Combined Analysis for Source Code and Binary Code for Software Assurance
Software Engineering Institute
The DoD has a significant amount of software that is available only in binary form. Currently, it is impractical to ensure that this software is free from vulnerabilities and malicious code.
The goal of this project is to increase software assurance of binary components. To do this, we are adapting an existing open-source decompiler (Ghidra).
This automated pipeline will:
- decompile the binary
- determine which functions were correctly decompiled
- perform static analysis and automated repair on those functions
Even if some functions cannot be decompiled, we can still achieve a significant benefit by analyzing and repairing those that can.
This work will enable the DoD to find and fix potential vulnerabilities in binary code that might otherwise be cost-prohibitive to investigate or repair manually.