Page 11 - Cyber Warnings
P. 11
Here are some of the benefits of hybrid static analysis:
• Learn from two views of the same vulnerability/defect: Once the compiler has
optimized the source code, the resulting binary code can reveal a different view of the
detected errors.
Analyzing binaries as well as source is beneficial to fully understand these errors.
• Detect injected code, modified binaries, and insider attacks: A program’s source
isn’t its final state. Binary analysis can detect unwanted changes in the final executable.
Code injected into executables or download payloads can be analyzed for defects and
vulnerabilities.
Malicious code added by inside attackers, possibly hidden in source, can be detected
before shipping to customers.
• Continue call graph into libraries and other binaries without source: CodeSonar
can analyze standard C/C++ libraries and any other third-party library or executable.
When code makes calls to these libraries, the analysis continues in the binary realm.
Extending the analysis means better detection and less false positives.
CONCLUSION:
The Unreal RCD exploit is a good example of how binary analysis can support source-based
static analysis.
Having the option to use hybrid analysis provides better detection of errors and security
vulnerabilities, and helps defend against malicious code added by insiders - a difficult attack
vector to address.
About The Author
Bill Graham is a seasoned embedded software development manager with
years of development, technical product marketing and product
management experience.
Bill can be reached online at [email protected]
11 Cyber Warnings E-Magazine January 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
