Sanitizing Software of Malicious and Unauthorized Code
Small Business Information
317 N. Aurora Street, Ithaca, NY, 14850
AbstractThe problem of malicious code inserted by a hostile inside attacker is of increasing concern to the government. The most efficient time to detect such code is during development. This is currently very difficult as malicious code can often be disguised as an innocent error, and because much code will only be available as object code. Sound static analysis tools that are capable of analyzing machine code directly offer the best hope of detecting these problems. A survey of over fifty static analysis tools in Phase I found that none were capable of addressing this issue. In Phase II we propose to develop such a tool. It will leverage both high-level source information and the actual machine code to create a precise program representation that has many applications in addition to malicious code detection, including machine-code analysis and executable editing. It will offer two modes: a lightweight screening mode requiring few resources but which will fail to detect some problems, and a much sounder mode capable of a much more stringent analysis. The tool will directly benefit software protection as its more precise intermediate representation will enable better and stronger anti-reverse-engineering transformations.
* information listed above is at the time of submission.