Software similarity and classification

This thesis analyses software programs in the context of their similarity to other software programs. Applications proposed and implemented include detecting malicious software and discovering security vulnerabilities

Verificación formal de código binario

Los buffer overflow son una de las vulnerabilidades mas frecuentes que se encuentran en el software que utilizamos diariamente. El análisis de este tipo de vulnerabilidades se hace tedioso y complejo cuando solo se tiene acceso al código binario y no al código fuente del programa vulnerable debido al uso del lenguaje de bajo nivel ensamblador, la poca estructura que presenta este lenguaje, la ausencia de funciones bien definidas y de tipos de datos abstractos entre otros. Con el objetivo de facilitar el trabajo de los investigadores de seguridad presentamos una extensión para el framework BAP que agrega soporte para la verificación de buffer overflow en código binario mediante el uso de SMT solvers

Wire - a formal intermediate language for binary analysis

Wire is a intermediate language to enable static program analysis on low level objects such as native executables. It has practical benefit in analysing the structure and semantics of malware, or for identifying software defects in closed source software. In this paper we describe how an executable program is disassembled and translated to the Wire intermediate language. We define the formal syntax and operational semantics of Wire and discuss our justifications for its language features. We use Wire in our previous work Malwise, a malware variant detection system. We also examine applications for when a formally defined intermediate language is given. Our results include showing the semantic equivalence between obfuscated and non obfuscated code samples. These examples stem from the obfuscations commonly used by malware.<br /