Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Interactive function identification decreasing the effort of reverse engineering

 
: Kilic, F.; Laner, H.; Eckert, C.

:

Lin, D.:
Information security and cryptology. 11th international conference, Inscrypt 2015 : Beijing, China, November 1-3, 2015; Revised selected papers
Cham: Springer International Publishing, 2016 (Lecture Notes in Computer Science 9589)
ISBN: 978-3-319-38897-7 (Print)
ISBN: 978-3-319-38898-4 (Online)
S.468-487
International Conference on Information Security and Cryptology (Inscrypt) <11, 2015, Beijing>
Englisch
Konferenzbeitrag
Fraunhofer AISEC ()

Abstract
Today’s software is growing in size and complexity. Consequently analysing closed-source binaries becomes time-consuming and labour-intensive. In the common use case, the analyst is only interested in specific functions of the given application. Identifying the relevant functions is difficult since no related meta information is given. In this paper we present a framework which speeds up the reverse-engineering process using interactive function identification. We use the benefits of Dynamic Binary Instrumentation as base to collect the executed function calls. We support the analyst in filtering the relevant functions for specific functionality. Our approach is divided into three process steps. Real-time data gathering, user defined information processing/filtering and graphical representation. We show a significant speed up in the reverse engineering process using our framework. We reduce the number of executed functions to be viewed by the analyst more than 90 % and due to visual components we help the analyst pre-selecting the functions on an abstract level.

: http://publica.fraunhofer.de/dokumente/N-422498.html