TEMU: Binary Code Analysis via Whole-System Layered Annotative Execution
Heng Yin and Dawn Song
EECS Department, University of California, Berkeley
Technical Report No. UCB/EECS-2010-3
January 11, 2010
http://www2.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-3.pdf
Dynamic binary analysis has demonstrated its strength in solving a wide-spectrum of computer security problems, such as malware analysis, protocol reverse engineering, vulnerability detection, diagnosis, and defense, software testing, etc. An extensible platform for dynamic binary analysis provides a foundation for solving these problems. To enable a variety of applications, we explore a unique design space. We aim to provide a whole-system view, take an external approach, facilitate fine-grained instrumentation, and have sufficient efficiency. These design goals bring about a new architecture, namely whole-system out-of-the-box fine-grained dynamic binary analysis. To further facilitate fine-grained dynamic binary analysis, we propose layered annotative execution as a core technique, which incorporates shadow flag analysis, taint analysis, and symbolic execution. We have implemented this new architecture and the core technique in an analysis platform called TEMU. Because of its extensibility and versatility, TEMU has enabled and fostered a handful of research projects.
BibTeX citation:
@techreport{Yin:EECS-2010-3,
Author= {Yin, Heng and Song, Dawn},
Title= {TEMU: Binary Code Analysis via Whole-System Layered Annotative Execution},
Year= {2010},
Month= {Jan},
Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-3.html},
Number= {UCB/EECS-2010-3},
Abstract= {Dynamic binary analysis has demonstrated its strength in solving a wide-spectrum of computer security problems, such as malware analysis, protocol reverse engineering, vulnerability detection, diagnosis, and defense, software testing, etc. An extensible platform for dynamic binary analysis provides a foundation for solving these problems. To enable a variety of applications, we explore a unique design space. We aim to provide a whole-system view, take an external approach, facilitate fine-grained instrumentation, and have sufficient efficiency. These design goals bring about a new architecture, namely whole-system out-of-the-box fine-grained dynamic binary analysis. To further facilitate fine-grained dynamic binary analysis, we propose layered annotative execution as a core technique, which incorporates shadow flag analysis, taint analysis, and symbolic execution. We have implemented this new architecture and the core technique in an analysis platform called TEMU. Because of its extensibility and versatility, TEMU has enabled and fostered a handful of research projects.},
}
EndNote citation:
%0 Report %A Yin, Heng %A Song, Dawn %T TEMU: Binary Code Analysis via Whole-System Layered Annotative Execution %I EECS Department, University of California, Berkeley %D 2010 %8 January 11 %@ UCB/EECS-2010-3 %U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-3.html %F Yin:EECS-2010-3