Communications of the Korean Institute of Information Scientists and Engineers (정보과학회지)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

바이너리 파일의 변수 타입 추론 연구 동향

  • Published : 2018.03.15
Download PDF
⟨ Previous Next ⟩

Abstract

Keywords

References

  1. 소프트웨어 보안약점 진단가이드, 안전행정부, 2013.
  2. 최진영, 김승주, 김재기, 상용 및 공개 소프트웨어 대한 보안약점 진단기준 및 제거방안 연구, 한국인터넷진흥원, 2015.
  3. Eliminating Vulnerabilities in Third-Party Code with Binary Analysis, GrammaTech, 2013.
  4. Converity, Software Integrity Rist Report, 2011.
  5. The Heartbleed Bug, http://heartbleed.com/
  6. US-CERT, GNU Bourne-Again Shell 'ShellShock' Vulnerability, https://www.us-cert.gov/ncas/alerts/TA14-268A
  7. Moller, B., Duong T. and Kotowicz, K., "This POODLE Bites : Exploiting The SSL 3.0 FallBack," Security Advisory, 2014.
  8. Aviram, N. Schinzel, S., Somorovsky, J., Heninger, N., Dankel, M., Steube, J. ... and Kasper, E., "DROWN : Breaking TLS using SSLv2," In USENIX Security Symposium, pp. 689-706, 2016.
  9. Martin, B., Brown, M., Paller, A., Kirby, D. and Christey, S., 2011 CWE/SANS top 25 most dangerous software errors. Common Weakness Enumer, 7515. 2011.
  10. Tsipenyuk, K., Chess, B., and McGraw G., "Seven pernicious kingdoms: A taxonomy of software security errors," IEEE Security & Privacy, Vol. 3, No. 6, pp. 81-84, 2005. https://doi.org/10.1109/MSP.2005.159
  11. Third-Party Software Security Guidelines, https://developer.apple.com/library/content/documentation/Security/Conceptual/SecureCodingGuide/Articles/SecurityGuidelines.html
  12. Caballero, J., and Lin, Z., "Type inference on executables," ACM Computing Surveys, Vol, 48, No. 4, 2016.
  13. Mycroft, A., "Type-based decompilation (or program reconstruction via type reconstruction)," In European Symposium on Programming, Springer, pp. 208-223, 1999.
  14. Cytron, R., Ferrante, J., Rosen, B. K., Wegman, M. N., and Zadeck, F. K., "Efficiently computing static single assignment form and the control dependence graph," ACM Transactions on Programming Languages and Systems, Vol. 13, No. 4, pp. 451-490, 1991. https://doi.org/10.1145/115372.115320
  15. Milner, R., "A theory of type polymorphism in programming," Journal of computer and system sciences, Vol. 17, No. 3, pp. 348-375, 1978. https://doi.org/10.1016/0022-0000(78)90014-4
  16. Yoo, K., and Barua, R, "Recovery of object oriented features from C++ binaries," In Proceedings of 2014 21st Asia-Pacific Software Engineering Conference, pp. 231-238, 2014.
  17. Jin, W., Cohen, C., Gennari, J., Hines, C., Chaki, S., Gurfinkel, A., ... and Narasimhan, P, "Recovering c++ objects from binaries using inter-procedural data-flow analysis," In Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014, p. 1-11. 2014.
  18. Lin, Z., Zhang, X., and Xu, D., "Automatic reverse engineering of data structures from binary execution," In Network and Distributed System Security Symposium, 2010.
  19. Caballero, J., Grieco, G., Marron, M., Lin, Z., and Urbina, D., "ARTISTE: Automatic generation of hybrid data structure signatures from binary code executions," IMDEA Software Institute, Tech. Rep. TR-IMDEASW-2012-001, 2012.
  20. Cadar, C., Dunbar, D., & Engler, D. R., "KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs," In OSDI, Vol. 8, pp. 209-224, 2008.
  21. Cadar, C., Ganesh, V., Pawlowski, P., Dill, D., and Engler, D. R, "EXE: A system for automatically generating inputs of death using symbolic execution," In Proceedings of the ACM Conference on Computer and Communications Security, pp. 1-20, 2006.
  22. Godefroid, P., Klarlund, N., and Sen, K. "DART: directed automated random testing", In ACM Sigplan Notices, Vol. 40, No. 6, pp. 213-223, 2005. https://doi.org/10.1145/1064978.1065036
  23. Caballero, J., "Grammar and model extraction for security applications using dynamic program binary analysis," Doctoral dissertation, PhD thesis, Department of Electrical and Computer Engineering, Carnegie Mellon University, Pittsburgh, PA, 2010.
  24. Lee, J., Avgerinos, T., and Brumley, D, "TIE: Principled reverse engineering of types in binary programs," In Network and Distributed System Security Symposium, 2011.
  25. Kruegel, C., Robertson, W., Valeur, F., and Vigna, G, "Static disassembly of obfuscated binaries," In USENIX security Symposium, Vol. 13, 2004..
  26. Balakrishnan, G., and Reps, T., "WYSINWYX: What you see is not what you eXecute," ACM Transactions on Programming Languages and Systems, Vol. 32, No. 6, 2010.
  27. Appel, A. W. Modern Compiler Implementation in ML, 1998.