25th USENIX Security Symposium has ended
Back To Schedule
Thursday, August 11 • 3:00pm - 3:30pm
An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

It is well-known that static disassembly is an unsolved problem, but how much of a problem is it in real software— for instance, for binary protection schemes? This work studies the accuracy of nine state-of-the-art disassemblers on 981 real-world compiler-generated binaries with a wide variety of properties. In contrast, prior work focuses on isolated corner cases; we show that this has led to a widespread and overly pessimistic view on the prevalence of complex constructs like inline data and overlapping code, leading reviewers and researchers to underestimate the potential of binary-based research. On the other hand, some constructs, such as function boundaries, are much harder to recover accurately than is reflected in the literature, which rarely discusses much needed error handling for these primitives. We study 30 papers recently published in six major security venues, and reveal a mismatch between expectations in the literature, and the actual capabilities of modern disassemblers. Our findings help improve future research by eliminating this mismatch.

avatar for Herbert Bos

Herbert Bos

Full professor, Vrije Universiteit Amsterdam
Herbert Bos is a full professor at VUSec, the systems security group at Vrije Universiteit Amsterdam in the Netherlands. He obtained his Ph.D. from Cambridge University Computer Laboratory (UK). Coming from a systems background, he drifted into security a few years ago and never left... Read More →

Thursday August 11, 2016 3:00pm - 3:30pm PDT
Zilker Ballroom 2