RENN: Efficient Reverse Execution with Neural-Network-assisted Alias Analysis
Reverse execution and coredump analysis have long been used to diagnose the root cause of software crashes. Each of these techniques, however, face inherent challenges, such as insufficient capability when handling memory aliases. Recent works have used hypothesis testing to address this drawback, albeit with high computational complexity, making them impractical for real world applications. To address this issue, we propose a new deep neural architecture, which could significantly improve memory alias resolution. At the high level, our approach employs a recurrent neural network (RNN) to learn the binary code pattern pertaining to memory accesses. It then infers the memory region accessed by memory references. Since memory references to different regions naturally indicate a non-alias relationship, our neural architecture can greatly reduce the burden of doing hypothesis testing to track down non-alias relation in binary code.
Different from previous researches that have utilized deep learning for other binary analysis tasks, the neural network proposed in this work is fundamentally novel. Instead of simply using off-the-shelf neural networks, we designed a new recurrent neural architecture that could capture the data dependency between machine code segments.
To demonstrate the utility of our deep neural architecture, we implement it as RENN, a neural network-assisted reverse execution system. We utilize this tool to analyze software crashes corresponding to 40 memory corruption vulnerabilities from the real world. Our experiments show that RENN can significantly improve the efficiency of locating the root cause for the crashes. Compared to a state-of-the-art technique, RENN has 36.25% faster execution time on average, detects an average of 21.35% more non-alias pairs, and successfully identified the root cause of 12.5% more cases.
Thu 14 NovDisplayed time zone: Tijuana, Baja California change
13:40 - 15:20
Program AnalysisResearch Papers / Demonstrations at Cortez 1
Chair(s): Coen De Roover Vrije Universiteit Brussel
|Debreach: Mitigating Compression Side Channels via Static Analysis and Transformation|
Brandon Paulsen University of Southern California, Chungha Sung University of Southern California, Peter Peterson University of Minnesota Duluth, Chao Wang USC
|Fine-grain memory object representation in symbolic execution|
Martin Nowack Imperial College London
|RENN: Efficient Reverse Execution with Neural-Network-assisted Alias Analysis|
Dongliang Mu Nanjing University, Wenbo Guo The Pennsylvania State University, Alejandro Cuevas The Pennsylvania State University, Yueqi Chen The Pennsylvania State University, Jinxuan Gai The Pennsylvania State University, Xinyu Xing The Pennsylvania State University, Bing Mao Nanjing University, Chengyu Song UC Riverside
|Batch Alias Analysis|
Jyothi Vedurada IIT Madras, V Krishna Nandivada IIT MadrasPre-print
|Manticore: A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts|
Mark Mossberg Trail of Bits, Felipe Manzano Trail of Bits, Eric Hennenfent Trail of Bits, Alex Groce Northern Arizona University, Gustavo Grieco Trail of Bits, Josselin Feist Trail of Bits, Trent Brunson Trail of Bits, Artem Dinaburg Trail of BitsMedia Attached
|BuRRiTo: A Framework to Extract, Specify, Verify and Analyze Business Rules|
Pavan Kumar Chittimalli TCS Research, Kritika Anand TCS Research, Shrishti Pradhan TCS Research, Sayandeep Mitra TCS Research, Chandan Prakash TCS Research, Rohit Shere TCS Research, Ravindra Naik TCS Research, TRDDC, India