Improving Program Representations for Dynamic Code

Abstract

Being able to properly represent dynamic code, or the notion of code that is created/modified at runtime, is crucial towards improving debugging capabilities, aiding software security analysis, and building a general understanding of the systems that make use of dynamic code. From malware to Just-In-time (JIT) compilers, dynamic code is surprisingly commonplace in today’s software ecosystem. Yet despite the prevalence of dynamic code, we have found that the current state of the art program analysis tools are incapable of properly representing dynamic code as it is created/modified over a program’s execution. This work aims to provide an improved program representation, allowing for what we call end-to-end analysis to help reason about dynamic code and its relationship with the code that generates it. Our results demonstrate using backwards slicing and forward taint analysis to perform exploit analysis, bug localization, and reasoning about environmental triggers not possible with other program analysis toolkits, providing useful insights from our end-to-end analysis as well as a foundation upon which to incorporate other program analysis techniques.