This block seminar captures topics from the areas of reverse engineering and program analysis. Combining both areas yields a vast tool set for the analysis of IT systems. With security in mind the applications range from the discovery, exploitation and mitigation of security vulnerabilities to the detection, de-obfuscation and analysis of malicious code.
While static analysis techniques aim to deduce program properties by analyzing the code without execution, dynamic program analysis explore the properties of a program at run time.
In practice the a priori information available is often insufficient - no source code available, sparse information about the executing hardware, etc. In this case program analysis require further techniques. This is where reverse engineering comes in.
The seminar is organized like a real academic conference. You need to prepare a written paper (German or English) about the selected topic with 5-8 pages in ACM double-column style.
After submitting your paper at our conference system, you will write two short reviews about two of the papers submitted by your fellow students. In this way, you can give them feedback about how to improve their paper. Then, you will have time to improve your own final paper with reviews from the others.
Last but not least, you will give a 20 minutes talk about your paper, and we will provide drinks and pizza to enjoy the talks at our small conference.
News and important information will be distributed via a mailing list. All participants have to subscribe here to receive relevant updates.
A disassembler translates machine code into assembly code. Disassembly algorithms can be classified into linear sweep and recursive algorithms. Both classes have advantages and disadvantages of their own. Neither approach guarantees perfect results as different impediments can occur. For example, mixture of data and code or indirect jump instructions.
Decompilers aim at reconstructing high level source code from binary programs. The success of decompilation depends on the amount of information gathered from preceding analysis of the binary program.
Intermediate languages "lift" the assembly code obtained from a disassembler to a higher representation level more suitable for further analysis. Different intermediate languages used for binary analysis were developed over the time.
The problem of binary code similarity aims at determining whether two binary code fragments are similar. For example, the detection of similar functions can be used to detect vulnerable code. Especially firmware images often use parts of libraries known to be vulnerable.
Data dependence analysis is an instance of data flow analysis which can be applied to source code as well as binary code. The goal is to identify dependencies between different points in the program due to the writing and reading of data. This information can be useful to detect vulnerabilities in programs.
Especially in binary analysis, the knowledge of all possible values a register or memory location can attain at a certain program point is crucial for many analysis techniques. For example alias analysis and the resolution of indirect jumps profit from this information.
The aim of fuzz testing or fuzzing is to trigger unexpected behavior of a program by providing crafted input. Hence, fuzz testing is a dynamic analysis technique which runs a target program again and again while observing the programs behavior.
The Meltdown and Spectre attacks allow an attacker to read arbitrary memory on a victims system without requiring a software vulnerability. The pure software mitigations affect the performance of nearly all computer systems.