Write a Blog >>
ISSTA 2021
Sun 11 - Sat 17 July 2021 Online
co-located with ECOOP and ISSTA 2021
Fri 16 Jul 2021 08:00 - 08:20 at ISSTA 2 - Session 16 (time band 3) Binary Analysis Chair(s): Michael Pradel
Sat 17 Jul 2021 01:30 - 01:50 at ISSTA 2 - Session 22 (time band 2) Bugs and Analysis 1 Chair(s): Saeid Tizpaz-Niari

ARM has become the most competitive processor architecture. Many platforms or tools are developed to execute or analyze ARM instructions, including various commercial CPUs, emulators, and binary analysis tools. However, they have deviations when processing the same ARM instructions, and little attention has been paid to systematically analyze such semantic deviations, not to mention the security implications of such deviations. In this paper, we conduct an empirical study on the ARM Instruction Semantic Deviation (ISDev) issue. First, we classify this issue into several categories and analyze the security implications behind them. Then, we further demonstrate several novel attacks which utilize the ISDev issue, including stealthy targeted attacks and targeted defense evasion. Such attacks could exploit the semantic deviations to generate malware that is specific to certain platforms or able to detect and bypass certain detection solutions. We have developed a framework iDEV to systematically explore the ISDev issue in existing ARM instructions processing tools and platforms via differential testing. We have evaluated iDEV on four hardware devices, the QEMU emulator, and five disassemblers which could process the ARMv7-A instruction set. The evaluation results show that, over six million instructions could cause dynamic executors (i.e., CPUs and QEMU) to present different runtime behaviors, and over eight million instructions could cause static disassemblers yielding different decoding results, and over one million instructions cause inconsistency between dynamic executors and static disassemblers. After analyzing the root causes of each type of deviation, we point out they are mostly due to ARM unpredictable instructions and program defects.

Fri 16 Jul

Displayed time zone: Brussels, Copenhagen, Madrid, Paris change

08:00 - 09:00
Session 16 (time band 3) Binary AnalysisTechnical Papers at ISSTA 2
Chair(s): Michael Pradel University of Stuttgart
08:00
20m
Talk
iDEV: Exploring and Exploiting Semantic Deviations in ARM Instruction Processing
Technical Papers
Shisong Qin Tsinghua University, Chao Zhang Tsinghua University, Kaixiang Chen Tsinghua University, Zheming Li Tsinghua University
DOI
08:20
20m
Talk
RAProducer: Efficiently Diagnose and Reproduce Data Race Bugs for Binaries via Trace Analysis
Technical Papers
Ming Yuan Tsinghua University, Yeseop Lee Tsinghua University, Chao Zhang Tsinghua University, Yun Li Tsinghua University, Yan Cai Institute of Software at Chinese Academy of Sciences, Bodong Zhao Tsinghua University
DOI
08:40
20m
Talk
A Lightweight Framework for Function Name Reassignment Based on Large-Scale Stripped BinariesACM SIGSOFT Distinguished Paper
Technical Papers
Han Gao University of Science and Technology of China, Shaoyin Cheng University of Science and Technology of China, Yinxing Xue University of Science and Technology of China, Weiming Zhang University of Science and Technology of China
DOI

Sat 17 Jul

Displayed time zone: Brussels, Copenhagen, Madrid, Paris change

01:10 - 02:30
Session 22 (time band 2) Bugs and Analysis 1 Technical Papers at ISSTA 2
Chair(s): Saeid Tizpaz-Niari University of Texas at El Paso
01:10
20m
Talk
Faster, Deeper, Easier: Crowdsourcing Diagnosis of Microservice Kernel Failure from User Space
Technical Papers
Yicheng Pan Peking University, Meng Ma Peking University, Xinrui Jiang Peking University, Ping Wang Peking University
DOI Media Attached File Attached
01:30
20m
Talk
iDEV: Exploring and Exploiting Semantic Deviations in ARM Instruction Processing
Technical Papers
Shisong Qin Tsinghua University, Chao Zhang Tsinghua University, Kaixiang Chen Tsinghua University, Zheming Li Tsinghua University
DOI
01:50
20m
Talk
RAProducer: Efficiently Diagnose and Reproduce Data Race Bugs for Binaries via Trace Analysis
Technical Papers
Ming Yuan Tsinghua University, Yeseop Lee Tsinghua University, Chao Zhang Tsinghua University, Yun Li Tsinghua University, Yan Cai Institute of Software at Chinese Academy of Sciences, Bodong Zhao Tsinghua University
DOI
02:10
20m
Talk
Fixing Dependency Errors for Python Build Reproducibility
Technical Papers
Suchita Mukherjee University of California at Davis, Abigail Almanza University of California at Davis, Cindy Rubio-González University of California at Davis
DOI