SCV: Structure and Constant Value based Binary Diffing

Author

Park, Heewan ; Choi, Seokwoo ; Seo, Sunae ; Han, Taisook

Author_Institution

Korea Adv. Inst. of Sci. & Technol., Daejeon

fYear

2008

fDate

24-26 April 2008

Firstpage

32

Lastpage

35

Abstract

Binary diffing is a method to find differences in similar binary executables such as two different versions of security patches. Diffing methods using flow information detect control flow changes very fast, but they cannot track constant value changes. We present a binary diffing tool named SCV which utilizes both structure and value information. SCV summarizes structure and constant value information from disassembled code, and matches the summaries to find differences. By analyzing a Microsoft Windows security patch KB938827, we showed that SCV found necessary differences caused by constant value changes which the state-of- the-art binary diffing tool BinDiff ´failed to find.

Keywords

data flow analysis; operating systems (computers); program assemblers; security of data; software tools; KB938827 Microsoft Windows security patch; SCV binary code diffing tool; binary executables; control flow change detection; disassembled code; Assembly; Binary codes; Failure analysis; Information security; Information technology; Inspection; Lab-on-a-chip; Operating systems; Registers; Shape; Binary comparison; binary control-flow graph; binary diffing;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Security and Assurance, 2008. ISA 2008. International Conference on

Conference_Location

Busan

Print_ISBN

978-0-7695-3126-7

Type

conf

DOI

10.1109/ISA.2008.29

Filename

4511529