Full metadata
Title
Visualizing Information Flow Graph-Based Approach to Tracing Data Dependencies for Binary Analysis
Description
Binary analysis and software debugging are critical tools in the modern softwaresecurity ecosystem. With the security arms race between attackers discovering and
exploiting vulnerabilities and the development teams patching bugs ever-tightening,
there is an immense need for more tooling to streamline the binary analysis and
debugging processes. Whether attempting to find the root cause for a buffer overflow
or a segmentation fault, the analysis process often involves manually tracing the
movement of data throughout a program’s life cycle. Up until this point, there has
not been a viable solution to the human limitation of maintaining a cohesive mental
image of the intricacies of a program’s data flow.
This thesis proposes a novel data dependency graph (DDG) analysis as an addi-
tion to angr’s analyses suite. This new analysis ingests a symbolic execution trace
in order to generate a directed acyclic graph of the program’s data dependencies. In
addition to the development of the backend logic needed to generate this graph, an
angr management view to visualize the DDG was implemented. This user interface
provides functionality for ancestor and descendant dependency tracing and sub-graph
creation. To evaluate the analysis, a user study was conducted to measure the view’s
efficacy in regards to binary analysis and software debugging. The study consisted
of a control group and experimental group attempting to solve a series of 3 chal-
lenges and subsequently providing feedback concerning perceived functionality and
comprehensibility pertaining to the view.
The results show that the view had a positive trend in relation to challenge-solving
accuracy in its target domain, as participants solved 32% more challenges 21% faster
when using the analysis than when using vanilla angr management.
Date Created
2022
Contributors
- Capuano, Bailey Kellen (Author)
- Shoshitaishvili, Yan (Thesis advisor)
- Wang, Ruoyu (Thesis advisor)
- Doupe, Adam (Committee member)
- Arizona State University (Publisher)
Topical Subject
Resource Type
Extent
69 pages
Language
eng
Copyright Statement
In Copyright
Primary Member of
Peer-reviewed
No
Open Access
No
Handle
https://hdl.handle.net/2286/R.2.N.171711
Level of coding
minimal
Cataloging Standards
Note
Partial requirement for: M.S., Arizona State University, 2022
Field of study: Computer Science
System Created
- 2022-12-20 06:19:18
System Modified
- 2022-12-20 06:19:18
- 1 year 10 months ago
Additional Formats