Comparison of Binary Procedures: A Set of Techniques for Evading Compiler Transformations

License violation analysis may require digital forensics in the performance of a time-consuming search in order to find out whether a binary code of a product contains a procedure that originates from a source code for which a license is required. The conducted experiment shows that the production o...

Full description

Saved in:
Bibliographic Details
Published in:Computer journal 2016-01, Vol.59 (1), p.bxv076
Main Authors: Radivojevic, Zaharije, Cvetanovic, Milos, Stojanovic, Sasa
Format: Article
Language:English
Subjects:
Codes
Comparative analysis
Forensic sciences
Simulation
Software
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:License violation analysis may require digital forensics in the performance of a time-consuming search in order to find out whether a binary code of a product contains a procedure that originates from a source code for which a license is required. The conducted experiment shows that the production of a binary code using an arbitrary compiler decreases results of the evaluated solutions up to 10 times. The best performing solution, among those evaluated, uses software metrics for assessing similarities between procedures and ranks procedures from the binary code according to their similarities with the target forensics procedure. This paper tries to improve the ranking by proposing five techniques for making similarities assessment more robust against compiler transformations. The proposed techniques filter stack instructions and transfer instructions, retain partial information about the instruction order, simulate inlining, and eliminate procedures that significantly differ from the searched procedure. The techniques are evaluated using a dataset based on the STAMP benchmark and re-evaluated using a dataset based on the BusyBox toolset. The evaluation shows that the use of the proposed techniques increases recall by 47 and 42% for the first and second datasets, respectively.
ISSN:0010-4620
1460-2067
DOI:10.1093/comjnl/bxv076