17.10.2018, 9:00 Kick-off meeting, assignment of topics (BRICS 107/108)
26.10.2018. 12:00 Arrange appointment with assistant via e-mail
07.12.2018, 12:00 Submit final paper proposal
14.12.2018, 12:00 Submit review of two fellow students
10.01.2019, 9:00 Presentation (BRICS 107/108)
16.01.2018, 12:00 Submit camera-ready version of your paper
This block seminar captures topics from the areas of reverse engineering and program analysis. Combining both areas yields a vast tool set for the analysis of IT systems. With security in mind the applications range from the discovery, exploitation and mitigation of security vulnerabilities to the detection, de-obfuscation and analysis of malicious code.
While static analysis techniques aim to deduce program properties by analyzing the code without execution, dynamic program analysis explore the properties of a program at run time.
In practice the a priori information available is often insufficient - no source code available, sparse information about the executing hardware, etc. In this case program analysis require further techniques. This is where reverse engineering comes in.
The seminar is organized like a real academic conference. You need to prepare a written paper (German or English) about the selected topic with 5-8 pages in ACM double-column style.
After submitting your paper at our conference system, you will write two short reviews about two of the papers submitted by your fellow students. In this way, you can give them feedback about how to improve their paper. Then, you will have time to improve your own final paper with reviews from the others.
Last but not least, you will give a 20 minutes talk about your paper, and we will provide drinks and pizza to enjoy the talks at our small conference.
News and important information will be distributed via a mailing list. All participants have to subscribe here to receive relevant updates.
The seminar is organized by the Institute of System Security. For questions and further details, please contact
A disassembler translates machine code into assembly code. Disassembly algorithms can be classified into linear sweep and recursive algorithms. Both classes have advantages and disadvantages of their own. Neither approach guarantees perfect results as different impediments can occur. For example, mixture of data and code or indirect jump instructions.
Decompilers aim at reconstructing high level source code from binary programs. The success of decompilation depends on the amount of information gathered from preceding analysis of the binary program.
▸ Comparison of Intermediate Languages for Binary Code
Intermediate languages "lift" the assembly code obtained from a disassembler to a higher representation level more suitable for further analysis. Different intermediate languages used for binary analysis were developed over the time.
▸ Binary Code Similarity Detection
The problem of binary code similarity aims at determining whether two binary code fragments are similar. For example, the detection of similar functions can be used to detect vulnerable code. Especially firmware images often use parts of libraries known to be vulnerable.
▸ Data Dependence Analysis
Data dependence analysis is an instance of data flow analysis which can be applied to source code as well as binary code. The goal is to identify dependencies between different points in the program due to the writing and reading of data. This information can be useful to detect vulnerabilities in programs.
▸ Value Set Analysis
Especially in binary analysis, the knowledge of all possible values a register or memory location can attain at a certain program point is crucial for many analysis techniques. For example alias analysis and the resolution of indirect jumps profit from this information.
▸ Fuzz Testing
The aim of fuzz testing or fuzzing is to trigger unexpected behavior of a program by providing crafted input. Hence, fuzz testing is a dynamic analysis technique which runs a target program again and again while observing the programs behavior.
▸ Meltdown and Spectre
The Meltdown and Spectre attacks allow an attacker to read arbitrary memory on a victims system without requiring a software vulnerability. The pure software mitigations affect the performance of nearly all computer systems.