BCD: Decomposing Binary Code Into Components Using Graph-Based Clustering
| Title | BCD: Decomposing Binary Code Into Components Using Graph-Based Clustering |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Karande, Vishal, Chandra, Swarup, Lin, Zhiqiang, Caballero, Juan, Khan, Latifur, Hamlen, Kevin |
| Conference Name | Proceedings of the 2018 on Asia Conference on Computer and Communications Security |
| Publisher | ACM |
| ISBN Number | 978-1-4503-5576-6 |
| Keywords | binary code decomposition, components, compositionality, Cyber physical system, decomposition, graph-based clustering, Predictive Metrics, pubcrawl, Resiliency, Scientific Computing Security |
| Abstract | Complex software is built by composing components implementing largely independent blocks of functionality. However, once the sources are compiled into an executable, that modularity is lost. This is unfortunate for code recipients, for whom knowing the components has many potential benefits, such as improved program understanding for reverse-engineering, identifying shared code across different programs, binary code reuse, and authorship attribution. A novel approach for decomposing such source-free program executables into components is here proposed. Given an executable, the approach first statically builds a decomposition graph, where nodes are functions and edges capture three types of relationships: code locality, data references, and function calls. It then applies a graph-theoretic approach to partition the functions into disjoint components. A prototype implementation, BCD, demonstrates the approach's efficacy: Evaluation of BCD with 25 C++ binary programs to recover the methods belonging to each class achieves high precision and recall scores for these tested programs. |
| URL | https://dl.acm.org/doi/10.1145/3196494.3196504 |
| DOI | 10.1145/3196494.3196504 |
| Citation Key | karande_bcd:_2018 |