Project Description
In many cases, one only has access to the binary code of an application without having access to its source code, and this necessitates the ability to check for bugs and
vulnerabilities in binary code. It is common for developers to introduce bugs or vulnerabilities while updating or patching an application. Hence, checking for similarities and differences between the two versions of the binary code of an application, to make sure whether the changes made are expected or not, and also to check whether the vital functionalities of the application are working properly or not is a crucial research problem.
The comparison between the functionality of binary files is difficult because binary code may change if it is recompiled with another compiler, or with the same compiler but with different optimizations, or for a different target operating system or CPU architecture. Furthermore, obfuscated transformations can also be applied to the source or binary code which makes it even more difficult to compare the functionality of two binary files. Therefore, binary code comparison is not only an important problem, but it is also a challenging one that requires innovative solutions.
In this project, we are aiming to perform differential symbolic execution on different versions of binary code to find semantic similarities and differences between them. The proposed approach will collect the path conditions along with the return values from two binaries using symbolic execution and will check their equivalence with the goal of finding bugs or vulnerabilities.
Team Members
- Sophia Weiler
- Jeffrey Mun
- Erica Liu
- Adrian Lindell
Professor and Mentors
- Prof. Tevfik Bultan
- Grad mentor: Laboni Sarker
Meeting Time
- Meeting with the Professor
- Lab meetings: Mondays 10a - 12p
- Meeting with Grad mentor
- Thursday 2-2:30
- ERSP meeting with central mentors
- Chinmay: TBD
- Diba: TBD
- ERSP team meeting
- Wednesdays 5-7p
Links to Proposals and Presentation
- Proposal (first draft): link
- Proposal (after peer review): link
- Final Proposal (after instructor's feedback): link
- Final presentation: link