Title :
Wire -- A Formal Intermediate Language for Binary Analysis
Author :
Cesare, Silvio ; Xiang, Yang
Author_Institution :
Sch. of Inf. Technol., Deakin Univ., Burwood, VIC, Australia
Abstract :
Wire is a intermediate language to enable static program analysis on low level objects such as native executables. It has practical benefit in analysing the structure and semantics of malware, or for identifying software defects in closed source software. In this paper we describe how an executable program is disassembled and translated to the Wire intermediate language. We define the formal syntax and operational semantics of Wire and discuss our justifications for its language features. We use Wire in our previous work Malwise, a malware variant detection system. We also examine applications for when a formally defined intermediate language is given. Our results include showing the semantic equivalence between obfuscated and non obfuscated code samples. These examples stem from the obfuscations commonly used by malware.
Keywords :
invasive software; programming languages; Wire; binary analysis; formal intermediate language; formal syntax; malware; operational semantics; software defects; source software; static program analysis; Abstracts; Assembly; Malware; Registers; Semantics; Software; Wires; Binary analysis; intermediate language; semantics;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on
Conference_Location :
Liverpool
Print_ISBN :
978-1-4673-2172-3
DOI :
10.1109/TrustCom.2012.301
