Conference paper

ĎURFINA Lukáš, KŘOUSTEK Jakub, ZEMEK Petr, KOLÁŘ Dušan, HRUŠKA Tomáš, MASAŘÍK Karel and MEDUNA Alexander. Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis. In: 7th Doctoral Workshop on Mathematical and Engineering Methods in Computer Science. Brno: Masaryk University, 2011, pp. 114-114. ISBN 978-80-214-4305-1.
Publication language:english
Original title:Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis
Title (cs):Návrh rekonfigurovatelného dekompilátoru pro statickou, platformě nezávislou analýzu škodlivého kódu
Pages:114-114
Proceedings:7th Doctoral Workshop on Mathematical and Engineering Methods in Computer Science
Conference:MEMICS'11 -- 7th Doctoral Workshop on Mathematical and Engineering Methods in Computer Science
Place:Brno, CZ
Year:2011
ISBN:978-80-214-4305-1
Publisher:Masaryk University
Keywords
decompilation, reverse engineering, malware, LLVM, Lissom, ISAC
Annotation
Together with the massive expansion of smartphones, tablets, and other smart devices, we can notice a growing number of malware threats targeting these platforms. Software security companies are not prepared for such diversity of target platforms and there are only few techniques for platform-independent malware analysis. This is a major security issue these days. In this paper, we propose a concept of a retargetable reverse compiler (i.e. a decompiler), which is in an early stage of development. The retargetable decompiler transforms platform-specific binary applications into a high-level language (HLL) representation, which can be further analyzed in a uniform way. This tool will help with a static platform-independent malware analysis. Our unique solution is based on an exploitation of two systems that were originally not intended for such an application - the architecture description language (ADL) ISAC for a platform description and the LLVM Compiler System as the core of the decompiler. In this study, we show that our tool can produce highly readable HLL code.
BibTeX:
@INPROCEEDINGS{
   author = {Lukáš Ďurfina and Jakub Křoustek and Petr Zemek and Dušan
	Kolář and Tomáš Hruška and Karel Masařík and Alexander
	Meduna},
   title = {Design of a Retargetable Decompiler for a Static
	Platform-Independent Malware Analysis},
   pages = {114--114},
   booktitle = {7th Doctoral Workshop on Mathematical and Engineering
	Methods in Computer Science},
   year = {2011},
   location = {Brno, CZ},
   publisher = {Masaryk University},
   ISBN = {978-80-214-4305-1},
   language = {english},
   url = {http://www.fit.vutbr.cz/research/view_pub.php?id=9732}
}

Your IPv4 address: 54.197.218.127
Switch to IPv6 connection

DNSSEC [dnssec]