TEMU: Binary Code Analysis via Whole-System Layered Annotative Execution

Dynamic binary analysis has demonstrated its strength in solving a wide-spectrum of computer security problems, such as malware analysis, protocol reverse engineering, vulnerability detection, diagnosis, and defense, software testing, etc. An extensible platform for dynamic binary analysis provides a foundation for solving these problems. To enable a variety of applications, we explore a unique design space. We aim to provide a whole-system view, take an external approach, facilitate fine-grained instrumentation, and have sufficient efficiency. These design goals bring about a new architecture, namely whole-system out-of-the-box fine-grained dynamic binary analysis. To further facilitate fine-grained dynamic binary analysis, we propose layered annotative execution as a core technique, which incorporates shadow flag analysis, taint analysis, and symbolic execution. We have implemented this new architecture and the core technique in an analysis platform called TEMU. Because of its extensibility and versatility, TEMU has enabled and fostered a handful of research projects.