Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using software metrics for estimating code similarities in binaries Saša Stojanović, Miloš Cvetanović, Zaharije Radivojević School of Electrical Engineering,

Published byJocelyn Stevenson Modified over 9 years ago

Similar presentations

Presentation on theme: "Using software metrics for estimating code similarities in binaries Saša Stojanović, Miloš Cvetanović, Zaharije Radivojević School of Electrical Engineering,"— Presentation transcript:

1 Using software metrics for estimating code similarities in binaries Saša Stojanović, Miloš Cvetanović, Zaharije Radivojević School of Electrical Engineering, Belgrade University 15th Workshop “Software Engineering Education and Reverse Engineering” Bohinj, Slovenija 23-30 August 2015

2 15th Workshop SEE and RE 2/34 Agenda Estimating Code Similarities in Binaries Theory of Communication Mapping to Code Similarity Results Conclusions

3 15th Workshop SEE and RE 3/34 Estimating Code Similarities How to find if some binary code originates from particular source code?

4 15th Workshop SEE and RE 4/34 Estimating Code Similarities

5 15th Workshop SEE and RE 5/34 Estimating Code Similarities Source code Device

6 15th Workshop SEE and RE 6/34 Estimating Code Similarities

7 15th Workshop SEE and RE 7/34 Estimating Code Similarities Live chip

8 15th Workshop SEE and RE 8/34 Estimating Code Similarities Connection device Live chip

9 15th Workshop SEE and RE 9/34 Estimating Code Similarities

10 15th Workshop SEE and RE 10/34 Estimating Code Similarities

11 15th Workshop SEE and RE 11/34 Estimating Code Similarities Binary code!

12 15th Workshop SEE and RE 12/34 Estimating Code Similarities CompilerSource code Binary code What compiler?

13 15th Workshop SEE and RE 13/34 Estimating Code Similarities Compiler 2Source code Binary code 2 Compiler 1Binary code 1 Compiler 3Binary code 3

14 15th Workshop SEE and RE 14/34 Problem schema CompilerSource code Destination code

15 15th Workshop SEE and RE 15/34 Problem schema DisturbanceSourceDestination

16 15th Workshop SEE and RE 16/34 Problem schema NoiseSourceDestination Information theory!

17 15th Workshop SEE and RE 17/34 Information theory Information Source TransmitterNoise Source ReceiverDestination Message Signal Received Signal Message

18 15th Workshop SEE and RE 18/34 Information theory An information source that produces a message A transmitter that operates on the message to create a signal which can be sent through a channel A channel, which is the medium over which the signal, carrying the information that composes the message, is sent A receiver, which transforms the signal back into the message intended for delivery A destination, which can be a person or a machine, for whom or which the message is intended Wikipedia

19 15th Workshop SEE and RE 19/34 Information theory Information Source TransmitterNoise Source ReceiverDestination Message Signal Received Signal Message

20 15th Workshop SEE and RE 20/34 Information theory & Code detection MessageSymbolProcedure Instruction Measure of Information – Entropy Measure of Information – Entropy!

21 15th Workshop SEE and RE 21/34 Information theory & Code detection How to solve the code detection problem? Increase amount of information with positive influence Decrease amount of information with negative influence

22 15th Workshop SEE and RE 22/34 Approach

23 15th Workshop SEE and RE 23/34 Information theory & Code detection MessageSymbol Lossy Compression ProcedureInstruction Metrics Measure of Information – Entropy

24 15th Workshop SEE and RE 24/34 Approach

25 15th Workshop SEE and RE 25/34 Inline Optimization

26 15th Workshop SEE and RE 26/34 Opcode Sequences

27 15th Workshop SEE and RE 27/34 Filtering Stack Instructions

28 15th Workshop SEE and RE 28/34 Filtering Transfer Instructions

29 15th Workshop SEE and RE 29/34 Approach

30 15th Workshop SEE and RE 30/34 Results (STAMP + Busy Box)

31 15th Workshop SEE and RE 31/34 Results (STAMP + Busy Box)

32 15th Workshop SEE and RE 32/34 Results (STAMP + Busy Box)

33 Code similarities can be viewed from Information theory perspective Code similarities using software metrics can be observed as a lossy compression Filters stack instructions has the largest contribution to ranking. 15th Workshop SEE and RE 33/34 Conclusion

34 Thank you! Radivojevic Zaharije

Download ppt "Using software metrics for estimating code similarities in binaries Saša Stojanović, Miloš Cvetanović, Zaharije Radivojević School of Electrical Engineering,"

Similar presentations

System Integration and Performance

System Integration and Performance
Introduction to Digital Communications

Introduction to Digital Communications
Why to learn OSI reference Model? The answer is too simple that It tells us that how communication takes place between computers on internet but how??

Why to learn OSI reference Model? The answer is too simple that It tells us that how communication takes place between computers on internet but how??
Data Communication Topics to be discussed:  Data Communication Terminology.  Data Transmission Signals.  Data Transmission Circuits.  Serial & Parallel.

Data Communication Topics to be discussed:  Data Communication Terminology.  Data Transmission Signals.  Data Transmission Circuits.  Serial & Parallel.
Layer 1 of the TCP/IP protocol stack: Network Access Layer (NAL). Functions, performed on the layer. МАС address in Ethernet networks. Layer 1 of the TCP/IP.

Layer 1 of the TCP/IP protocol stack: Network Access Layer (NAL). Functions, performed on the layer. МАС address in Ethernet networks. Layer 1 of the TCP/IP.
Csc333 Data communication & Networking Credit: 2.

Csc333 Data communication & Networking Credit: 2.
Maximum Likelihood Sequence Detection (MLSD) and the Viterbi Algorithm

Maximum Likelihood Sequence Detection (MLSD) and the Viterbi Algorithm
Architectural Investigation of XCTL by URCA Miloš Cvetanović, Dragan Bojić Faculty of Electrical Engineering University of Belgrade {cmilos,

Architectural Investigation of XCTL by URCA Miloš Cvetanović, Dragan Bojić Faculty of Electrical Engineering University of Belgrade {cmilos,
Implementation Of The Discrete Event Simulator Based On Distributed Processing Zaharije Radivojević 1, Ljubomir Samarđić, Miloš Cvetanović 1 1 Elektrotehnički.

Implementation Of The Discrete Event Simulator Based On Distributed Processing Zaharije Radivojević 1, Ljubomir Samarđić, Miloš Cvetanović 1 1 Elektrotehnički.
King Fahd University of Petroleum &Minerals Electrical Engineering Department EE-400 presentation CDMA systems Done By: Ibrahim Al-Dosari 221416 Mohammad.

King Fahd University of Petroleum &Minerals Electrical Engineering Department EE-400 presentation CDMA systems Done By: Ibrahim Al-Dosari Mohammad.
COE 342 - 1 Data and Computer Communications Data Communications & Networking Overview.

COE Data and Computer Communications Data Communications & Networking Overview.
Networking Theory (Part 1). Introduction Overview of the basic concepts of networking Also discusses essential topics of networking theory.

Networking Theory (Part 1). Introduction Overview of the basic concepts of networking Also discusses essential topics of networking theory.
Transfer of Learning. Transfer Transfer may be: Positive Positive Negative Negative Zero Zero Learning of new skill or performance in new situation influenced.

Transfer of Learning. Transfer Transfer may be: Positive Positive Negative Negative Zero Zero Learning of new skill or performance in new situation influenced.
Sep 06, 2005CS477: Analog and Digital Communications1 Introduction Analog and Digital Communications Autumn 2005-2006.

Sep 06, 2005CS477: Analog and Digital Communications1 Introduction Analog and Digital Communications Autumn
Information Theory Eighteenth Meeting. A Communication Model Messages are produced by a source transmitted over a channel to the destination. encoded.

Information Theory Eighteenth Meeting. A Communication Model Messages are produced by a source transmitted over a channel to the destination. encoded.
1 Chapter 1 Introduction. 2 Outline 1.1 A Very Abstract Summary 1.2 History 1.3 Model of the Signaling System 1.4 Information Source 1.5 Encoding a Source.

1 Chapter 1 Introduction. 2 Outline 1.1 A Very Abstract Summary 1.2 History 1.3 Model of the Signaling System 1.4 Information Source 1.5 Encoding a Source.
Information and Communication Unit 5, Lesson 4 Explanation Presentation 5.4.1 © 2011 International Technology and Engineering Educators Association, STEM.

Information and Communication Unit 5, Lesson 4 Explanation Presentation © 2011 International Technology and Engineering Educators Association, STEM.
Chapter 8 COMMUNICATION AND COMPUTER NETWORK

Chapter 8 COMMUNICATION AND COMPUTER NETWORK
The OSI Model A layered framework for the design of network systems that allows communication across all types of computer systems regardless of their.

The OSI Model A layered framework for the design of network systems that allows communication across all types of computer systems regardless of their.
Implementation of Distributed Air Traffic Control Simulator Ranko Radovanović, Miloš Cvetanović, Zaharije Radivojević School of Electrical Engineering,

Implementation of Distributed Air Traffic Control Simulator Ranko Radovanović, Miloš Cvetanović, Zaharije Radivojević School of Electrical Engineering,

Similar presentations

Ads by Google