Compiler Provenance Attribution

Saed Alrabaee; Mourad Debbabi; Paria Shirani; Lingyu Wang; Amr Youssef; Ashkan Rahimian; Lina Nouh; Djedjiga Mouheb; He Huang; Aiman Hanna

doi:10.1007/978-3-030-34238-8_3

Compiler Provenance Attribution

Saed Alrabaee, Mourad Debbabi, Paria Shirani, Lingyu Wang, Amr Youssef, Ashkan Rahimian, Lina Nouh, Djedjiga Mouheb, He Huang, Aiman Hanna

Department of Information System and Security

Research output: Chapter in Book/Report/Conference proceeding › Chapter

2 Citations (Scopus)

Abstract

Compiler identification is an essential component of binary toolchain analysis with a multitude of applications in reverse engineering and malware analysis. Security investigators and cyber incident responders are often tasked with the analysis and attribution of binary files obtained from malicious campaigns which need to be inspected quickly and reliably. Such binaries can be a source of intelligence on adversary tactics, techniques, and procedures. Compiler provenance information can aid binary analysis by uncovering fingerprints of the development environment and related libraries, leading to an accelerated analysis. In this chapter, we present BinComp, which provides a practical approach for analyzing the syntax, structure, and semantics of disassembled functions to extract compiler provenance.

Original language	English
Title of host publication	Advances in Information Security
Publisher	Springer
Pages	45-78
Number of pages	34
DOIs	https://doi.org/10.1007/978-3-030-34238-8_3
Publication status	Published - 2020

Publication series

Name	Advances in Information Security
Volume	78
ISSN (Print)	1568-2633

ASJC Scopus subject areas

Information Systems
Computer Networks and Communications

Access to Document

10.1007/978-3-030-34238-8_3

Cite this

@inbook{3d788656010b4953b3174f6d180f8f63,

title = "Compiler Provenance Attribution",

abstract = "Compiler identification is an essential component of binary toolchain analysis with a multitude of applications in reverse engineering and malware analysis. Security investigators and cyber incident responders are often tasked with the analysis and attribution of binary files obtained from malicious campaigns which need to be inspected quickly and reliably. Such binaries can be a source of intelligence on adversary tactics, techniques, and procedures. Compiler provenance information can aid binary analysis by uncovering fingerprints of the development environment and related libraries, leading to an accelerated analysis. In this chapter, we present BinComp, which provides a practical approach for analyzing the syntax, structure, and semantics of disassembled functions to extract compiler provenance.",

author = "Saed Alrabaee and Mourad Debbabi and Paria Shirani and Lingyu Wang and Amr Youssef and Ashkan Rahimian and Lina Nouh and Djedjiga Mouheb and He Huang and Aiman Hanna",

note = "Publisher Copyright: {\textcopyright} 2020, Springer Nature Switzerland AG.",

year = "2020",

doi = "10.1007/978-3-030-34238-8_3",

language = "English",

series = "Advances in Information Security",

publisher = "Springer",

pages = "45--78",

booktitle = "Advances in Information Security",

}

TY - CHAP

T1 - Compiler Provenance Attribution

AU - Alrabaee, Saed

AU - Debbabi, Mourad

AU - Shirani, Paria

AU - Wang, Lingyu

AU - Youssef, Amr

AU - Rahimian, Ashkan

AU - Nouh, Lina

AU - Mouheb, Djedjiga

AU - Huang, He

AU - Hanna, Aiman

PY - 2020

Y1 - 2020

N2 - Compiler identification is an essential component of binary toolchain analysis with a multitude of applications in reverse engineering and malware analysis. Security investigators and cyber incident responders are often tasked with the analysis and attribution of binary files obtained from malicious campaigns which need to be inspected quickly and reliably. Such binaries can be a source of intelligence on adversary tactics, techniques, and procedures. Compiler provenance information can aid binary analysis by uncovering fingerprints of the development environment and related libraries, leading to an accelerated analysis. In this chapter, we present BinComp, which provides a practical approach for analyzing the syntax, structure, and semantics of disassembled functions to extract compiler provenance.

AB - Compiler identification is an essential component of binary toolchain analysis with a multitude of applications in reverse engineering and malware analysis. Security investigators and cyber incident responders are often tasked with the analysis and attribution of binary files obtained from malicious campaigns which need to be inspected quickly and reliably. Such binaries can be a source of intelligence on adversary tactics, techniques, and procedures. Compiler provenance information can aid binary analysis by uncovering fingerprints of the development environment and related libraries, leading to an accelerated analysis. In this chapter, we present BinComp, which provides a practical approach for analyzing the syntax, structure, and semantics of disassembled functions to extract compiler provenance.

UR - http://www.scopus.com/inward/record.url?scp=85080922972&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85080922972&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-34238-8_3

DO - 10.1007/978-3-030-34238-8_3

M3 - Chapter

AN - SCOPUS:85080922972

T3 - Advances in Information Security

SP - 45

EP - 78

BT - Advances in Information Security

PB - Springer

ER -

Compiler Provenance Attribution

Abstract

Publication series

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this