TU BRAUNSCHWEIG

Code Analysis and Reverse Engineering

Overview

Semester: Winter 2018/2019
Course type: Block Seminar
Lecturer: Prof. Dr. Konrad Rieck
Assistants: Alwin Maier,Robert Michael
Audience: Informatik Bachelor
Credits: 5 ECTS
Hours: 2
Language: English or German
Capacity: max. 8 Students
Room: BRICS 107/108

Schedule

 Date   Step 
 17.10.2018, 9:00   Kick-off meeting, assignment of topics (BRICS 107/108) 
 26.10.2018. 12:00   Arrange appointment with assistant via e-mail 
 07.12.2018, 12:00   Submit final paper proposal 
 14.12.2018, 12:00   Submit review of two fellow students 
 10.01.2019, 9:00   Presentation (BRICS 107/108)
 16.01.2018, 12:00   Submit camera-ready version of your paper

Description

This block seminar captures topics from the areas of reverse engineering and program analysis. Combining both areas yields a vast tool set for the analysis of IT systems. With security in mind the applications range from the discovery, exploitation and mitigation of security vulnerabilities to the detection, de-obfuscation and analysis of malicious code.

While static analysis techniques aim to deduce program properties by analyzing the code without execution, dynamic program analysis explore the properties of a program at run time.

In practice the a priori information available is often insufficient - no source code available, sparse information about the executing hardware, etc. In this case program analysis require further techniques. This is where reverse engineering comes in.

Requirements

The seminar is organized like a real academic conference. You need to prepare a written paper (German or English) about the selected topic with 5-8 pages in ACM double-column style.

After submitting your paper at our conference system, you will write two short reviews about two of the papers submitted by your fellow students. In this way, you can give them feedback about how to improve their paper. Then, you will have time to improve your own final paper with reviews from the others.

Last but not least, you will give a 20 minutes talk about your paper, and we will provide drinks and pizza to enjoy the talks at our small conference.

Mailing list

News and important information will be distributed via a mailing list. All participants have to subscribe here to receive relevant updates.

Contact

The seminar is organized by the Institute of System Security. For questions and further details, please contact

Links

Topics

▸ Disassemblers

A disassembler translates machine code into assembly code. Disassembly algorithms can be classified into linear sweep and recursive algorithms. Both classes have advantages and disadvantages of their own. Neither approach guarantees perfect results as different impediments can occur. For example, mixture of data and code or indirect jump instructions.

▸ Decompilers

Decompilers aim at reconstructing high level source code from binary programs. The success of decompilation depends on the amount of information gathered from preceding analysis of the binary program.

▸ Comparison of Intermediate Languages for Binary Code

Intermediate languages "lift" the assembly code obtained from a disassembler to a higher representation level more suitable for further analysis. Different intermediate languages used for binary analysis were developed over the time.

▸ Binary Code Similarity Detection

The problem of binary code similarity aims at determining whether two binary code fragments are similar. For example, the detection of similar functions can be used to detect vulnerable code. Especially firmware images often use parts of libraries known to be vulnerable.

▸ Data Dependence Analysis

Data dependence analysis is an instance of data flow analysis which can be applied to source code as well as binary code. The goal is to identify dependencies between different points in the program due to the writing and reading of data. This information can be useful to detect vulnerabilities in programs.

▸ Value Set Analysis

Especially in binary analysis, the knowledge of all possible values a register or memory location can attain at a certain program point is crucial for many analysis techniques. For example alias analysis and the resolution of indirect jumps profit from this information.

▸ Fuzz Testing

The aim of fuzz testing or fuzzing is to trigger unexpected behavior of a program by providing crafted input. Hence, fuzz testing is a dynamic analysis technique which runs a target program again and again while observing the programs behavior.

▸ Meltdown and Spectre

The Meltdown and Spectre attacks allow an attacker to read arbitrary memory on a victims system without requiring a software vulnerability. The pure software mitigations affect the performance of nearly all computer systems.

▸ Bring your own ideas fitting the seminar topic.


  last changed 09.01.2019
TU_Icon_E_Mail_1_17x17_RGB pagetop