forked from angr/angr-doc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
angr-papers.bib
414 lines (358 loc) · 14.7 KB
/
angr-papers.bib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
%
% Papers from the angr authors -- single institution.
%
@inproceedings{shoshitaishvili2015firmalice,
title={Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware.},
author={Shoshitaishvili, Yan and Wang, Ruoyu and Hauser, Christophe and Kruegel, Christopher and Vigna, Giovanni},
booktitle={NDSS},
year={2015}
}
@inproceedings{stephens2016driller,
title={Driller: Augmenting Fuzzing Through Selective Symbolic Execution.},
author={Stephens, Nick and Grosen, John and Salls, Christopher and Dutcher, Audrey and Wang, Ruoyu and Corbetta, Jacopo and Shoshitaishvili, Yan and Kruegel, Christopher and Vigna, Giovanni},
booktitle={NDSS},
volume={16},
pages={1--16},
year={2016}
}
@inproceedings{shoshitaishvili2016sok,
title={Sok: (State of) the art of war: Offensive techniques in binary analysis},
author={Shoshitaishvili, Yan and Wang, Ruoyu and Salls, Christopher and Stephens, Nick and Polino, Mario and Dutcher, Audrey and Grosen, John and Feng, Siji and Hauser, Christophe and Kruegel, Christopher and others},
booktitle={Security and Privacy (SP), 2016 IEEE Symposium on},
pages={138--157},
year={2016},
organization={IEEE}
}
@article{wang2017ramblr,
title={Ramblr: Making Reassembly Great Again},
author={Wang, Ruoyu and Shoshitaishvili, Yan and Bianchi, Antonio and Machiry, Aravind and Grosen, John and Grosen, Paul and Kruegel, Christopher and Vigna, Giovanni},
booktitle={NDSS},
year={2017}
}
@article{redini2017bootstomp,
title={{BootStomp}: On the Security of Bootloaders in Mobile Devices},
author={Redini, Nilo and Machiry, Aravind and Das, Dipanjan and Fratantonio, Yanick and Bianchi, Antonio and Gustafson, Eric and Shoshitaishvili, Yan and Kruegel, Christopher and Vigna, Giovanni},
booktitle={USENIX Security Symposium},
year={2017}
}
@article{shellphish2017cyber,
title={Cyber Grand Shellphish},
author={Shellphish},
booktitle={Phrack Magazine},
note={\url{http://phrack.org/papers/cyber_grand_shellphish.html}},
year={2017}
}
%
% Papers from the angr authors -- multi-institutiton.
%
@article{machiry2017boomerang,
title={{BOOMERANG}: Exploiting the Semantic Gap in Trusted Execution Environments},
author={Aravind Machiry and Eric Gustafson and Chad Spensky and Chris Salls and Nick Stephens and Ruoyu Wang and Antonio Bianchi and Yung Ryn Choe and Christopher Kruegel and Giovanni Vigna},
booktitle={NDSS},
year={2017}
}
@inproceedings{bao2017your,
title={Your Exploit is Mine: Automatic Shellcode Transplant for Remote Exploits},
author={Bao, Tiffany and Wang, Ruoyu and Shoshitaishvili, Yan and Brumley, David},
booktitle={Security and Privacy (SP), 2017 IEEE Symposium on},
pages={824--839},
year={2017},
organization={IEEE}
}
@article{shoshitaishvili2017rise,
title={{Rise of the HaCRS}: Augmenting Automated Cyber Reasoning Systems With Human Assistance},
author={Yan Shoshitaishvili and Michael Weissbacher and Lukas Dresel and Christopher Salls and Ruoyu Wang and Christopher Kruegel and Giovanni Vigna},
journal={ACM Conference on Computer and Communications Security},
year={2017}
}
@inproceedings{salls2017piston,
title={Piston: Uncooperative Remote Runtime Patching},
author={Salls, Christopher and Shoshitaishvili, Yan and Stephens, Nick and Kruegel, Christopher and Vigna, Giovanni},
booktitle={Proceedings of the 33rd Annual Computer Security Applications Conference},
pages={141--153},
year={2017},
organization={ACM}
}
@article{menonbinary,
title={A binary analysis approach to retrofit security in input parsing routines},
author={Menon, Jayakrishna and Hauser, Christophe and Shoshitaishvili, Yan and Schwab, Stephen}
journal={IEEE LangSec Workshop},
year={2018}
}
%
% Other papers.
%
@inproceedings{vogl2014dynamic,
title={Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data.},
author={Vogl, Sebastian and Gawlik, Robert and Garmany, Behrad and Kittel, Thomas and Pfoh, Jonas and Eckert, Claudia and Holz, Thorsten},
booktitle={USENIX Security Symposium},
pages={813--828},
year={2014}
}
@inproceedings{pewny2015cross,
title={Cross-architecture bug search in binary executables},
author={Pewny, Jannik and Garmany, Behrad and Gawlik, Robert and Rossow, Christian and Holz, Thorsten},
booktitle={Security and Privacy (SP), 2015 IEEE Symposium on},
pages={709--724},
year={2015},
organization={IEEE}
}
@inproceedings{wollgast2016automated,
title={Automated Multi-Architectural Discovery of CFI-Resistant Code Gadgets},
author={Wollgast, Patrick and Gawlik, Robert and Garmany, Behrad and Kollenda, Benjamin and Holz, Thorsten},
booktitle={European Symposium on Research in Computer Security},
pages={602--620},
year={2016},
organization={Springer}
}
@mastersthesis{parvez2016combining,
title={Combining static analysis and targeted symbolic execution for scalable bug-finding in application binaries},
author={Parvez, Muhammad Riyad},
year={2016},
school={University of Waterloo}
}
@inproceedings{taylor2016tool,
title={A Tool for Teaching Reverse Engineering.},
author={Taylor, Clark and Colberg, Christian},
booktitle={ASE@ USENIX Security Symposium},
year={2016}
}
@incollection{zheng2016lightweight,
title={A Lightweight Method for Accelerating Discovery of Taint-Style Vulnerabilities in Embedded Systems},
author={Zheng, Yaowen and Cheng, Kai and Li, Zhi and Pan, Shiran and Zhu, Hongsong and Sun, Limin},
booktitle={Information and Communications Security},
pages={27--36},
year={2016},
publisher={Springer}
}
@inproceedings{buhov2016catch,
title={Catch Me if You Can! {T}ransparent Detection of Shellcode},
author={Buhov, Damjan and Thron, Richard and Schrittwieser, Sebastian},
booktitle={Software Security and Assurance (ICSSA), 2016 International Conference on},
pages={60--63},
year={2016},
organization={IEEE}
}
@inproceedings{liu2016security,
title={Security Analysis of Vendor Customized Code in Firmware of Embedded Device},
author={Liu, Muqing and Zhang, Yuanyuan and Li, Juanru and Shu, Junliang and Gu, Dawu},
booktitle={International Conference on Security and Privacy in Communication Systems},
pages={722--739},
year={2016},
organization={Springer}
}
@inproceedings{follner2016pshape,
title={{PSHAPE}: Automatically combining gadgets for arbitrary method execution},
author={Follner, Andreas and Bartel, Alexandre and Peng, Hui and Chang, Yu-Chen and Ispoglou, Kyriakos and Payer, Mathias and Bodden, Eric},
booktitle={International Workshop on Security and Trust Management},
pages={212--228},
year={2016},
organization={Springer}
}
@inproceedings{wang2017semdiff,
title={SemDiff: Finding Semtic Differences in Binary Programs based on Angr},
author={Wang, Shi-Chao and Liu, Chu-Lei and Li, Yao and Xu, Wei-Yang},
booktitle={ITM Web of Conferences},
volume={12},
pages={03029},
year={2017},
organization={EDP Sciences}
}
@article{hauserposter,
title={Poster: End-to-End Service for System Security Experimentation},
author={Hauser, Christophe and Liang, Zhenkai and Schwab, Stephen}
}
@article{alston2017concolic,
title={Concolic Execution as a General Method of Determining Local Malware Signatures},
author={Alston, Aubrey},
journal={arXiv preprint arXiv:1705.05514},
year={2017}
}
@inproceedings{qiao2017function,
title={Function interface analysis: A principled approach for function recognition in COTS binaries},
author={Qiao, Rui and Sekar, R},
booktitle={Dependable Systems and Networks (DSN), 2017 47th Annual IEEE/IFIP International Conference on},
pages={201--212},
year={2017},
organization={IEEE}
}
@article{lisem2017hunt,
title={SemHunt: Identifying Vulnerability Type with Double Validation in Binary Code},
author={Li, Yao and Xu, Weiyang and Tang, Yong and Mi, Xianya and Wang, Baosheng},
journal={International Conference on Software Engineering and Knowledge Engineering},
year={2017},
}
@article{hernandez2017firmusb,
title={FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution},
author={Hernandez, Grant and Fowze, Farhaan and Yavuz, Tuba and Butler, Kevin RB and others},
journal={ACM Conference on Computer and Communications Security},
year={2017}
}
@inproceedings{cojocar2017jtr,
title={{JTR}: A Binary Solution for Switch-Case Recovery},
author={Cojocar, Lucian and Kroes, Taddeus and Bos, Herbert},
booktitle={International Symposium on Engineering Secure Software and Systems},
pages={177--195},
year={2017},
organization={Springer}
}
@inproceedings{kirsch2017combating,
title={Combating Control Flow Linearization},
author={Kirsch, Julian and Jonischkeit, Clemens and Kittel, Thomas and Zarras, Apostolis and Eckert, Claudia},
booktitle={IFIP International Conference on ICT Systems Security and Privacy Protection},
pages={385--398},
year={2017},
organization={Springer}
}
@article{rinsma2017automatic,
title={Automatic Library Version Identification, an Exploration of Techniques},
author={Rinsma, Thomas},
journal={arXiv preprint arXiv:1703.00298},
year={2017}
}
@inproceedings{baldoni2017assisting,
title={Assisting Malware Analysis with Symbolic Execution: A Case Study},
author={Baldoni, Roberto and Coppa, Emilio and D’Elia, Daniele Cono and Demetrescu, Camil},
booktitle={International Conference on Cyber Security Cryptography and Machine Learning},
pages={171--188},
year={2017},
organization={Springer}
}
@inproceedings{david2017similarity,
title={Similarity of binaries through re-optimization},
author={David, Yaniv and Partush, Nimrod and Yahav, Eran},
booktitle={Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation},
pages={79--94},
year={2017},
organization={ACM}
}
@inproceedings{xu2017concolic,
title={Concolic Execution on Small-Size Binaries: Challenges and Empirical Study},
author={Xu, Hui and Zhou, Yangfan and Kang, Yu and Lyu, Michael R},
booktitle={Dependable Systems and Networks (DSN), 2017 47th Annual IEEE/IFIP International Conference on},
pages={181--188},
year={2017},
organization={IEEE}
}
@inproceedings{abbasi2017mu,
title={$\mu$ Shield},
author={Abbasi, Ali and Wetzels, Jos and Bokslag, Wouter and Zambon, Emmanuele and Etalle, Sandro},
booktitle={International Conference on Network and System Security},
pages={694--709},
year={2017},
organization={Springer}
}
@inproceedings{andriesse2016depth,
title={An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries.},
author={Andriesse, Dennis and Chen, Xi and van der Veen, Victor and Slowinska, Asia and Bos, Herbert},
booktitle={USENIX Security Symposium},
pages={583--600},
year={2016}
}
@inproceedings{liu2017survey,
title={A Survey of Search Strategies in the Dynamic Symbolic Execution},
author={Liu, Yu and Zhou, Xu and Gong, Wei-Wei},
booktitle={ITM Web of Conferences},
volume={12},
pages={03025},
year={2017},
organization={EDP Sciences}
}
@mastersthesis{krak2017cycle,
title={Cycle-Accurate Timing Channel Analysis of Binary Code},
author={Krak, Roeland},
year={2017},
school={University of Twente}
}
@inproceedings{hu2017binary,
title={Binary code clone detection across architectures and compiling configurations},
author={Hu, Yikun and Zhang, Yuanyuan and Li, Juanru and Gu, Dawu},
booktitle={Proceedings of the 25th International Conference on Program Comprehension},
pages={88--98},
year={2017},
organization={IEEE Press}
}
@article{honig2017autonomous,
title={Autonomous Exploitation of System Binaries using Symbolic Analysis},
author={Honig, Joran},
booktitle={Proceedings of the 27th Twente Student Conference on IT},
year={2017}
}
@inproceedings{coppa2017rethinking,
title={Rethinking pointer reasoning in symbolic execution},
author={Coppa, Emilio and D’Elia, Daniele Cono and Demetrescu, Camil},
booktitle={Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering},
pages={613--618},
year={2017},
organization={IEEE Press}
}
@article{said2017detection,
title={Detection of Mirai by Syntactic and Semantic Analysis},
author={Said, Najah Ben and Biondi, Fabrizio and Bontchev, Vesselin and Decourbe, Olivier and Given-Wilson, Thomas and Legay, Axel and Quilbeuf, Jean},
year={2017}
}
@article{palavicinitowards,
title={Towards Firmware Analysis of Industrial Internet of Things (IIoT)},
author={Palavicini Jr, Geancarlo and Bryan, Josiah and Sheets, Eaven and Kline, Megan and San Miguel, John}
}
@article{xu2017benchmarking,
title={On Benchmarking the Capability of Symbolic Execution Tools with Logic Bombs},
author={Xu, Hui and Zhao, Zirui and Zhou, Yangfan and Lyu, Michael R},
journal={arXiv preprint arXiv:1712.01674},
year={2017}
}
@article{collberg2018probabilistic,
title={Probabilistic Obfuscation through Covert Channels},
author={Collberg, Jon Stephens Babak Yadegari Christian and Debray, Saumya and Scheidegger, Carlos},
booktitle={Security and Privacy (EuroS&P), 2018 IEEE European Symposium on},
year={2018},
organization={IEEE}
}
@article{zhang2017hybrid,
title={A Hybrid Symbolic Execution Assisted Fuzzing Method},
author={Zhang, Li and THING, VRIZLYNN},
booktitle={IEEE TENCON},
year={2017}
}
@inproceedings{barany2018finding,
title={Finding Missed Compiler Optimizations by Differential Testing},
author={Barany, Gerg{\"o}},
booktitle={27th International Conference on Compiler Construction},
year={2018}
}
@inproceedings{van2017differential,
title={Differential Fault Analysis Using Symbolic Execution},
author={van Woudenberg, Jasper and Breunesse, Cees-Bart and Velegalati, Rajesh and Yalla, Panasayya and Gonzalez, Sergio},
booktitle={Proceedings of the 7th Software Security, Protection, and Reverse Engineering/Software Security and Protection Workshop},
pages={4},
year={2017},
organization={ACM}
}
@inproceedings{biondo2018back,
title={Back To The Epilogue: Evading Control Flow Guard via Unaligned Targets},
author={Biondo, Andrea and Conti, Mauro and Lain, Daniele},
booktitle={NDSS},
year={2018}
}
@article{chen2018sgxpectre,
title={SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution},
author={Chen, Guoxing and Chen, Sanchuan and Xiao, Yuan and Zhang, Yinqian and Lin, Zhiqiang and Lai, Ten H},
journal={arXiv preprint arXiv:1802.09085},
year={2018}
}
@inproceedings{de2018elisa,
title={ELISA: ELiciting ISA of Raw Binaries for Fine-grained Code and Data Separation},
author={De Nicolao, Pietro and Pogliani, Marcello and Polino, Mario and Carminati, Michele and Quarta, Davide and Zanero, Stefano},
booktitle={15th Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA)},
pages={1--21},
year={2018},
organization={Springer}
}
@inproceedings{xue2018clone,
title={Clone-hunter: accelerated bound checks elimination via binary code clone detection},
author={Xue, Hongfa and Venkataramani, Guru and Lan, Tian},
booktitle={Proceedings of the 2nd ACM SIGPLAN International Workshop on Machine Learning and Programming Languages},
pages={11--19},
year={2018},
organization={ACM}
}