Using Type Inference and Abstract Interpretation for Static Binary Analysis

Abstract

In recent years, many research efforts have been dedicated to detect vulnerabilities in software. Most of these techniques are based on source code analysis. However, source code-based analysis methods are ineffective when the program source code is not available. In such a case, binary analysis is the only option. Yet, all binary analysis methods have to address serious challenges such as indirect memory access, missing functions and data abstraction. Historically, these problems have been addressed using rather ad hoc techniques. However, recent research has begun to reverse this trend. In this thesis, we cover Value-Set Analysis (VSA) and Abstract Stack Analysis (ASA) that use abstract interpretation to address aforementioned challenges in a principled way. We then move on to binary analysis methods that try to recover the missing type information in binaries. We describe TIE, Howard and REWARD as three binary type analysis methods and compare their effectiveness.