Accession Number:

ADA540141

Title:

Automated Analysis of ARM Binaries using the Low-Level Virtual Machine Compiler Framework

Descriptive Note:

Master's thesis

Corporate Author:

AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH SCHOOL OF ENGINEERING AND MANAGEMENT

Personal Author(s):

• Scott, Jeffery

Report Date:

2011-03-01

Pagination or Media Count:

103.0

Abstract:

Binary program analysis is a critical capability for offensive and defensive operations in Cyberspace. However, many current techniques are ineffective or time-consuming and few tools can analyze code compiled for embedded processors such as those used in network interface cards, control systems and mobile phones. This research designs and implements a binary analysis system, called the Architecture-independent Binary Abstracting Code Analysis System ABACAS, which reverses the normal program compilation process, lifting binary machine code to the Low-Level Virtual Machine LLVM compilers intermediate representation, thereby enabling existing security-related analyses to be applied to binary programs. The prototype targets ARM binaries but can be extended to support other architectures. Several programs are translated from ARM binaries and analyzed with existing analysis tools. Programs lifted from ARM binaries are an average of 3.73 times larger than the same programs compiled from a high-level language HLL. Analysis results are equivalent regardless of whether the HLL source or ARM binary version of the program is submitted to the system, confirming the hypothesis that LLVM is effective for binary analysis.

Descriptors:

• *BINARY PROCESSORS
• *SECURITY
• *RADIOTELEPHONES
• NETWORKS
• INTERFACES
• ATTACK
• THESES
• PROCESSING EQUIPMENT
• MOBILE
• EMBEDDING
• HYPOTHESES
• COMPILERS
• HIGH LEVEL LANGUAGES
• DEFENSE SYSTEMS
• AUTOMATION
• MILITARY OPERATIONS
• CONTROL SYSTEMS

Subject Categories:

• Computer Programming and Software
• Computer Hardware
• Radio Communications

Distribution Statement:

APPROVED FOR PUBLIC RELEASE