To: seminaire-gallium-moscova@inria.fr From: Francois.Pottier@inria.fr Subject: SEM - INRIA : Gallium - 10/03/08 - Paris - FR Vous pouvez vous abonner à nos annonces de séminaires http://pauillac.inria.fr/seminaires/ S E M I N A I R E __ / _` _ / / o /| /| __ __ __ __ _ _ / ) __) / / / / / /\/| ----- / |/ | / )(_ / / ) ) ) __) (___/ (_/ (_ (_ / (__/ / | / | (__/ __)(_ (__/ (_/ (_/ I N R I A - Rocquencourt Amphi Turing du bâtiment 1 Lundi 10 mars, 10h30 ----------- Thomas Reps ----------- University of Wisconsin and GrammaTech, Inc. ============================================== WYSINWYX: What You See Is Not What You eXecute ============================================== What You See Is Not What You eXecute: computers do not execute source-code programs; they execute machine-code programs that are generated from source code. Not only can the WYSINWYX phenomenon create a mismatch between what a programmer intends and what is actually executed by the processor, it can cause analyses that are performed on source code -- which is the approach followed by most security-analysis tools -- to fail to detect bugs and security vulnerabilities. To address the WYSINWYX problem, we have developed algorithms to recover information from stripped executables about the memory-access operations that the program performs. These algorithms are used in the CodeSurfer/x86 tool to construct intermediate representations that are used for browsing, inspecting, and analyzing stripped x86 executables. Recently, this infrastructure has been used to create a tool for looking for bugs in stripped device-driver executables. Joint work with G. Balakrishnan (UW), J. Lim (UW), and T. Teitelbaum (Cornell and GrammaTech, Inc.).