860 23rd USENIX Security Symposium USENIX Association
[11]
CHOI, S., PARK, H., LIM, H.-I., AND HAN, T. A static birthmark
of binary executables based on API call structure. In Proceeding
of the 12th Asian Computing Science Conference (2007), Springer,
pp. 2–16.
[12]
D
AV I
, L., D
MITRIENKO
, A., E
GELE
, M., F
ISCHER
,T.,H
OLZ
,
T., HUND, R., STEFAN, N., AND SADEGHI, A.-R. MoCFI: A
framework to mitigate control-flow attacks on smartphones. In
Proceedings of the 19th Network and Distributed System Security
Symposium (2012), The Internet Society.
[13]
Dia2dump Sample.
http://msdn.microsoft.com/en-us/
library/b5ke49f5.aspx.
[14] Dyninst API. http://www.dyninst.org/.
[15]
E
RLINGSSON
, U., A
BADI
, M., V
RABLE
, M., B
UDIU
, M.,
AND
NECULA, G. C. XFI: Software guards for system address spaces.
In Proceedins of the 7th Symposium on Operating Systems Design
and Implementation (2006), USENIX, pp. 75–88.
[16]
IDA FLIRT Technology.
https://www.hex-rays.com/
products/ida/tech/flirt/in_depth.shtml.
[17]
GCC—Function Inline.
http://gcc.gnu.org/onlinedocs/
gcc/Inline.html.
[18]
GUILFANOV, I. Decompilers and beyond. In BlackHat USA
(2008).
[19]
HARRIS, L. C., AND MILLER, B. P. Practical analysis of stripped
binary code. ACM SIGARCH Computer Architecture News 33,5
(2005), 63–68.
[20]
H
U
, X., C
HIUEH
, T.-
C
.,
AND
S
HIN
, K. G. Large-scale malware
indexing using function-call graphs. In Proceedings of the 16th
ACM Conference on Computer and Communications Security
(2009), ACM, pp. 611–620.
[21]
KHOO, W. M., MYCROFT, A., AND ANDERSON, R. Ren-
dezvous: A search engine for binary code. In Proceedings of
the 10th IEEE Working Conference on Mining Software Reposito-
ries (2013), IEEE, pp. 329–338.
[22]
KINDER, J. Static Analysis of x86 Executables. PhD thesis,
Technische Universität Darmstadt, 2010.
[23]
KRUEGEL, C., ROBERTSON,W.,VALEUR, F., AND VIGNA, G.
Static disassembly of obfuscated binaries. In Proceedings of the
13th USENIX Security Symposium (2004), USENIX, pp. 255–270.
[24]
PAPPAS,V.,POLYCHRONAKIS, M., AND KEROMYTIS, A. D.
Smashing the gadgets: Hindering return-oriented programming
using in-place code randomization. In Proceedings of the 2012
IEEE Symposium on Security and Privacy (2012), IEEE, pp. 601–
615.
[25]
PERKINS, J. H., KIM, S., LARSEN, S., AMARASINGHE, S.,
B
ACHRACH, J., CARBIN, M., PACHECO, C., SHERWOOD, F.,
S
IDIROGLOU, S., SULLIVAN, G., WONG, W.-F., ZIBIN, Y. ,
ERNST, M. D., AND RINARD, M. Automatically patching errors
in deployed software. In Proceedings of the ACM 22nd Symposium
on Operating Systems Principles (2009), ACM, pp. 87–102.
[26]
ROSENBLUM, N. The new Dyninst code parser: Binary code isn’t
as simple as it used to be, 2006.
[27]
R
OSENBLUM
, N. E., Z
HU
, X., M
ILLER
, B. P.,
AND
H
UNT
, K.
Learning to analyze binary computer code. In Proceedings of the
23rd National Conference on Artificial Intelligence (2008), AAAI,
pp. 798–804.
[28]
SCHWARTZ, E., LEE, J., WOO, M., AND BRUMLEY, D. Native
x86 decompilation using semantics-preserving structural analysis
and iterative control-flow structuring. In Proceedings of the 22nd
USENIX Security Symposium (2013), USENIX, pp. 353–368.
[29]
SHARIF, M., LANZI, A., GIFFIN, J., AND LEE, W. Impeding
malware analysis using conditional code obfuscation. In Pro-
ceedings of the 16th Network and Distributed System Security
Symposium (2008), Internet Society.
[30]
SIDIROGLOU, S., LAADAN, O., KEROMYTIS, A. D., AND NIEH,
J. Using rescue points to navigate software recovery. In Proceed-
ings of the 2007 IEEE Symposium on Security and Privacy (2007),
IEEE, pp. 273–280.
[31]
Unstrip.
http://www.paradyn.org/html/tools/unstrip.
html.
[32]
VAN EMMERIK, M. J., AND WADDINGTON, T. Using a de-
compiler for real-world source recovery. In Proceedings of the
11th Working Conference on Reverse Engineering (2004), IEEE,
pp. 27–36.
[33]
ZHANG, C., WEI,T.,CHEN, Z., DUAN, L., SZEKERES, L.,
MCCAMANT, S., SONG, D., AND ZOU, W. Practical control flow
integrity & randomization for binary executables. In Proceedings
of the 2013 IEEE Symposium on Security and Privacy (2013),
IEEE, pp. 559–573.
[34]
ZHANG, M., AND SEKAR, R. Control flow integrity for COTS
binaries. In Proceedings of the 22nd USENIX Security Symposium
(2013), pp. 337–352.