Publication Details

Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis

ĎURFINA Lukáš, KŘOUSTEK Jakub, ZEMEK Petr, KOLÁŘ Dušan, HRUŠKA Tomáš, MASAŘÍK Karel and MEDUNA Alexander. Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis. In: 7th Doctoral Workshop on Mathematical and Engineering Methods in Computer Science. Brno: Masaryk University, 2011, pp. 114-114. ISBN 978-80-214-4305-1.
Czech title
Návrh rekonfigurovatelného dekompilátoru pro statickou, platformě nezávislou analýzu škodlivého kódu
Type
conference paper
Language
english
Authors
Keywords

decompilation, reverse engineering, malware, LLVM, Lissom, ISAC

Abstract

Together with the massive expansion of smartphones, tablets, and other smart devices, we can notice a growing number of malware threats targeting these platforms. Software security companies are not prepared for such diversity of target platforms and there are only few techniques for platform-independent malware analysis. This is a major security issue these days. In this paper, we propose a concept of a retargetable reverse compiler (i.e. a decompiler), which is in an early stage of development. The retargetable decompiler transforms platform-specific binary applications into a high-level language (HLL) representation, which can be further analyzed in a uniform way. This tool will help with a static platform-independent malware analysis. Our unique solution is based on an exploitation of two systems that were originally not intended for such an application - the architecture description language (ADL) ISAC for a platform description and the LLVM Compiler System as the core of the decompiler. In this study, we show that our tool can produce highly readable HLL code.

Published
2011
Pages
114-114
Proceedings
7th Doctoral Workshop on Mathematical and Engineering Methods in Computer Science
Conference
MEMICS'11 -- 7th Doctoral Workshop on Mathematical and Engineering Methods in Computer Science, Lednice, CZ
ISBN
978-80-214-4305-1
Publisher
Masaryk University
Place
Brno, CZ
BibTeX
@INPROCEEDINGS{FITPUB9732,
   author = "Luk\'{a}\v{s} \v{D}urfina and Jakub K\v{r}oustek and Petr Zemek and Du\v{s}an Kol\'{a}\v{r} and Tom\'{a}\v{s} Hru\v{s}ka and Karel Masa\v{r}\'{i}k and Alexander Meduna",
   title = "Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis",
   pages = "114--114",
   booktitle = "7th Doctoral Workshop on Mathematical and Engineering Methods in Computer Science",
   year = 2011,
   location = "Brno, CZ",
   publisher = "Masaryk University",
   ISBN = "978-80-214-4305-1",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/9732"
}
Back to top