search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Combined Analysis for Source Code and Binary Code for Software Assurance

Presentation
By
This research highlight how to increase software assurance of binary components by analyzing and repairing functions.
Publisher

Software Engineering Institute

Subjects

Watch

Abstract

The DoD has a significant amount of software that is available only in binary form. Currently, it is impractical to ensure that this software is free from vulnerabilities and malicious code.

The goal of this project is to increase software assurance of binary components. To do this, we are adapting an existing open-source decompiler (Ghidra).

This automated pipeline will:

  • decompile the binary
  • determine which functions were correctly decompiled
  • perform static analysis and automated repair on those functions

Even if some functions cannot be decompiled, we can still achieve a significant benefit by analyzing and repairing those that can.

This work will enable the DoD to find and fix potential vulnerabilities in binary code that might otherwise be cost-prohibitive to investigate or repair manually.

SHARE
Download PDF
Part of a Collection

CMU SEI Research Review 2021 Day 2 Artifacts
Ask a question about this Presentation