[Secure-testing-team] A full audit of SPARC arch by our static
binary analysis tool
Moritz Muehlenhoff
jmm at inutil.org
Thu Aug 4 08:18:20 UTC 2005
Jake Appelbaum wrote:
> I happen to work for a company that's doing some innovative development
> in the area of binary static analysis. We have a shipping product that
> is able to find novel exploitable vulnerabilities. The name of the
> company is Logic Library Inc. The product is Logiscan
> ( http://www.logiclibrary.com/solutions/logiscan.php )
>
> I'm sure people are a bit skeptical of a project like this and what kind
> of things it can do. We're not just doing this because we use Debian but
> because we want to support Free Software in general.
>
> If you are interested, let me know and I can go into more detail. If you
> have any initial questions, feel free to ask me.
The website is rather short on technical details:
- Could you describe your approach? Are you performing abstract interpretation?
- How do you handle the backtracking from a potentially detected vulnerability
in the assembly back to the source level? Do you require debug symbols to
be present?
- Does you solution withstand compiler optimizations? (Which should be semantically
equal to the non-optimized version, but will might yield totally different
patterns on the assembly level?)
Cheers,
Moritz
More information about the Secure-testing-team
mailing list