D-ARM: Disassembling ARM Binaries by Lightweight Superset Instruction Interpretation and Graph Modeling
ARM binary analysis has a wide range of applications in ARM system security. A fundamental challenge is ARM disassembly. ARM, particularly AArch32, has a number of unique features making disassembly distinct from x86 disassembly, such as the mixing of ARM and Thumb instruction modes, implicit mode s...
Saved in:
| Published in: | Proceedings - IEEE Symposium on Security and Privacy pp. 2391 - 2408 |
|---|---|
| Main Authors: | , , , , |
| Format: | Conference Proceeding |
| Language: | English |
| Published: |
IEEE
01.05.2023
|
| Subjects: | |
| ISSN: | 2375-1207 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | ARM binary analysis has a wide range of applications in ARM system security. A fundamental challenge is ARM disassembly. ARM, particularly AArch32, has a number of unique features making disassembly distinct from x86 disassembly, such as the mixing of ARM and Thumb instruction modes, implicit mode switching within an application, and more prevalent use of inlined data. Existing techniques cannot achieve high accuracy when binaries become complex and have undergone obfuscation. We propose a novel ARM binary disassembly technique that is particularly designed to address challenges in legacy code for 32-bit ARM binaries. It features a lightweight superset instruction interpretation method to derive rich semantic information and a graph-theory based method that aggregates such information to produce final results. Our comparative evaluation with a number of state-of-the-art disassemblers, including Ghidra, IDA, P-Disasm, XDA, D-Disasm, and Spedi, on thousands of binaries generated from SPEC2000 and SPEC2006 with various settings, and real-world applications collected online show that our technique D-ARM substantially outperforms the baselines. |
|---|---|
| AbstractList | ARM binary analysis has a wide range of applications in ARM system security. A fundamental challenge is ARM disassembly. ARM, particularly AArch32, has a number of unique features making disassembly distinct from x86 disassembly, such as the mixing of ARM and Thumb instruction modes, implicit mode switching within an application, and more prevalent use of inlined data. Existing techniques cannot achieve high accuracy when binaries become complex and have undergone obfuscation. We propose a novel ARM binary disassembly technique that is particularly designed to address challenges in legacy code for 32-bit ARM binaries. It features a lightweight superset instruction interpretation method to derive rich semantic information and a graph-theory based method that aggregates such information to produce final results. Our comparative evaluation with a number of state-of-the-art disassemblers, including Ghidra, IDA, P-Disasm, XDA, D-Disasm, and Spedi, on thousands of binaries generated from SPEC2000 and SPEC2006 with various settings, and real-world applications collected online show that our technique D-ARM substantially outperforms the baselines. |
| Author | Zhang, Zhuo Ye, Yapeng Zhang, Xiangyu Aafer, Yousra Shi, Qingkai |
| Author_xml | – sequence: 1 givenname: Yapeng surname: Ye fullname: Ye, Yapeng email: ye203@purdue.edu organization: Purdue University – sequence: 2 givenname: Zhuo surname: Zhang fullname: Zhang, Zhuo email: zhan3299@purdue.edu organization: Purdue University – sequence: 3 givenname: Qingkai surname: Shi fullname: Shi, Qingkai email: shi553@purdue.edu organization: Purdue University – sequence: 4 givenname: Yousra surname: Aafer fullname: Aafer, Yousra email: yousra.aafer@uwaterloo.ca organization: University of Waterloo – sequence: 5 givenname: Xiangyu surname: Zhang fullname: Zhang, Xiangyu email: xyzhang@cs.purdue.edu organization: Purdue University |
| BookMark | eNo1kMtOAjEUhqvRREDfQJO-wIynl2ln3CEokkA0omtyYA5QA2XSlhDeXvCy-S_f4l_8bXbht54YuxOQCwHV_eRNGymKXIJUuQBhKwX2jLWFMYWulDL6nLWkskUmJNgr1o7xC0CCqnSLLftZ9338wPsuYoy0ma2dX_Ij4o_OY3AU-ezAR265Sns6KZ_sGgqREh_6mMJuntzWH3Oi0ARK-FPR13wQsFnx8bam0-Q1u1zgOtLNn3fY5_PTR-8lG70Ohr3uKHMSdMpsURpZlaSoNqI2Fku9wLkGBGuotEgkCiWPUAPNlTZ6VgjCEk1lJIJYqA67_d11RDRtgttgOEz_X1Hf-xdY6w |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1109/SP46215.2023.10179307 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE/IET Electronic Library (IEL) (UW System Shared) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 1665493364 9781665493369 |
| EISSN | 2375-1207 |
| EndPage | 2408 |
| ExternalDocumentID | 10179307 |
| Genre | orig-research |
| GroupedDBID | 23M 29O 6IE 6IF 6IH 6IL 6IN AAJGR AAWTH ABLEC ACGFS ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IJVOP M43 OCL RIE RIL RIO RNS |
| ID | FETCH-LOGICAL-i204t-7586298e3ed61d67a84fac40a076e87aee153284f40ec3464b51ea8a6962a01f3 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 4 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=001035501502025&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Wed Aug 27 02:03:38 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i204t-7586298e3ed61d67a84fac40a076e87aee153284f40ec3464b51ea8a6962a01f3 |
| PageCount | 18 |
| ParticipantIDs | ieee_primary_10179307 |
| PublicationCentury | 2000 |
| PublicationDate | 2023-May |
| PublicationDateYYYYMMDD | 2023-05-01 |
| PublicationDate_xml | – month: 05 year: 2023 text: 2023-May |
| PublicationDecade | 2020 |
| PublicationTitle | Proceedings - IEEE Symposium on Security and Privacy |
| PublicationTitleAbbrev | SP |
| PublicationYear | 2023 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0020394 |
| Score | 2.2459154 |
| Snippet | ARM binary analysis has a wide range of applications in ARM system security. A fundamental challenge is ARM disassembly. ARM, particularly AArch32, has a... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 2391 |
| SubjectTerms | Aggregates Codes Privacy Program-and-binary-analysis Semantics Static analysis Switches Thumb |
| Title | D-ARM: Disassembling ARM Binaries by Lightweight Superset Instruction Interpretation and Graph Modeling |
| URI | https://ieeexplore.ieee.org/document/10179307 |
| WOSCitedRecordID | wos001035501502025&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3LT8IwGG-UePCED4zv9OC10G2l7bypiJogIaKGG-m6b4YDgwho_O_92g0IBw_elmbtsr6-5-_7EXIVWNSFXOg_CnnGRGwFSyKQTDcloMpvTOKdOe8d1e3qwSDulWB1j4UBAJ98BnX36GP56cQunKusUWwnhx3fVkoWYK2VdcWjWJQQnYDHjX5PSBRndUcPXl923KBQ8RKkXf3nt_dIbY3Fo72VlNknW5AfkOqSjIGWZ_OQfLTYzcvzNW2NZqgPwzhxOHOKTfTWQW7RIKbJD-04W_zbu0NpfzFF3Q_m9GldRZZuJiFSk6f0wdW0po40zQ1ZI2_t-9e7R1ayKLBRyMWcoUEgw1hDBKkMUqmMFpmxghuuJGhlAPDSQyGVCQ42ElIkzQCMNjKWoeFBFh2RSj7J4ZhQfE1pwzMcBEQW2YQ3U7wrrQu2hSo1J6TmJm44LQplDJdzdvpH-xnZdctT5A-ekwr-K1yQHfs1H80-L_3y_gLwdaXc |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3LT8IwGG8MmugJHxjf9uC10G1d13lTESEOQgQNN9J13wwHB5Gh8b-37QaEgwdvS7N2WV_f8_f9ELpxlNaFTOjfc2lKWKgYiT3gRPgctMovZWydOW9R0OuJ0Sjsl2B1i4UBAJt8BnXzaGP5yVQtjKusUWwngx3f9hlzaQHXWtlX1AtZCdJxaNgY9BnXAq1uCMLry64bJCpWhrSq__z6Pqqt0Xi4v5IzB2gLskNUXdIx4PJ0HqH3Jrl76d7i5mSuNWL4iA3SHOsmfG9At9okxvEPjow1_m0doniwmGntD3LcWdeRxZtpiFhmCX4yVa2xoU0zQ9bQa-tx-NAmJY8CmbiU5USbBNwNBXiQcCfhgRQslYpRSQMOIpAA-trTYiplFJTHOIt9B6SQPOSupE7qHaNKNs3gBGH9WiAkTfUgwFJPxdRP9G2pTLjNDRJ5impm4sazolTGeDlnZ3-0X6Pd9rAbjaNO7_kc7ZmlKrIJL1BF_zdcoh31lU_mn1d2qX8BvwmpIw |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=proceeding&rft.title=Proceedings+-+IEEE+Symposium+on+Security+and+Privacy&rft.atitle=D-ARM%3A+Disassembling+ARM+Binaries+by+Lightweight+Superset+Instruction+Interpretation+and+Graph+Modeling&rft.au=Ye%2C+Yapeng&rft.au=Zhang%2C+Zhuo&rft.au=Shi%2C+Qingkai&rft.au=Aafer%2C+Yousra&rft.date=2023-05-01&rft.pub=IEEE&rft.eissn=2375-1207&rft.spage=2391&rft.epage=2408&rft_id=info:doi/10.1109%2FSP46215.2023.10179307&rft.externalDocID=10179307 |