Copertina

Towards Industrial-Scale Software Binary Analysis

Salvato in:
Pubblicato in:PQDT - Global (2025)
Autore principale: Zhou, Anshunkang
Pubblicazione:
ProQuest Dissertations & Theses
Soggetti:
Software quality
Plankton
Programming languages
Accuracy
Software development
Software reliability
Success
C plus plus
Open source software
Experiments
Optimization
Dissertations & theses
Breakdowns
Third party
Algorithms
Libraries
Ablation
Efficiency
Semantics
Biological oceanography
Computer science
Microbiology
Accesso online:Citation/Abstract
Full Text - PDF
Full text outside of ProQuest
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
Abstract:Computers play an indispensable role in our daily lives, providing a multitude of critical functions and services across areas such as communication, transportation, finance, and beyond. At the heart of modern computing lies a fundamental component: the software binary, a complex sequence of ones and zeroes that determines how specific tasks are executed on a computer. Ensuring the security and correctness of software binaries is of paramount importance, as vulnerabilities can have far-reaching consequences, potentially affecting financial systems and even human lives. However, analyzing software binaries at an industrial scale remains a significant challenge, primarily due to the difficulty of meeting three essential design requirements: rigor, non-intrusiveness, and scalability.This dissertation proposes a binary-centric solution to enhance industrial-scale software binary analysis, addressing these three requirements by contributing to several fundamental binary analysis techniques: binary lifting, binary similarity analysis, and fuzzing.First, we introduce a novel binary lifter, which translates software binaries directly into high-quality compiler-level intermediate representations (IRs) compatible with existing static analyzers, thereby enabling rigorous bug detection. Second, we propose a parallel binary lifting technique to address the scalability limitations of traditional lifters, allowing more efficient utilization of multi-core computers and scaling to extremely large binaries. Building on the IR code obtained through binary lifting, our third contribution is a binary similarity analysis technique that identifies third-party code within software binaries, enabling the reuse of existing knowledge and identification of zero-day vulnerabilities. Finally, extending beyond static analysis, our fourth contribution explores dynamic approaches by proposing a program-adaptive parallel fuzzer, which efficiently generates exploitable bugs with very low false-positive rates through runtime execution.Together, these contributions constitute a systematic solution for software binary analysis, capable of seamless integration into modern software development lifecycles to detect and prevent defects at an early stage. Our approaches have demonstrated tangible real-world impact, being deployed in CI/CD pipelines at major organizations to perform daily software quality checks. Using these techniques, we have successfully identified hundreds of high-risk defects in both industrial software products and open-source projects. Furthermore, our advancements in fundamental binary analysis techniques open avenues for exploration and innovation in related areas of research.
ISBN:9798265488381
Fonte:ProQuest Dissertations & Theses Global