNRS / Grenoble INP / VERIMAG Link to publication DOI Media Attached
01:20 20m Talk		Igloo: Soundly Linking Compositional Refinement and Separation Logic for Distributed System Verification OOPSLA Christoph Sprenger ETH Zurich, Tobias Klenze ETH Zurich, Marco Eilers ETH Zurich, Felix A. Wolf ETH Zurich, Peter Müller ETH Zurich, Martin Clochard ETH Zurich, David Basin ETH Zurich Link to publication DOI Media Attached
01:40 20m Talk		Neural Reverse Engineering of Stripped Binaries using Augmented Control Flow Graphs OOPSLA Yaniv David Technion, Uri Alon Technion, Eran Yahav Technion Link to publication DOI Pre-print Media Attached
02:00 20m Talk		Termination Analysis for Evolving Programs: An Incremental Approach by Reusing Certified Modules OOPSLA Fei He Tsinghua University, Jitao Han Tsinghua University Link to publication DOI Media Attached