Program Analysis is often hampered when source code is not available. Many static program analysis tools depend on the availability of source code and cannot operate on binaries. One solution to this problem is Intermediate Languages that allow advanced analysis, but require lifting or translation from native instructions. This talk will describe and release an example IL analysis plugin for automated discovery of a simple memory corruption vulnerability, using the Binary Ninja IL. A script for IL based variable signed analysis will also be described and released. The concepts of variable analysis, abstract interpretation, and integer range analysis will be discussed in the context of vulnerability discovery.Back to Open CFP
Sounds like interesting if not just talking about simple things.
Sounds promising. Not sure why translating from machine language to IL would be helpful for finding memory corruption bugs (perhaps to do it in a single language) but I'd be interested in learning.
We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to firstname.lastname@example.org. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.
Some of the benefits of speaking at INFILTRATE are: