Range Analysis of Binaries with Minimal Effort.

COTS components are ubiquitous in military, industrial and governmental systems. However, the benefits of reduced development and maintainance costs are compromised by security concerns. Since source code is unavailable, security audits necessarily occur at the binary level. Push-button formal method techniques, such as model checking and abstract interpretation, can support this process by, among other things, inferring ranges of values for registers. Ranges aid the security engineer in checking for vulnerabilities that relate, for example, to integer wrapping, uninitialised variables and buffer overflows. Yet the lack of structure in binaries limits the effectiveness of classical range analyses based on widening. This paper thus contributes a simple but novel range analysis, formulated in terms of linear programming, which calculates ranges without manual intervention.