skip to main content
10.1145/3355378.3355383acmotherconferencesArticle/Chapter ViewAbstractPublication PagessblpConference Proceedingsconference-collections
research-article

Efficient and Precise Dynamic Construction of Control Flow Graphs

Published: 23 September 2019 Publication History

Abstract

The extraction of high-level information from binary code is an important problem in programming languages, whose solution supports the detection of malware in binary code and the construction of dynamic program slices. The Control Flow Graph is one of the instruments used to represent the structure of binary programs. Most solutions to reconstruct CFGs from binary programs rely on purely static techniques, based either on data-flow analyses, or in type inference. In contrast, in this work we use a purely dynamic approach to such a purpose. Our technique can be used alone, or in combination with static analysis tools. We demonstrate that it is possible to verify completeness in several real-world programs. We also show how to combine our technique with DynInst, the current state-of-the-art static CFG reconstructor. By providing DynInst with extra information, we improve its capacity to deal with indirect jumps. Our dynamic CFG reconstructor has been implemented on top of valgrind. When applied on cBench, this implementation is able to completely cover 36% of all the functions available in that suite. It adds an average overhead of 43x onto the execution of the original programs. Although expressive, this overhead is almost four times lower than the overhead of DCFG, a tool distributed by Intel, and built on top of PinPlay.

References

[1]
Hiralal Agrawal and Joseph R. Horgan. 1990. Dynamic Program Slicing. In PLDI. ACM, New York, NY, USA, 246--256.
[2]
Alfred V. Aho, Monica S. Lam, Ravi Sethi, and Jeffrey D. Ullman. 2006. Compilers: Principles, Techniques, and Tools (2nd Edition). Addison Wesley, Boston, Massachusetts, USA.
[3]
Frances E. Allen. 1970. Control flow analysis. SIGPLAN Not. 5 (1970), 1--19. Issue 7.
[4]
A. R. Bernat and B. P. Miller. 2012. Structured Binary Editing with a CFG Transformation Algebra. In Working Conference on Reverse Engineering. ACM, New York, NY, USA, 9--18.
[5]
Danilo Bruschi, Lorenzo Cavallaro, and Andrea Lanzi. 2007. Static Analysis on x86 Executables for Preventing Automatic Mimicry Attacks. In Detection of Intrusions and Malware, and Vulnerability Assessment, Bernhard M. Hämmerli and Robin Sommer (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 213--230.
[6]
Cristina Cifuentes and K.John Gough. 1995. Decompilation of Binary Programs. Softw. Pract. Exper. 25, 7 (1995), 811--829.
[7]
Yikun Hu, Yuanyuan Zhang, Juanru Li, Hui Wang, Bodong Li, and Dawu Gu. 2018. BinMatch: A Semantics-based Hybrid Approach on Binary Code Clone Analysis.
[8]
Ulf Kargén and Nahid Shahmehri. 2015. Turning Programs Against Each Other: High Coverage Fuzz-testing Using Binary-code Mutation and Dynamic Slicing. In ESEC/FSE. ACM, New York, NY, USA, 782--792.
[9]
Daniel Kästner and Stephan Wilhelm. 2002. Generic Control Flow Reconstruction from Assembly Code. In Proceedings of the Joint Conference on Languages, Compilers and Tools for Embedded Systems: Software and Compilers for Embedded Systems (LCTES/SCOPES '02). ACM, New York, NY, USA, 46--55.
[10]
B. Korel and J. Laski. 1988. Dynamic Program Slicing. Inf. Process. Lett. 29, 3 (1988), 155--163.
[11]
Yun Lin, Jun Sun, Lyly Tran, Guangdong Bai, Haijun Wang, and Jinsong Dong. 2018. Break the Dead End of Dynamic Slicing: Localizing Data and Control Omission Bug. In ASE. ACM, New York, NY, USA, 509--519.
[12]
Xiaozhu Meng and Barton P. Miller. 2016. Binary Code is Not Easy. In ISSTA. ACM, New York, NY, USA, 24--35.
[13]
Nicholas Nethercote and Julian Seward. 2007. Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation. In PLDI. ACM, New York, NY, USA, 89--100.
[14]
Maksim Panchenko, Rafael Auler, Bill Nell, and Guilherme Ottoni. 2019. BOLT: A Practical Binary Optimizer for Data Centers and Beyond. In CGO. IEEE Press, Piscataway, NJ, USA, 2--14.
[15]
Henry Gordon Rice. 1953. Classes of recursively enumerable sets and their decision problems. Trans. Amer. Math. Soc. 74, 1 (1953), 358--366.
[16]
B. Schwarz, S. Debray, and G. Andrews. 2002. Disassembly of Executable Code Revisited. In WCRE. IEEE Computer Society, Washington, DC, USA, 45--.
[17]
Richard L. Sites, Anton Chernoff, Matthew B. Kirk, Maurice P. Marks, and Scott G. Robinson. 1993. Binary Translation. Commun. ACM 36, 2 (1993), 69--81.
[18]
Dawn Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Gyung Kang, Zhenkai Liang, James Newsome, Pongsin Poosankam, and Prateek Saxena. 2008. BitBlaze: A New Approach to Computer Security via Binary Analysis. In ICISS. Springer-Verlag, Berlin, Heidelberg, 1--25.
[19]
B. De Sutter, B. De Bus, K. De Bosschere, P. Keyngnaert, and B. Demoen. 2000. On the Static Analysis of Indirect Control Transfers in Binaries. In In PDPTA. 1013--1019.
[20]
H. Theiling. 2000. Extracting safe and precise control flow from binaries. In Conference on Real-Time Computing Systems and Applications. ACM, New York, NY, USA, 23--30.
[21]
Mateus Tymburibá, Rubens E. A. Moreira, and Fernando Magno Quintão Pereira. 2016. Inference of Peak Density of Indirect Branches to Detect ROP Attacks. In CGO. ACM, New York, NY, USA, 150--159.
[22]
Liang Xu, Fangqi Sun, and Zhendong Su. 2010. Constructing Precise Control Flow Graphs from Binaries.
[23]
Yanfang Ye, Tao Li, Donald Adjeroh, and S. Sitharama Iyengar. 2017. A Survey on Malware Detection Using Data Mining Techniques. ACM Comput. Surv. 50, 3 (2017), 41:1--41:40.
[24]
Charles Yount, Harish Patil, Mohammad S. Islam, and Aditya Srikanth. 2015. Graph-matching-based simulation-region selection for multiple binaries. In ISPASS. IEEE Computer Society, Washington, DC, USA, 52--61.
[25]
Ruoyu Zhou and Timothy M. Jones. 2019. Janus: Statically-driven and Profile-guided Automatic Dynamic Binary Parallelisation. In CGO. IEEE Press, Piscataway, NJ, USA, 15--25.

Cited By

View all
  • (2021)VESPA: static profiling for binary optimizationProceedings of the ACM on Programming Languages10.1145/34855215:OOPSLA(1-28)Online publication date: 15-Oct-2021

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
SBLP '19: Proceedings of the XXIII Brazilian Symposium on Programming Languages
September 2019
86 pages
ISBN:9781450376389
DOI:10.1145/3355378
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

  • SBC: Sociedade Brasileira de Computação

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 September 2019

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Grafo de fluxo de controle
  2. análise dinâmica

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

SBLP 2019

Acceptance Rates

SBLP '19 Paper Acceptance Rate 10 of 21 submissions, 48%;
Overall Acceptance Rate 22 of 50 submissions, 44%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)13
  • Downloads (Last 6 weeks)1
Reflects downloads up to 16 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2021)VESPA: static profiling for binary optimizationProceedings of the ACM on Programming Languages10.1145/34855215:OOPSLA(1-28)Online publication date: 15-Oct-2021

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media