Degree Type

Thesis

Date of Award

2021

Degree Name

Master of Science

Department

Electrical and Computer Engineering

Major

Computer Engineering( Secureand Reliable Computing)

First Advisor

Suresh Kothari

Abstract

The software development process often requires the use of tools that the developers did not write themselves, such as a compiler. Additionally, when security researchers perform tasks such as binary analysis and reverse engineering disassembly and decompiler tools may be used which the researchers did not develop themselves. Yet in all of these cases, there is inherent trust placed in the tools that are being used for these tasks without thought to whether or not that trust is valid. In this work, we provide an overview of what has already been done in the realms of verification and establishment of this trust as well as show our contribution to this area. Our approach is taken through an algorithm that allows us to validate or invalidate that trust by comparing the control flow graphs (CFGs) for a piece of source code to the corresponding CFG for the disassembled binary. This is done by putting the source CFG through a series of program functionality preserving transforms that implement different control structure compiler optimizations. Then we are able to make use of a graph isomorphism algorithm to determine whether or not the two CFGs are isomorphic and determine if the trust is valid. We evaluate the effectiveness of this algorithm against the XINU codebase and report our results.

DOI

https://doi.org/10.31274/etd-20210609-59

Copyright Owner

Ryan Christopher Goluch

Language

en

File Format

application/pdf

File Size

109 pages

Share

COinS