Journal article

ĎURFINA Lukáš, KŘOUSTEK Jakub, ZEMEK Petr, KOLÁŘ Dušan, HRUŠKA Tomáš, MASAŘÍK Karel and MEDUNA Alexander. Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis. International Journal of Security and Its Applications. Daejeon: Science & Engineering Research Support Center, 2011, vol. 5, no. 4, pp. 91-106. ISSN 1738-9976.
Publication language:english
Original title:Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis
Title (cs):Návrh rekonfigurovatelného dekompilátoru pro statickou, platformě nezávislou analýzu škodlivého kódu
Pages:91-106
Place:KR
Year:2011
Journal:International Journal of Security and Its Applications, Vol. 5, No. 4, Daejeon, KR
ISSN:1738-9976
Keywords
decompilation, reverse engineering, malware, LLVM, Lissom, ISAC
Annotation
Together with the massive expansion of smartphones, tablets, and other smart devices, we can notice a growing number of malware threats targeting these platforms. Software security companies are not prepared for such diversity of target platforms and there are only few techniques for platform-independent malware analysis. This is a major security issue these days. In this paper, we propose a concept of a retargetable reverse compiler (i.e. a decompiler), which is in an early stage of development. The retargetable decompiler transforms platform-specific binary applications into a high-level language (HLL) representation, which can be further analyzed in a uniform way. This tool will help with a static platform-independent malware analysis. Our unique solution is based on an exploitation of two systems that were originally not intended for such an application - the architecture description language (ADL) ISAC for a platform description and the LLVM Compiler System as the core of the decompiler. In this study, we show that our tool can produce highly readable HLL code.
BibTeX:
@ARTICLE{
   author = {Luk{\'{a}}{\v{s}} {\v{D}}urfina and Jakub K{\v{r}}oustek and
	Petr Zemek and Du{\v{s}}an Kol{\'{a}}{\v{r}} and
	Tom{\'{a}}{\v{s}} Hru{\v{s}}ka and Karel Masa{\v{r}}{\'{i}}k
	and Alexander Meduna},
   title = {Design of a Retargetable Decompiler for a Static
	Platform-Independent Malware Analysis},
   pages = {91--106},
   journal = {International Journal of Security and Its Applications},
   volume = {5},
   number = {4},
   year = {2011},
   ISSN = {1738-9976},
   language = {english},
   url = {http://www.fit.vutbr.cz/research/view_pub.php?id=9811}
}

Your IPv4 address: 54.159.145.68
Switch to IPv6 connection

DNSSEC [dnssec]