Trust, transforms, and control flow: A graph-theoretic method to verifying source and binary control flow equivalence
Date
2021-05
Authors
Goluch, Ryan Christopher
Major Professor
Advisor
Kothari, Suresh
Tyagi, Akhilesh
Basu, Samik
Committee Member
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
The software development process often requires the use of tools that the developers did not write themselves, such as a compiler. Additionally, when security researchers perform tasks such as binary analysis and reverse engineering disassembly and decompiler tools may be used which the researchers did not develop themselves. Yet in all of these cases, there is inherent trust placed in the tools that are being used for these tasks without thought to whether or not that trust is valid. In this work, we provide an overview of what has already been done in the realms of verification and establishment of this trust as well as show our contribution to this area. Our approach is taken through an algorithm that allows us to validate or invalidate that trust by comparing the control flow graphs (CFGs) for a piece of source code to the corresponding CFG for the disassembled binary. This is done by putting the source CFG through a series of program functionality preserving transforms that implement different control structure compiler optimizations. Then we are able to make use of a graph isomorphism algorithm to determine whether or not the two CFGs are isomorphic and determine if the trust is valid. We evaluate the effectiveness of this algorithm against the XINU codebase and report our results.
Series Number
Journal Issue
Is Version Of
Versions
Series
Academic or Administrative Unit
Type
thesis