Colloquium of School of Computer Sciences

Computer Sciences Colloquium - Statistical Similarity of Binaries

Eran Yahav

15 May 2016, 11:00 
Schreiber Building, Room 309 
Computer Sciences Colloquium

Abstract:

 

We address the problem of finding similar procedures in stripped binaries. We present a new statistical approach for measuring the similarity between two procedures. Our notion of similarity allows us to find similar code even when it has been compiled using different compilers, or has been modified. The main idea is to use similarity by composition: decompose the code into smaller comparable fragments, define semantic similarity between fragments, and use statistical reasoning to lift fragment similarity to similarity between procedures. We have implemented our approach in a tool called Esh, and applied it to find various prominent vulnerabilities across compilers and versions, including Heartbleed, Shellshock and Venom. We show that Esh produces high accuracy results, with few to no false positives – a crucial factor in the scenario of vulnerability search in stripped binaries.

 

Joint work with Yaniv David and Nimrod Partush. 

 

Tel Aviv University makes every effort to respect copyright. If you own copyright to the content contained
here and / or the use of such content is in your opinion infringing Contact us as soon as possible >>
Tel Aviv University, P.O. Box 39040, Tel Aviv 6997801, Israel