Statistical reconstruction of class hierarchies in binaries

Omer Katz; Noam Rinetzky; Eran Yahav

doi:10.1145/3173162.3173202

Statistical reconstruction of class hierarchies in binaries

Omer Katz, Noam Rinetzky, Eran Yahav

School of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We address a fundamental problem in reverse engineering of object-oriented code: the reconstruction of a program's class hierarchy from its stripped binary. Existing approaches rely heavily on structural information that is not always available, e.g., calls to parent constructors. As a result, these approaches often leave gaps in the hierarchies they construct, or fail to construct them altogether. Our main insight is that behavioral information can be used to infer subclass/superclass relations, supplementing any missing structural information. Thus, we propose the first statistical approach for static reconstruction of class hierarchies based on behavioral similarity. We capture the behavior of each type using a statistical language model (SLM), define a metric for pair-wise similarity between types based on the Kullback-Leibler divergence between their SLMs, and lift it to determine the most likely class hierarchy. We implemented our approach in a tool called Rock and used it to automatically reconstruct the class hierarchies of several real-world stripped C++ binaries. Our results demonstrate that Rock obtained significantly more accurate class hierarchies than those obtained using structural analysis alone.

Original language	English
Title of host publication	Proceedings of the 23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018
Publisher	Association for Computing Machinery
Pages	363-376
Number of pages	14
Volume	53
Edition	2
ISBN (Electronic)	9781450349116
DOIs	https://doi.org/10.1145/3173162.3173202
State	Published - 19 Mar 2018
Event	23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018 - Williamsburg, United States Duration: 24 Mar 2018 → 28 Mar 2018

Conference

Conference	23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018
Country/Territory	United States
City	Williamsburg
Period	24/03/18 → 28/03/18

Access to Document

10.1145/3173162.3173202

Cite this

@inproceedings{b147a9219c204106aef2c8d3252c6b06,

title = "Statistical reconstruction of class hierarchies in binaries",

abstract = "We address a fundamental problem in reverse engineering of object-oriented code: the reconstruction of a program's class hierarchy from its stripped binary. Existing approaches rely heavily on structural information that is not always available, e.g., calls to parent constructors. As a result, these approaches often leave gaps in the hierarchies they construct, or fail to construct them altogether. Our main insight is that behavioral information can be used to infer subclass/superclass relations, supplementing any missing structural information. Thus, we propose the first statistical approach for static reconstruction of class hierarchies based on behavioral similarity. We capture the behavior of each type using a statistical language model (SLM), define a metric for pair-wise similarity between types based on the Kullback-Leibler divergence between their SLMs, and lift it to determine the most likely class hierarchy. We implemented our approach in a tool called Rock and used it to automatically reconstruct the class hierarchies of several real-world stripped C++ binaries. Our results demonstrate that Rock obtained significantly more accurate class hierarchies than those obtained using structural analysis alone.",

author = "Omer Katz and Noam Rinetzky and Eran Yahav",

note = "Publisher Copyright: {\textcopyright} 2018 Copyright held by the owner/author(s).; null ; Conference date: 24-03-2018 Through 28-03-2018",

year = "2018",

month = mar,

day = "19",

doi = "10.1145/3173162.3173202",

language = "אנגלית",

volume = "53",

pages = "363--376",

booktitle = "Proceedings of the 23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018",

publisher = "Association for Computing Machinery",

edition = "2",

}

Katz, O, Rinetzky, N & Yahav, E 2018, Statistical reconstruction of class hierarchies in binaries. in Proceedings of the 23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018. 2 edn, vol. 53, Association for Computing Machinery, pp. 363-376, 23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018, Williamsburg, United States, 24/03/18. https://doi.org/10.1145/3173162.3173202

Statistical reconstruction of class hierarchies in binaries. / Katz, Omer; Rinetzky, Noam; Yahav, Eran.

Proceedings of the 23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018. Vol. 53 2. ed. Association for Computing Machinery, 2018. p. 363-376.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Statistical reconstruction of class hierarchies in binaries

AU - Katz, Omer

AU - Rinetzky, Noam

AU - Yahav, Eran

PY - 2018/3/19

Y1 - 2018/3/19

N2 - We address a fundamental problem in reverse engineering of object-oriented code: the reconstruction of a program's class hierarchy from its stripped binary. Existing approaches rely heavily on structural information that is not always available, e.g., calls to parent constructors. As a result, these approaches often leave gaps in the hierarchies they construct, or fail to construct them altogether. Our main insight is that behavioral information can be used to infer subclass/superclass relations, supplementing any missing structural information. Thus, we propose the first statistical approach for static reconstruction of class hierarchies based on behavioral similarity. We capture the behavior of each type using a statistical language model (SLM), define a metric for pair-wise similarity between types based on the Kullback-Leibler divergence between their SLMs, and lift it to determine the most likely class hierarchy. We implemented our approach in a tool called Rock and used it to automatically reconstruct the class hierarchies of several real-world stripped C++ binaries. Our results demonstrate that Rock obtained significantly more accurate class hierarchies than those obtained using structural analysis alone.

AB - We address a fundamental problem in reverse engineering of object-oriented code: the reconstruction of a program's class hierarchy from its stripped binary. Existing approaches rely heavily on structural information that is not always available, e.g., calls to parent constructors. As a result, these approaches often leave gaps in the hierarchies they construct, or fail to construct them altogether. Our main insight is that behavioral information can be used to infer subclass/superclass relations, supplementing any missing structural information. Thus, we propose the first statistical approach for static reconstruction of class hierarchies based on behavioral similarity. We capture the behavior of each type using a statistical language model (SLM), define a metric for pair-wise similarity between types based on the Kullback-Leibler divergence between their SLMs, and lift it to determine the most likely class hierarchy. We implemented our approach in a tool called Rock and used it to automatically reconstruct the class hierarchies of several real-world stripped C++ binaries. Our results demonstrate that Rock obtained significantly more accurate class hierarchies than those obtained using structural analysis alone.

UR - http://www.scopus.com/inward/record.url?scp=85060113648&partnerID=8YFLogxK

U2 - 10.1145/3173162.3173202

DO - 10.1145/3173162.3173202

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85060113648

VL - 53

SP - 363

EP - 376

BT - Proceedings of the 23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018

PB - Association for Computing Machinery

Y2 - 24 March 2018 through 28 March 2018

ER -

Statistical reconstruction of class hierarchies in binaries

Abstract

Conference

Access to Document

Other files and links

Fingerprint

Cite this