Research and development prototype of error detecting tool for the analysis of the executable program code.
The project is aimed at development of a software toolset for automated vulnerability detection and exploit construction. The toolset is designed to reveal vulnerabilities in binary code of programs that operate over network.
As a result of the project methods for binary code analysis were developed. The methods are aimed at solving the following technical problems.
- Infrastructure support of binary code analysis of network programs.
- Whole system taint analysis at binary code level (including OS code and code of other processes).
- Major reduction of number of states to analyze during binary code symbolic execution.
- Formal description of a vulnerability being triggered at binary code level.
The developed methods are implemented as plug-ins for an integrated binary code analysis environment and had been evaluated on the Mozilla Internet browser code.