Cross-Architecture Bug Search in Binary Executables

Explore a groundbreaking approach to identifying security vulnerabilities across different CPU architectures in this 23-minute IEEE conference talk. Discover how to derive bug signatures for known vulnerabilities and apply them to find similar issues in binaries deployed on diverse platforms like x86, ARM, and MIPS. Learn about the challenges of comparing incompatible instruction set architectures and the innovative solutions, including translating binary code to an intermediate representation and sampling concrete inputs to capture basic block semantics. Gain insights into the practical applications of this method, such as detecting Heartbleed vulnerabilities and uncovering backdoors in closed-source router firmware. Understand the potential impact of this cross-architecture bug search technique on improving security assessments for closed-source software and embedded devices.