Binary Tomography: Understanding Binaries through Dynamic Data Flow Visualization

Description

Dynamic Data Flow analysis is a technique that tracks the influence of memory values over the course of an execution and is mostly used for taint checking, an at-runtime security mechanism.
By contrast, Data Flow Tomography attempts to uncover the inner workings of programs or systems by analyzing the Dynamic Data Flow of exemplary executions. We apply this method to binaries in a reverse engineering scenario, where we see a great need for insight-enhancing tools.
The obtained Dynamic Data Flows are analyzed to highlight points of interest such as data streams and crucial memory segments. Hereby we employ a more general analysis approach than previous works.
We focus on the comprehensive visualization of our results to provide an intuitive interface for reverse engineers.
Our goal is the construction of a versatile, expandable framework that extracts the Dynamic Data Flow of binaries, analyzes it and provides an interactive visualization of the results.