Symposium sur la sécurité des technologies de l'information et des communications

Conférence francophone sur le thème de la sécurité de l'information.
Elle a eu lieu à Rennes du 6 au 8 juin 2012.

Successes (and limitations) of (static) binary analysisHalvar Flake


Date : 08 juin 2012 à 12:15 — 45 min.

The last 10 to 12 years have seen drastic change for reverse engineers. Aside from the mainstreaming of this formerly-fringe activity, automated tools (both static and dynamic) have made big inroads. So what can be done automatically nowadays, and what can't be done ? Where are the frontiers - and what needs to be done for published academic work to become useful to the practitioner ? What limitations do we run into when using SMT solvers for exercising program paths ? What bug classes remain exceedingly hard for classical abstract-interpretation based static analyzers to detect with low false positives ? This talk will discuss the above questions and attempt to underline the core points with real-life examples.