| Ďurfina, L., Křoustek, J., Zemek, P., Kolář, D., Hruška, T., Masařík, K., Meduna, A.: Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis, In: 7th Doctoral Workshop on Mathematical and Engineering Methods in Computer Science, Brno, CZ, MUNI, 2011, p. 114-114, ISBN 978-80-214-4305-1 | | Publication language: | english |
|---|
| Original title: | Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis |
|---|
| Title (cs): | Návrh rekonfigurovatelného dekompilátoru pro statickou, platformě nezávislou analýzu škodlivého kódu |
|---|
| Pages: | 114-114 |
|---|
| Proceedings: | 7th Doctoral Workshop on Mathematical and Engineering Methods in Computer Science |
|---|
| Conference: | MEMICS'11 -- 7th Doctoral Workshop on Mathematical and Engineering Methods in Computer Science |
|---|
| Place: | Brno, CZ |
|---|
| Year: | 2011 |
|---|
| ISBN: | 978-80-214-4305-1 |
|---|
| Publisher: | Masaryk University |
|---|
| Keywords |
|---|
| decompilation, reverse engineering, malware, LLVM, Lissom, ISAC |
| Annotation |
|---|
| Together with the massive expansion of smartphones, tablets, and other
smart devices, we can notice a growing number of malware threats
targeting these platforms. Software security companies are not prepared
for such diversity of target platforms and there are only few techniques
for platform-independent malware analysis. This is a major security
issue these days. In this paper, we propose a concept of a retargetable
reverse compiler (i.e. a decompiler), which is in an early stage of
development. The retargetable decompiler transforms platform-specific
binary applications into a high-level language (HLL) representation,
which can be further analyzed in a uniform way. This tool will help with
a static platform-independent malware analysis. Our unique solution is
based on an exploitation of two systems that were originally not
intended for such an application - the architecture description language
(ADL) ISAC for a platform description and the LLVM Compiler System as
the core of the decompiler. In this study, we show that our tool can
produce highly readable HLL code. |
| BibTeX: |
|---|
@INPROCEEDINGS{
author = {Lukáš Ďurfina and Jakub Křoustek and Petr Zemek and Dušan
Kolář and Tomáš Hruška and Karel Masařík and Alexander
Meduna},
title = {Design of a Retargetable Decompiler for a Static
Platform-Independent Malware Analysis},
pages = {114--114},
booktitle = {7th Doctoral Workshop on Mathematical and Engineering
Methods in Computer Science},
year = {2011},
location = {Brno, CZ},
publisher = {Masaryk University},
ISBN = {978-80-214-4305-1},
language = {english},
url = {http://www.fit.vutbr.cz/research/view_pub.php?id=9732}
} |
|
Faculty of Information Technology