Papers by Thanassis Avgerinos
BAP is a publicly available infrastructure for performing program verification and analysis tasks... more BAP is a publicly available infrastructure for performing program verification and analysis tasks on binary (ie, executable) code. In this paper, we describe BAP as well as lessons learned from previous incarnations of binary analysis platforms. BAP explicitly represents all side effects of instructions in an intermediate language (IL), making syntaxdirected analysis possible. We have used BAP to routinely generate and solve verification conditions that are hundreds of megabytes in size and encompass 100,000's of assembly instructions.
Abstract Prior work has shown that return oriented programming (ROP) can be used to bypass W⊕ X, ... more Abstract Prior work has shown that return oriented programming (ROP) can be used to bypass W⊕ X, a software defense that stops shellcode, by reusing instructions from large libraries such as libc. Modern operating systems have since enabled address randomization (ASLR), which randomizes the location of libc, making these techniques unusable in practice.
Abstract This paper describes the design goals and current status of tidier, a software tool that... more Abstract This paper describes the design goals and current status of tidier, a software tool that tidies Erlang source code, making it cleaner, simpler, and often also more efficient. In contrast to other refactoring tools, tidier is completely automatic and is not tied to any particular editor or IDE. Instead, tidier comes with a suite of code transformations that can be selected by its user via command-line options and applied in bulk on a set of modules or entire applications using a simple command.
Abstract Dynamic taint analysis and forward symbolic execution are quickly becoming staple techni... more Abstract Dynamic taint analysis and forward symbolic execution are quickly becoming staple techniques in security analyses. Example applications of dynamic taint analysis and forward symbolic execution include malware analysis, input filter generation, test case generation, and vulnerability discovery. Despite the widespread usage of these two techniques, there has been little effort to formally define the algorithms and summarize the critical issues that arise when these techniques are used in typical security contexts.
Abstract The automatic exploit generation challenge is given a program, automatically find vulner... more Abstract The automatic exploit generation challenge is given a program, automatically find vulnerabilities and generate exploits for them. In this paper we present AEG, the first end-to-end system for fully automatic exploit generation. We used AEG to analyze 14 open-source projects and successfully generated 16 control flow hijacking exploits. Two of the generated exploits (expect-5.43 and htget-0.93) are zero-day exploits against unknown vulnerabilities.
Abstract In this paper we present Mayhem, a new system for automatically finding exploitable bugs... more Abstract In this paper we present Mayhem, a new system for automatically finding exploitable bugs in binary (ie, executable) programs. Every bug reported by Mayhem is accompanied by a working shell-spawning exploit. The working exploits ensure soundness and that each bug report is security-critical and actionable. Mayhem works on raw binary code without debugging information.
Abstract A recurring problem in security is reverse engineering binary code to recover high-level... more Abstract A recurring problem in security is reverse engineering binary code to recover high-level language data abstractions and types. High-level programming languages have data abstractions such as buffers, structures, and local variables that all help programmers and program analyses reason about programs in a scalable manner. During compilation, these abstractions are removed as code is translated down to operations on registers and one globally addressed memory region.
Abstract This paper describes opportunities for automatically modernizing Erlang applications, cl... more Abstract This paper describes opportunities for automatically modernizing Erlang applications, cleaning them up, eliminating certain bad smells from their code and occasionally also improving their performance. In addition, we present concrete examples of code improvements and our experiences from using a software tool with these capabilities, tidier, on Erlang code bases of significant size. Categories and Subject Descriptors D.
Uploads
Papers by Thanassis Avgerinos