Detail publikačního výsledku

Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis

ĎURFINA, L.; KŘOUSTEK, J.; ZEMEK, P.; KOLÁŘ, D.; HRUŠKA, T.; MASAŘÍK, K.; MEDUNA, A.

Original Title

Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis

English Title

Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis

Type

Peer-reviewed article not indexed in WoS or Scopus

Original Abstract

Together with the massive expansion of smartphones, tablets, and other smart devices, we can notice a growing number of malware threats targeting these platforms. Software security companies are not prepared for such diversity of target platforms and there are only few techniques for platform-independent malware analysis. This is a major security issue these days. In this paper, we propose a concept of a retargetable reverse compiler (i.e. a decompiler), which is in an early stage of development. The retargetable decompiler transforms platform-specific binary applications into a high-level language (HLL) representation, which can be further analyzed in a uniform way. This tool will help with a static platform-independent malware analysis. Our unique solution is based on an exploitation of two systems that were originally not intended for such an application - the architecture description language (ADL) ISAC for a platform description and the LLVM Compiler System as the core of the decompiler. In this study, we show that our tool can produce highly readable HLL code.

English abstract

Together with the massive expansion of smartphones, tablets, and other smart devices, we can notice a growing number of malware threats targeting these platforms. Software security companies are not prepared for such diversity of target platforms and there are only few techniques for platform-independent malware analysis. This is a major security issue these days. In this paper, we propose a concept of a retargetable reverse compiler (i.e. a decompiler), which is in an early stage of development. The retargetable decompiler transforms platform-specific binary applications into a high-level language (HLL) representation, which can be further analyzed in a uniform way. This tool will help with a static platform-independent malware analysis. Our unique solution is based on an exploitation of two systems that were originally not intended for such an application - the architecture description language (ADL) ISAC for a platform description and the LLVM Compiler System as the core of the decompiler. In this study, we show that our tool can produce highly readable HLL code.

Keywords

decompilation, reverse engineering, malware, LLVM, Lissom, ISAC

Key words in English

decompilation, reverse engineering, malware, LLVM, Lissom, ISAC

Authors

ĎURFINA, L.; KŘOUSTEK, J.; ZEMEK, P.; KOLÁŘ, D.; HRUŠKA, T.; MASAŘÍK, K.; MEDUNA, A.

RIV year

2012

Released

31.10.2011

ISBN

1738-9976

Periodical

International Journal of Security and Its Applications

Volume

5

Number

4

State

Republic of Korea

Pages from

91

Pages to

106

Pages count

16

Full text in the Digital Library

http://hdl.handle.net/

BibTex

@article{BUT76436,
  author="Lukáš {Ďurfina} and Jakub {Křoustek} and Petr {Zemek} and Dušan {Kolář} and Tomáš {Hruška} and Karel {Masařík} and Alexandr {Meduna}",
  title="Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis",
  journal="International Journal of Security and Its Applications",
  year="2011",
  volume="5",
  number="4",
  pages="91--106",
  issn="1738-9976"
}