Statistical reconstruction of class hierarchies in binaries

Omer Katz, Noam Rinetzky, Eran Yahav

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

12 Scopus citations

Abstract

We address a fundamental problem in reverse engineering of object-oriented code: the reconstruction of a program's class hierarchy from its stripped binary. Existing approaches rely heavily on structural information that is not always available, e.g., calls to parent constructors. As a result, these approaches often leave gaps in the hierarchies they construct, or fail to construct them altogether. Our main insight is that behavioral information can be used to infer subclass/-superclass relations, supplementing any missing structural information. Thus, we propose the first statistical approach for static reconstruction of class hierarchies based on behavioral similarity. We capture the behavior of each type using a statistical language model (SLM), define a metric for pairwise similarity between types based on the Kullback-Leibler divergence between their SLMs, and lift it to determine the most likely class hierarchy. We implemented our approach in a tool called Rock and used it to automatically reconstruct the class hierarchies of several real-world stripped C++ binaries. Our results demonstrate that Rock obtained significantly more accurate class hierarchies than those obtained using structural analysis alone.

Original languageEnglish
Title of host publicationASPLOS 2018 - 23rd International Conference on Architectural Support for Programming Languages and Operating Systems
PublisherAssociation for Computing Machinery
Pages363-376
Number of pages14
ISBN (Electronic)9781450349116
DOIs
StatePublished - 19 Mar 2018
Event23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018 - Williamsburg, United States
Duration: 24 Mar 201828 Mar 2018

Publication series

NameInternational Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS

Conference

Conference23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018
Country/TerritoryUnited States
CityWilliamsburg
Period24/03/1828/03/18

Funding

FundersFunder number
European Union’s Seventh Frame-work Programme
Israel Science Foundation1319/16
Seventh Framework Programme615688

    Fingerprint

    Dive into the research topics of 'Statistical reconstruction of class hierarchies in binaries'. Together they form a unique fingerprint.

    Cite this