Paper Appeared at 14th Conference on Compiler Construction

Posted 20 May 2005

The paper Codesurfer/x86—A Platform for Analyzing x86 Executables by Gogul Balakrishnan (pictured at left), Radu Gruian, Thomas Reps (pictured at right), and Tim Teitelbaum appeared at the 14th International Conference on Compiler Construction. The conference was held in April in Edinburgh, Scotland. Gogul presented the paper at the conference.

CodeSurfer/x86 is a prototype system for analyzing x86 executables. It uses a static-analysis algorithm called value-set analysis (VSA) to recover intermediate representations that are similar to those that a compiler creates for a program written in a high-level language. A major challenge in building an analysis tool for executables is in providing useful information about operations involving memory. This is difficult when symbol-table and debugging information is absent or untrusted. CodeSurfer/x86 overcomes these challenges to provide an analyst with a powerful and flexible platform for investigating the properties and behaviors of potentially malicious code (such as COTS components, plugins, mobile code, worms, Trojans, and virus-infected code) using (i) CodeSurfer/x86's GUI, (ii) CodeSurfer/x86's scripting language, which provides access to all of the intermediate representations that CodeSurfer/x86 builds for the executable, and (iii) GrammaTech's Path Inspector, which is a tool that uses a sophisticated pattern-matching engine to answer questions about the flow of execution in a program.

The paper is available online: [Abstract] [pdf] [ps]

<< Back to index

This page updated October 18, 2005.