Ivannikov Institute for System Programming of the RAS


BINSIDE. Static binary code analysis tool

The importance of binary code analysis

Software developers often face a problem of incorporating complex computations, data encryption and compression algorithms, and similar common notions into their code. This is typically done by using standard libraries specializing in a group of tasks; these libraries are often distributed in binary code only. On the other hand, software maintenance is gradually becoming more and more important within the development cycle; software maintenance incorporates the task of updating both its code and external libraries. External libraries and auxiliary programs, distributed in binary form, need to conform to quality and security standards.

Static binary code analysis tool

BINSIDE. Static binary code analysis tool

At the Institute for System Programming of the Russian Academy of Sciences we have developed a static binary code analysis tool. This tool includes the following features:

  • Support for various processor architectures: x86, x64 (ARM, PowerPC, MIPS to be added);
  • Support for various platforms: Linux, Windows;
  • Support for various binary code formats: ELF for Linux and PE for Windows;
  • Support for binary code analysis without debug information or symbol tables;
  • Automatic defect detection: invalid usage of format string functions, buffer overfiows, invalid usage of dynamic memory.

Program analysis

The analysis tool transforms executable and library binary code into the specialized architecture independent internal representation used to create control fiow graphs and call graphs; these graphs are used to perform contextsensitive intra-procedural data fiow analysis in order to identify potential runtime defects and vulnerabilities. The context-sensitive analysis core automatically generates function specifications and propagates them through function call code points.

Defect detection

We currently provide automatic checkers that identify problems with format string functions, potential buffer overfiow defects and invalid usage of dynamic memory.

BINSIDE. Static binary code analysis tool

Extensibility features

Our analysis tool provides an API for accessing internal code representation and models and can be used to design new checkers.

Internal infrastructure

Our analysis tool employs IDA Pro -- a de facto standard in the field of program disassembly and reverse engineering -- and additional tools (Google (Zynamics) BinNavi and BinExport) modified to our needs; these tools transform program binary code into REIL -- an architecture-independent intermediate representation language. We are extending these tools in order to improve the efficiency of intraprocedural analysis, abstract interpretation, defect detection, tainted data fiow analysis, PDG (Program Dependence Graph) generation and other methods. Certain extensions (e.g. x64 support for REIL transformation) were successfully released into the community.

Developer/Participant

Compiler Technology

Back to the list of technologies of ISP RAS