TWC: Medium: Collaborative: Automated Reverse Engineering of Commodity Software

TWC：媒介：协作：商品软件的自动逆向工程

• 批准号: 1409738
• 负责人: Engin Kirda
• 金额: $ 50万
• 依托单位: Northeastern University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2014
• 资助国家: 美国
• 起止时间: 2014-09-01 至 2018-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1409738&HistoricalAwards=false
• 关键词: TWC; Medium; Collaborative; Automated; Reverse

Software, including common examples such as commercial applications or embedded device firmware, is often delivered as closed-source binaries. While prior academic work has examined how to automatically discover vulnerabilities in binary software, and even how to automatically craft exploits for these vulnerabilities, the ability to answer basic security-relevant questions about closed-source software remains elusive.This project aims to provide algorithms and tools for answering these questions. Leveraging prior work on emulator-based dynamic analyses, we propose techniques for scaling this high-fidelity analysis to capture and extract whole-system behavior in the context of embedded device firmware and closed-source applications. Using a combination of dynamic execution traces collected from this analysis platform and binary code analysis techniques, we propose techniques for automated structural analysis of binary program artifacts, decomposing system and user-level programs into logical modules through inference of high-level semantic behavior. This decomposition provides as output an automatically learned description of the interfaces and information flows between each module at a sub-program granularity. Specific activities include: (a) developing software-guided whole-system emulator for supporting sophisticated dynamic analyses for real embedded systems; (b) developing advanced, automated techniques for structurally decomposing closed-source software into its constituent modules; (c) developing automated techniques for producing high-level summaries of whole system executions and software components; and (d) developing techniques for automating the reverse engineering and fuzz testing of encrypted network protocols. The research proposed herein will have a significant impact outside of the security research community. We will incorporate the research findings of our program into our undergraduate and graduate teaching curricula, as well as in extracurricular educational efforts such as Capture-the-Flag that have broad outreach in the greater Boston and Atlanta metropolitan areas.The close ties to industry that the collective PIs possess will facilitate transitioning the research into practical defensive tools that can be deployed into real-world systems and networks.

软件，包括商业应用程序或嵌入式设备固件等常见示例，通常以封闭源代码二进制文件的形式提供。虽然以前的学术工作研究了如何自动发现二进制软件中的漏洞，甚至如何自动利用这些漏洞，但回答与封闭源代码软件相关的基本安全问题的能力仍然很差。该项目旨在提供回答这些问题的算法和工具。利用之前在基于仿真器的动态分析方面的工作，我们提出了扩展这种高保真分析的技术，以在嵌入式设备固件和封闭源代码应用程序的上下文中捕获和提取整个系统的行为。结合从该分析平台收集的动态执行轨迹和二进制代码分析技术，我们提出了二进制程序构件的自动结构分析技术，通过高层语义行为的推理将系统级和用户级程序分解为逻辑模块。这种分解以子程序粒度提供每个模块之间的接口和信息流的自动学习描述作为输出。具体活动包括：(A)开发软件引导的全系统仿真器，用于支持对真实嵌入式系统的复杂动态分析；(B)开发先进的自动化技术，用于将封闭源代码软件结构化地分解成其组成模块；(C)开发自动化技术，用于产生整个系统执行和软件组件的高级摘要；以及(D)开发用于自动化加密网络协议的反向工程和模糊测试的技术。本文提出的研究将对安全研究界以外的领域产生重大影响。我们将把我们项目的研究成果纳入我们的本科和研究生教学课程，以及在波士顿和亚特兰大大都市区广泛推广的课外教育努力中，如捕获旗帜。集体PI与行业的密切联系将有助于将研究转化为实用的防御工具，可以部署到现实世界的系统和网络中。