DETECTING BUGS USING DECOMPILATION AND DATAFLOW ANALYSIS presented at Breakpoint 2012

by Silvio Cesare,

Tags: Static Analysis Tools Bugwise

Summary : Bugwise is a free online web service to perform static analysis of binary executables to detect software bugs and vulnerabilities. It detects bugs using a combination of decompilation to recover high level information, and data flow analysis to discover issues such as use-after-frees and double frees. Bugwise has been developed over the past several years and is implemented as a series of modules in a greater system that performs other binary analysis tasks such as malware detection. This entire system consists of more than 100,000 lines of C++ code and In this talk, I will explain how Bugwise works. The system is still in the development stage but has successfully found a number of real bugs and vulnerabilities in Debian Linux.