Ivannikov Institute for System Programming of the RAS


Research and development prototype of error detecting tool for the analysis of the executable program code.

Start of project – 2012. End of project - 2013.

The project is aimed at development of a software toolset for automated vulnerability detection and exploit construction. The toolset is designed to reveal vulnerabilities in binary code of programs that operate over network.

As a result of the project methods for binary code analysis were developed. The methods are aimed at solving the following technical problems.

  1. Infrastructure support of binary code analysis of network programs.
  2. Whole system taint analysis at binary code level (including OS code and code of other processes).
  3. Major reduction of number of states to analyze during binary code symbolic execution.
  4. Formal description of a vulnerability being triggered at binary code level.

The developed methods are implemented as plug-ins for an integrated binary code analysis environment and had been evaluated on the Mozilla Internet browser code.

Implementer

Compiler Technology

Go to the list of projects