Central Concerns and Questions

Many software vendors make the source code of their programs unavailable. When a program needs to be updated (for patching vulnerabilities and errors), they release a new version in binary format but refuse to disclose details of the changes made. However, it is of great interest for consumers of the software to understand the differences in two versions of the program.

Emerging Ideas and Initiatives

We introduce BinHunt, a novel technique for finding semantic differences in binary programs. Semantic differences between two binary files contrast with syntactic differences in that semantic differences correspond to changes in the program functionality. Semantic differences are difficult to find because of the noise from syntactic differences caused by, e.g., different register allocation and basic block re-ordering. BinHunt bases its analysis on the control flow of the programs using a new graph isomorphism technique, symbolic execution, and theorem proving.

Selected Publications

[1] Peng Li, Debin Gao and Michael K. Reiter. Automatically Adapting a Trained Anomaly Detector to Software Patches . The 12th International Symposium on Recent Advances in Intrusion Detection (RAID 2009), Saint-Malo , Brittany , France , September 2009,

[2] Debin Gao, Michael K. Reiter and Dawn Song. BinHunt: Automatically Finding Semantic Differences in Binary Programs . The 10th International Conference on Information and Communications Security (ICICS 2008), pp. 238-255, Birmingham , UK , October 2008

Projects, Presentations and Posters

1. Debin Gao, BinHunt: Automatically Finding Semantic Differences in Binary Programs (presentation)

Collaborations and Industry Linkages

1. University of North Carolina at Chapel Hill , United States
2. DSO/DSTA