• Home
• Software tools
• Source code
• Samples and Data

lynx: Analysis of Hard-to-analyze Code

The lynx project aims to develop principled and general techniques and tools to automate the analysis of code that is hard to analyze. Here, "principled" refers to techniques that are based on the program's behavior, i.e., its semantics; and "general" means that we try to make as few assumptions as possible, and avoid the use of ad hoc or system-specific tricks.

Our current research has two foci:

• Understanding information flow via covert channels. The goal here is to understand the (deliberate) use of covert channels to propagate information through a system: e.g., between two parts of the same program (obfuscation) or among a set of programs (collusion). We are exploring both obfuscation based on covert channels as well as techniques for detecting covert channels for stealthy exfiltration of information.

• Optimization of interpretive systems. The goal here is to develop static and dynamic analysis techniques to optimize interpretive systems, i.e., systems consisting of programs that are executed using an interpreter together with various components of the runtime system, such as garbage collectors, JIT compilers, etc. Our ultimate objective is to specialize away most or all of the interpreter, leaving only the "pure" logic of the input program to be executed at much higher efficiency.

Publications

1. Representing and Reasoning about Dynamic Code, with Jesse Bartels and Jon Stephens.
   Proc. 35th. IEEE/ACM International Conference on Automated Software Engineering (ASE), Sept. 2020.
   Abstract  |  Paper (PDF)  |  Code (zip): Github or UArizona  |  Data
   
2. Probabilistic Obfuscation through Covert Channels, Jon Stephens, Babak Yadegari, Christian Collberg, Saumya Debray, and Carlos Scheidegger.
   Proc. Third IEEE European Symposium on Security and Privacy (EuroS&P), April 2018.
   Abstract
   Paper: PDF
3. Babak Yadegari and Saumya Debray. Control Dependencies in Interpretive Systems.
   Proc. 17th International Conference on Runtime Verification (RV 2017), Sept. 2017.
   Abstract
   Paper: PDF
4. Babak Yadegari, Jon Stephens, and Saumya Debray. Analysis of Exception-Based Control Transfers.
   Proc. 7th ACM Conference on Data and Application Security and Privacy (CODASPY), March 2017.
   Abstract
   Paper: PDF
5. Babak Yadegari and Saumya Debray. Symbolic Execution of Obfuscated Code.
   Proc. 22nd ACM Conference on Computer and Communications Security (CCS), Oct. 2015.
   Abstract
   Paper: PDF
6. Babak Yadegari, Brian Johannesmeyer, Benjamin Whitely, and Saumya Debray. A Generic Approach to Automatic Deobfuscation of Executable Code.
   Proc. 36th IEEE Symposium on Security and Privacy, May 2015.
   Abstract
   Paper: PDF
   Source code (tar.gz, 2.3 MB)   |   Input programs   |   Traces (tar.gz, 6.0 GB)
7. Jing Qiu, Babak Yadegari, Brian Johannesmeyer, Saumya Debray, and Xiaohong Su. Identifying and Understanding Self-Checksumming Defenses in Software.
   Proc. Fifth ACM Conference on Data and Application Security and Privacy (CODASPY), March 2015.
   Abstract
   Paper: PDF
8. Babak Yadegari and Saumya Debray. Bit-Level Taint Analysis.
   Proc. 14th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), Sept. 2014.
   Abstract
   Paper: PDF

9. Gen Lu and Saumya Debray. Weaknesses in Defenses Against Web-Borne Malware (Extended Abstract).
   10th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), July 2013.
   Abstract
   Paper: PDF

10. Gen Lu and Saumya Debray. Automatic Simplification of Obfuscated JavaScript Code: A Semantics-Based Approach.
    Proc. Sixth IEEE International Conference on Software Security and Reliability (SERE), pages 31–40. June 2012.
    Abstract
    Paper: PDF

11. Gen Lu, Kevin Coogan, and Saumya Debray. Automatic Simplification of Obfuscated JavaScript Code (Extended Abstract).
    Proc. ICISTM-12 Workshop on Program Protection and Reverse Engineering (PPREW). March 2012.
    Abstract
    Paper: PDF

12. Kevin Coogan, Gen Lu, and Saumya Debray. Deobfuscating Virtualization-Obfuscated Software: A Semantics-Based Approach.
    Proc. ACM Conference on Computer and Communications Security (CCS) Oct. 2011, pages 275-284.
    Abstract
    Paper: PDF

13. Kevin Coogan and Saumya Debray. Equational Reasoning on x86 Assembly Code.
    Proc. Eleventh IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), Sept. 2011.
    Abstract
    Paper: PDF

14. Jay Patel and Saumya Debray. Reverse Engineering Self-Modifying Code: Unpacker Extraction.
    Proc. 17th. IEEE Working Conference on Reverse Engineering, October 2010, pages 131-140.
    Abstract
    Paper: Postscript   |   PDF

15. Mila Dalla Preda, Roberto Giacobazzi, Saumya Debray, Kevin Coogan, and Gregg Townsend. Modelling Metamorphism by Abstract Interpretation.
    Proc. 17th. International Static Analysis Symposium (SAS), Sept. 2010, pages 218–235.
    Abstract
    Paper: Postscript   |   PDF

16. Kevin Coogan, Saumya Debray, Tasneem Kaochar, and Gregg Townsend. Automatic Static Unpacking of Malware Binaries.
    Proc. 16th. IEEE Working Conference on Reverse Engineering, October 2009, pp. 167-176.
    Abstract
    Paper: Postscript   |   PDF

17. Nithya Krishnamoorthy, Saumya Debray, and Keith Fligg. Static Detection of Disassembly Errors.
    Proc. 16th. IEEE Working Conference on Reverse Engineering, October 2009, pp. 259-268.
    Abstract
    Paper: Postscript   |   PDF

18. Saumya Debray, Kevin Coogan and Gregg Townsend. On the Semantics of Self-Unpacking Malware Code.
    Draft, July 2008.
    Abstract
    Paper: Postscript  |  PDF

---