| Ďurfina, L., Křoustek, J., Zemek, P., Kolář, D., Hruška, T., Masařík, K., Meduna, A.: Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis, In: The 5th International Conference on Information Security and Assurance, Brno, CZ, Springer, 2011, p. 72-86, ISBN 978-3-642-23140-7 | | Publication language: | english |
|---|
| Original title: | Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis |
|---|
| Title (cs): | Návrh rekonfigurovatelného dekompilátoru pro statickou, platformě nezávislou analýzu škodlivého kódu |
|---|
| Pages: | 72-86 |
|---|
| Proceedings: | The 5th International Conference on Information Security and Assurance |
|---|
| Conference: | The 5th International Conference on Information Security and Assurance |
|---|
| Series: | Communications in Computer and Information Science, Volume 200 |
|---|
| Place: | Brno, CZ |
|---|
| Year: | 2011 |
|---|
| URL: | http://link.springer.com/chapter/10.1007%2F978-3-642-23141-4_8 |
|---|
| ISBN: | 978-3-642-23140-7 |
|---|
| Publisher: | Springer Verlag |
|---|
| Keywords |
|---|
| decompilation, reverse engineering, malware, LLVM, Lissom, ISAC |
| Annotation |
|---|
| Together with the massive expansion of smartphones, tablets, and other smart devices, we can notice a growing number of malware threats targeting these platforms. Software security companies are not prepared for such diversity of target platforms and there are only few techniques for platform-independent malware analysis. This is a major security issue these days. In this paper, we propose a concept of a retargetable reverse compiler (i.e. a decompiler), which is in an early stage of development. The retargetable decompiler transforms platform-specific binary applications into a high-level language (HLL) representation, which can be further analyzed in a uniform way. This tool will help with a static platform-independent malware analysis. Our unique solution is based on an exploitation of two systems that were originally not intended for such an application - the architecture description language (ADL) ISAC for a platform description and the LLVM Compiler System as the core of the decompiler. In this study, we show that our tool can produce highly readable HLL code. |
| BibTeX: |
|---|
@INPROCEEDINGS{
author = {Lukáš Ďurfina and Jakub Křoustek and Petr Zemek and Dušan
Kolář and Tomáš Hruška and Karel Masařík and Alexander
Meduna},
title = {Design of a Retargetable Decompiler for a Static
Platform-Independent Malware Analysis},
pages = {72--86},
booktitle = {The 5th International Conference on Information Security and
Assurance},
series = {Communications in Computer and Information Science, Volume
200},
year = {2011},
location = {Brno, CZ},
publisher = {Springer Verlag},
ISBN = {978-3-642-23140-7},
language = {english},
url = {http://www.fit.vutbr.cz/research/view_pub.php?id=9582}
} |
|
Faculty of Information Technology