BAP is a publicly available infrastructure for performing program verification and analysis tasks on binary (i.e., executable) code. In this paper, we describe BAP as well as lessons learned from previous in-carnations of binary analysis platforms. BAP explicitly represents all side effects of instructions in an intermediate language (IL), making… (More)
Dynamic taint analysis and forward symbolic execution are quickly becoming staple techniques in security analyses. Example applications of dynamic taint analysis and forward symbolic execution include malware analysis, input filter generation, test case generation, and vulnerability discovery. Despite the widespread usage of these two techniques, there has… (More)
Prior work has shown that return oriented programming (ROP) can be used to bypass W⊕X, a software defense that stops shellcode, by reusing instructions from large libraries such as libc. Modern operating systems have since enabled address randomization (ASLR), which ran-domizes the location of libc, making these techniques unusable in practice. However,… (More)
The idea is to identify security-critical software bugs so they can be fixed first.
There are many security tools and techniques for finding bugs, but many of them assume access to source code. We propose leveraging decompilation, the study of recovering abstractions from binary code, as a technique for applying existing source-based tools and techniques to binary programs. A decompiler must have two properties to be used for security: it… (More)
Most simulation models for data communication networks encompass hundreds of parameters that can each take on millions of values. Such models are difficult to understand, parameterize and investigate. This paper explains how to model a modern data communication network concisely, using only 20 parameters. Further, the paper demonstrates how this concise… (More)
We propose, develop, and implement techniques for achieving contractual anonymity. In contractual anonymity , a user and service provider enter into an anonymity contract. The user is guaranteed anonymity and message unlinkability from the contractual anonymity system unless she breaks the contract. The service provider is guaranteed that it can identify… (More)