The University of Arizona
banner image

lynx: Analysis of Hard-to-analyze Code

lynx-logo The lynx project aims to develop principled and general techniques and tools to automate the analysis of code that is hard to analyze. Here, "principled" refers to techniques that are based on the program's behavior, i.e., its semantics; and "general" means that we try to make as few assumptions as possible, and avoid the use of ad hoc or system-specific tricks.

Our current research has two foci:

Publications

  1. Control Dependencies in Interpretive Systems, with Babak Yadegari.
    Proc. 17th International Conference on Runtime Verification (RV 2017), Sept. 2017.
    Abstract
    Paper: PDF
  2. Analysis of Exception-Based Control Transfers, with Babak Yadegari and Jon Stephens.
    Proc. 7th ACM Conference on Data and Application Security and Privacy (CODASPY), March 2017.
    Abstract
    Paper: PDF
  3. Symbolic Execution of Obfuscated Code, with Babak Yadegari.
    Proc. 22nd ACM Conference on Computer and Communications Security (CCS), Oct. 2015.
    Abstract
    Paper: PDF
  4. A Generic Approach to Automatic Deobfuscation of Executable Code, with Babak Yadegari, Brian Johannesmeyer, and Benjamin Whitely.
    Proc. 36th IEEE Symposium on Security and Privacy, May 2015.
    Abstract
    Paper: PDF
    Source code (tar.gz, 2.3 MB)   |   Input programs   |   Traces (tar.gz, 6.0 GB)
  5. Identifying and Understanding Self-Checksumming Defenses in Software, with Jing Qiu, Babak Yadegari, Brian Johannesmeyer, and Xiaohong Su.
    Proc. Fifth ACM Conference on Data and Application Security and Privacy (CODASPY), March 2015.
    Abstract
    Paper: PDF
  6. Bit-Level Taint Analysis, with Babak Yadegari.
    Proc. 14th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), Sept. 2014.
    Abstract
    Paper: PDF

  7. Weaknesses in Defenses Against Web-Borne Malware (Extended Abstract), with Gen Lu.
    10th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), July 2013.
    Abstract
    Paper: PDF

  8. Automatic Simplification of Obfuscated JavaScript Code: A Semantics-Based Approach, with Gen Lu.
    Proc. Sixth IEEE International Conference on Software Security and Reliability (SERE), pages 31–40. June 2012.
    Abstract
    Paper: PDF

  9. Automatic Simplification of Obfuscated JavaScript Code (Extended Abstract), with Gen Lu and Kevin Coogan.
    Proc. ICISTM-12 Workshop on Program Protection and Reverse Engineering (PPREW). March 2012.
    Abstract
    Paper: PDF

  10. Deobfuscating Virtualization-Obfuscated Software: A Semantics-Based Approach. Kevin Coogan, Gen Lu, and Saumya Debray.
    Proc. ACM Conference on Computer and Communications Security (CCS) Oct. 2011, pages 275-284.
    Abstract
    Paper: PDF

  11. Equational Reasoning on x86 Assembly Code. Kevin Coogan and Saumya Debray.
    Proc. Eleventh IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), Sept. 2011.
    Abstract
    Paper: PDF

  12. Reverse Engineering Self-Modifying Code: Unpacker Extraction. Jay Patel and Saumya Debray.
    Proc. 17th. IEEE Working Conference on Reverse Engineering, October 2010, pages 131-140.
    Abstract
    Paper: Postscript   |   PDF

  13. Modelling Metamorphism by Abstract Interpretation. Mila Dalla Preda, Roberto Giacobazzi, Saumya Debray, Kevin Coogan, and Gregg Townsend.
    Proc. 17th. International Static Analysis Symposium (SAS), Sept. 2010, pages 218–235.
    Abstract
    Paper: Postscript   |   PDF

  14. Automatic Static Unpacking of Malware Binaries. Kevin Coogan, Saumya Debray, Tasneem Kaochar, and Gregg Townsend.
    Proc. 16th. IEEE Working Conference on Reverse Engineering, October 2009, pp. 167-176.
    Abstract
    Paper: Postscript   |   PDF

  15. Static Detection of Disassembly Errors. Nithya Krishnamoorthy, Saumya Debray, and Keith Fligg.
    Proc. 16th. IEEE Working Conference on Reverse Engineering, October 2009, pp. 259-268.
    Abstract
    Paper: Postscript   |   PDF

  16. On the Semantics of Self-Unpacking Malware Code. Saumya Debray, Kevin Coogan and Gregg Townsend.
    Draft, July 2008.
    Abstract
    Paper: Postscript  |  PDF