Skip to main content
SpringerLink
Log in
Book cover

International Conference on Network and System Security

NSS 2018: Network and System Security pp 361–375Cite as

DBAF: Dynamic Binary Analysis Framework and Its Applications

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11058))

Abstract

Dynamic binary analysis is difficult and burdensome. In practice, analysts always develop dynamic binary analyzers (DBAs) based on binary instrumentation tools (BITs), which are responsible for extracting information from a binary, monitoring or altering the execution of the binary. However, existing BITs either expose machine instructions to analysts or lack user-friendly APIs. Such problems result in a steep learning curve to grasp BITs and difficulties in eliminating bugs in DBAs. This work designs DBAF, a dynamic binary analysis framework that instruments binaries dynamically, conducts an online translation from machine code into an easy-to-handle intermediate representation (IR) and provides tens of APIs for IR processing. With DBAF, analysts can process binaries in the level of IR without the troubles to interpret machine instructions. Then, we develop five DBAs on top of DBAF, which are a division-by-zero protector, an IR counter, a memory tracer, a taint analyzer and a concolic executor. It demonstrates that DBAF can reduce the development effort for DBAs, especially the ones requiring semantic interpretation of instructions. Experiments show that DBAF brings about reasonable overhead in online translation.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Bernat, A., Miller, B.: Anywhere, any-time binary instrumentation. In: PASTE (2011)

    Google Scholar 

  2. Bruening, D., Duesterwald, E., Amarasinghe, S.: Design and implementation of a dynamic optimization framework for windows. In: FDDO (2001)

    Google Scholar 

  3. Bruening, D., Zhao, Q., Amarasinghe, S.: Transparent dynamic instrumentation. In: VEE (2012)

    Google Scholar 

  4. Bungale, P.P., Luk, C.K.: Pinos: a programmable framework for whole-system dynamic instrumentation. In: VEE (2007)

    Google Scholar 

  5. Chen, T., Xu, Y., Zhang, X.: A program manipulation middleware and its applications on system security. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds.) SecureComm 2017. LNICST, vol. 238, pp. 606–626. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78813-5_31

    Chapter  Google Scholar 

  6. Chen, T., Zhang, X., Guo, S., Li, H., Wu, Y.: State of the art: dynamic symbolic execution for automated test generation. Future Gener. Comput. Syst. 29(7), 1758–1773 (2013)

    Article  Google Scholar 

  7. Chung, J., Dalton, M., Kannan, H., Kozyrakis, C.: Thread-safe dynamic binary translation using transactional memory. In: HPCA (2008)

    Google Scholar 

  8. CVE: Cve-2010-0001 (2011). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0001

  9. CVE: Cve-2010-4051 (2011). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4051

  10. Dinaburg, A., Adve, V.: McSema: static translation of x86 instructions to LLVM. In: ReCon (2014)

    Google Scholar 

  11. Edwards, A., Vo, H., Srivastava, A.: Vulcan binary transformation in a distributed environment (2001). https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/tr-2001-50.pdf

  12. Feiner, P., Brown, A.D., Goel, A.: Comprehensive kernel instrumentation via dynamic binary translation. In: ASPLOS (2012)

    Google Scholar 

  13. Feng, Y.: Fixed potential LLVM value type dismatch in llvm::constantint::get. (#241) #242 (2017). https://github.com/trailofbits/mcsema/pull/2421

  14. Guillon, C.: Program instrumentation with QEMU. In: International QEMU Users’ Forum (2011)

    Google Scholar 

  15. Hao, S., Li, D., Halfond, W.G., Govindan, R.: SIF: a selective instrumentation framework for mobile applications. In: Mobisys (2013)

    Google Scholar 

  16. Hazelwood, K., Klauser, A.: A dynamic binary instrumentation engine for the arm architecture. In: CASES (2006)

    Google Scholar 

  17. Jimborean, A., Mastrangelo, L., Loechner, V., Clauss, P.: VMAD: an advanced dynamic program analysis and instrumentation framework. In: O’Boyle, M. (ed.) CC 2012. LNCS, vol. 7210, pp. 220–239. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28652-0_12

    Chapter  Google Scholar 

  18. Larus, J.R., Schnarr, E.: EEL: machine-independent executable editing. In: PLDI (1995)

    Google Scholar 

  19. Lattner, C.: The design of LLVMS (2012). http://www.drdobbs.com/architecture-and-design/the-design-of-llvm/240001128?pgno=1

  20. Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis & transformation. In: CGO (2004)

    Google Scholar 

  21. Laurenzano, M.A., Tikir, M.M., Carrington, L., Snavely, A.: PEBIL: efficient static binary instrumentation for Linux. In: ISPASS (2010)

    Google Scholar 

  22. Lee, G.L., et al.: Dynamic binary instrumentation and data aggregation on large scale systems. Int. J. Parallel Program. 35(3), 207–232 (2007)

    Article  Google Scholar 

  23. LLVM: LLVM language reference manual (2018). https://llvm.org/docs/LangRef.html

  24. Luk, C.K., et al.: Pin: building customized program analysis tools with dynamic instrumentation. In: PLDI (2005)

    Google Scholar 

  25. Maebe, J., Ronsse, M., Bosschere, K.D.: Diota: dynamic instrumentation, optimization and transformation of applications. In: WBT (2002)

    Google Scholar 

  26. Moura, L.D., Bjørner, N.: Z3: an efficient SMT solver. In: TACAS (2008)

    Google Scholar 

  27. Nanda, S., Li, W., Lam, L.C., Chiueh, T.C.: Bird: binary interpretation using runtime disassembly. In: CGO (2006)

    Google Scholar 

  28. Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. In: PLDI (2007)

    Google Scholar 

  29. Pellegrini, A.: Hijacker: efficient static software instrumentation with applications in high performance computing: poster paper. In: HPCS (2013)

    Google Scholar 

  30. Pin: API reference (2017). https://software.intel.com/sites/landingpage/pintool/docs/81205/Pin/html/group__API__REF.html

  31. Prasad, M.: Disassembly challenges (2003). http://static.usenix.org/event/usenix03/tech/full_papers/prasad/prasad_html/node5.html

  32. Put, L.V., Chanet, D., Bus, B.D., Sutter, B.D., Bosschere, K.D.: DIABLO: a reliable, retargetable and extensible link-time rewriting framework. In: ISSPIT (2005)

    Google Scholar 

  33. Salwan, J.: Triton source code (2018). https://github.com/JonathanSalwan/Triton/tree/master/src/libtriton/arch/x86

  34. Saudel, F., Salwan, J.: Triton: concolic execution framework (2015). http://shell-storm.org/talks/SSTIC2015_English_slide_detailed_version_Triton_Concolic_Execution_FrameWork_FSaudel_JSalwan.pdf

  35. Schulz, M., et al.: Scalable dynamic binary instrumentation for blue gene/l. In: WBIA (2005)

    Google Scholar 

  36. Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: S&P (2010)

    Google Scholar 

  37. Scott, K., Kumar, N., Velusamy, S., Childers, B., Davidson, J.W., Soffa, M.L.: Retargetable and reconfigurable software dynamic translation. In: CGO (2003)

    Google Scholar 

  38. Smithson, M., Anand, K., Kotha, A., Elwazeer, K., Giles, N., Barua, R.: Binary rewriting without relocation information (2010). http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.463.3748&rep=rep1&type=pdf

  39. Sridhar, S., Shapiro, J.S., Northup, E., Bungale, P.P.: HDTrans: an open source, low-level dynamic instrumentation system. In: VEE (2006)

    Google Scholar 

  40. Sun, E., Kaeli, D.: A binary instrumentation tool for the blackfin processor. In: WBIA (2009)

    Google Scholar 

  41. Tikir, M.M., Laurenzano, M., Carrington, L., Snavely, A.: PMAC binary instrumentation library for powerpc/aix. In: WBIA (2006)

    Google Scholar 

  42. Upton, D., Hazelwood, K., Cohn, R., Lueck, G.: Improving instrumentation speed via buffering. In: WBIA (2009)

    Google Scholar 

  43. Wallace, S., Hazelwood, K.: Superpin: parallelizing dynamic instrumentation for real-time performance. In: CGO (2007)

    Google Scholar 

  44. Yang, J., Zhou, S., Soffa, M.L.: Dimension: an instrumentation tool for virtual execution environments. In: VEE (2006)

    Google Scholar 

  45. Zhang, M., Qiao, R., Hasabnis, N., Sekar, R.: A platform for secure static binary instrumentation. In: VEE (2014)

    Google Scholar 

Download references

Acknowledgment

This work is supported in part by National Key R&D Program of China (2017YF-B0802903), Project 2117H14243A and Sichuan Province Research and Technology Supporting Plan, China.

Author information

Authors and Affiliations

  1. Research Center for Cybersecurity, University of Electronic Science and Technology of China, Chengdu, 611731, China

    Ting Chen, Youzheng Feng, Xingwei Lin, Zihao Li & Xiaosong Zhang

Authors
  1. Ting Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Youzheng Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xingwei Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zihao Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xiaosong Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ting Chen .

Editor information

Editors and Affiliations

  1. The Hong Kong Polytechnic University, Hong Kong, China

    Man Ho Au

  2. The University of Hong Kong, Hong Kong, China

    Siu Ming Yiu

  3. Guangzhou University, Guangzhou, China

    Jin Li

  4. The Hong Kong Polytechnic University, Hong Kong, China

    Xiapu Luo

  5. City University of Hong Kong, Hong Kong, China

    Cong Wang

  6. University of Salerno and University of Naples Federico II, Fisciano, Italy

    Aniello Castiglione

  7. CISPA Helmholtz Center i.G. GmbH, Saarbrücken, Germany

    Kamil Kluczniak

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chen, T., Feng, Y., Lin, X., Li, Z., Zhang, X. (2018). DBAF: Dynamic Binary Analysis Framework and Its Applications. In: Au, M., et al. Network and System Security. NSS 2018. Lecture Notes in Computer Science(), vol 11058. Springer, Cham. https://doi.org/10.1007/978-3-030-02744-5_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-02744-5_27

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-02743-8

  • Online ISBN: 978-3-030-02744-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation