Rendezvous: A search engine for binary code

Wei Ming Khoo; Alan Mycroft; Ross Anderson

doi:10.1109/MSR.2013.6624046

Rendezvous: A search engine for binary code

Wei Ming Khoo, Alan Mycroft, Ross Anderson

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The problem of matching between binaries is important for software copyright enforcement as well as for identifying disclosed vulnerabilities in software. We present a search engine prototype called Rendezvous which enables indexing and searching for code in binary form. Rendezvous identifies binary code using a statistical model comprising instruction mnemonics, control flow sub-graphs and data constants which are simple to extract from a disassembly, yet normalising with respect to different compilers and optimisations. Experiments show that Rendezvous achieves F2 measures of 86.7% and 83.0% on the GNU C library compiled with different compiler optimisations and the GNU coreutils suite compiled with gcc and clang respectively. These two code bases together comprise more than one million lines of code. Rendezvous will bring significant changes to the way patch management and copyright enforcement is currently performed.

Original language	English
Title of host publication	2013 10th Working Conference on Mining Software Repositories (MSR)
Editors	Thomas Zimmermann, Massimiliano Di Penta, Sunghun Kim
Publisher	Institute of Electrical and Electronics Engineers
Pages	329-338
Number of pages	10
ISBN (Electronic)	978-1-4673-2936-1
ISBN (Print)	978-1-4799-0345-0
DOIs	https://doi.org/10.1109/MSR.2013.6624046
Publication status	Published - 10 Oct 2013
Event	10th Working Conference on Mining Software Repositories (MSR) - San Francisco, United States Duration: 18 May 2013 → 19 May 2013 Conference number: 10 https://2013.msrconf.org/

Publication series

Name	2013 10th Working Conference on Mining Software Repositories (MSR)
Publisher	IEEE
ISSN (Print)	2160-1852
ISSN (Electronic)	2160-1860

Conference

Conference	10th Working Conference on Mining Software Repositories (MSR)
Abbreviated title	MSR 2013
Country/Territory	United States
City	San Francisco
Period	18/05/13 → 19/05/13
Internet address	https://2013.msrconf.org/

Access to Document

10.1109/MSR.2013.6624046Licence: All Rights Reserved

https://ieeexplore.ieee.org/abstract/document/6624046Licence: All Rights Reserved

Cite this

Khoo, W. M., Mycroft, A., & Anderson, R. (2013). Rendezvous: A search engine for binary code. In T. Zimmermann, M. Di Penta, & S. Kim (Eds.), 2013 10th Working Conference on Mining Software Repositories (MSR) (pp. 329-338). (2013 10th Working Conference on Mining Software Repositories (MSR)). Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/MSR.2013.6624046

@inproceedings{c9180e528c574f54a222e9446b88b0d2,

title = "Rendezvous: A search engine for binary code",

abstract = "The problem of matching between binaries is important for software copyright enforcement as well as for identifying disclosed vulnerabilities in software. We present a search engine prototype called Rendezvous which enables indexing and searching for code in binary form. Rendezvous identifies binary code using a statistical model comprising instruction mnemonics, control flow sub-graphs and data constants which are simple to extract from a disassembly, yet normalising with respect to different compilers and optimisations. Experiments show that Rendezvous achieves F2 measures of 86.7\% and 83.0\% on the GNU C library compiled with different compiler optimisations and the GNU coreutils suite compiled with gcc and clang respectively. These two code bases together comprise more than one million lines of code. Rendezvous will bring significant changes to the way patch management and copyright enforcement is currently performed.",

author = "Khoo, \{Wei Ming\} and Alan Mycroft and Ross Anderson",

year = "2013",

month = oct,

day = "10",

doi = "10.1109/MSR.2013.6624046",

language = "English",

isbn = "978-1-4799-0345-0",

series = "2013 10th Working Conference on Mining Software Repositories (MSR)",

publisher = "Institute of Electrical and Electronics Engineers",

pages = "329--338",

editor = "Thomas Zimmermann and \{Di Penta\}, Massimiliano and Sunghun Kim",

booktitle = "2013 10th Working Conference on Mining Software Repositories (MSR)",

address = "United States",

note = "10th Working Conference on Mining Software Repositories (MSR), MSR 2013 ; Conference date: 18-05-2013 Through 19-05-2013",

url = "https://2013.msrconf.org/",

}

Khoo, WM, Mycroft, A & Anderson, R 2013, Rendezvous: A search engine for binary code. in T Zimmermann, M Di Penta & S Kim (eds), 2013 10th Working Conference on Mining Software Repositories (MSR). 2013 10th Working Conference on Mining Software Repositories (MSR), Institute of Electrical and Electronics Engineers, pp. 329-338, 10th Working Conference on Mining Software Repositories (MSR), San Francisco, California, United States, 18/05/13. https://doi.org/10.1109/MSR.2013.6624046

Rendezvous: A search engine for binary code. / Khoo, Wei Ming; Mycroft, Alan; Anderson, Ross.
2013 10th Working Conference on Mining Software Repositories (MSR). ed. / Thomas Zimmermann; Massimiliano Di Penta; Sunghun Kim. Institute of Electrical and Electronics Engineers, 2013. p. 329-338 (2013 10th Working Conference on Mining Software Repositories (MSR)).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Rendezvous: A search engine for binary code

AU - Khoo, Wei Ming

AU - Mycroft, Alan

AU - Anderson, Ross

N1 - Conference code: 10

PY - 2013/10/10

Y1 - 2013/10/10

N2 - The problem of matching between binaries is important for software copyright enforcement as well as for identifying disclosed vulnerabilities in software. We present a search engine prototype called Rendezvous which enables indexing and searching for code in binary form. Rendezvous identifies binary code using a statistical model comprising instruction mnemonics, control flow sub-graphs and data constants which are simple to extract from a disassembly, yet normalising with respect to different compilers and optimisations. Experiments show that Rendezvous achieves F2 measures of 86.7% and 83.0% on the GNU C library compiled with different compiler optimisations and the GNU coreutils suite compiled with gcc and clang respectively. These two code bases together comprise more than one million lines of code. Rendezvous will bring significant changes to the way patch management and copyright enforcement is currently performed.

AB - The problem of matching between binaries is important for software copyright enforcement as well as for identifying disclosed vulnerabilities in software. We present a search engine prototype called Rendezvous which enables indexing and searching for code in binary form. Rendezvous identifies binary code using a statistical model comprising instruction mnemonics, control flow sub-graphs and data constants which are simple to extract from a disassembly, yet normalising with respect to different compilers and optimisations. Experiments show that Rendezvous achieves F2 measures of 86.7% and 83.0% on the GNU C library compiled with different compiler optimisations and the GNU coreutils suite compiled with gcc and clang respectively. These two code bases together comprise more than one million lines of code. Rendezvous will bring significant changes to the way patch management and copyright enforcement is currently performed.

U2 - 10.1109/MSR.2013.6624046

DO - 10.1109/MSR.2013.6624046

M3 - Conference contribution

SN - 978-1-4799-0345-0

T3 - 2013 10th Working Conference on Mining Software Repositories (MSR)

SP - 329

EP - 338

BT - 2013 10th Working Conference on Mining Software Repositories (MSR)

A2 - Zimmermann, Thomas

A2 - Di Penta, Massimiliano

A2 - Kim, Sunghun

PB - Institute of Electrical and Electronics Engineers

T2 - 10th Working Conference on Mining Software Repositories (MSR)

Y2 - 18 May 2013 through 19 May 2013

ER -

Rendezvous: A search engine for binary code

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this