Binary code is everywhere. In most situations, users only have access to code in binary (i.e., executable) form. Most common, off-the-shelf (COTS) software (e.g., Microsoft Windows, Adobe Acrobat, etc.) is only available to end-users in binary form. Malicious code (i.e., malware) created by attackers is typically only available in binary form. The ubiquity of binary code means any security techniques that only require access to the program binary are likely to be widely applicable. Further, binary code analysis allows us to argue about the security of the code that will run, not just the code that was compiled.
The goal of the BAP (Binary Analysis Platform) is to develop faithful binary program analysis techniques and tools. We need faithful techniques so that our security analysis is accurate and correct. In particular, BAP provides:
- A faithful representative of binary code in a formally specified intermediate language called BIL
- A set of core program analyses abstractions
- Techniques and interfaces for formally reasoning about binary programs down to the bit level
There are two basic thrusts of our research. First, we need to extend our binary analysis techniques and tools. Second, these extensions motivate new security opportunities for binary analysis. These two thrusts are synergistic: improvements in binary analysis allow us to get better results in any application of the analysis.
Specifically, some of the areas we are working on include:
- Scalable formal verification techniques
- Automatic reverse engineering
- Vulnerability-Based Signature Generation
- Automatic Exploit Generation
- Crypto verification
- Malware analysis
- Vulnerability detection in COTS software
If you are interested in collaborating in any of these areas, please contact David Brumley.
Availability
BAP is available in two forms. First, we provide open access to previously released versions of BAP. These releases are unsupported.
Second, we provide access to our most recent developments to research partners. We encourage those engaging in new research to collaborate with us. If you would like to have access to the most recent work, please email David Brumley.
If you find BAP useful, we would appreciate an email This will help us secure funding to continue this project.
Public versions of BAP:
Documentation
- Youtube video demonstrating some BAP features.
- Our CAV paper describing BAP 0.3.
- API documentation: HTML, PDF, or PostScript (This is good for reference.)
- A paper on the design of BAP. (This is good introductory material, although not everything described is implemented yet.)
Support
- Report bugs and patches to our bug tracking system.
- Ask for help on the bap-users mailing list.
- View the results of the nightly consistency checks that are run on a battery of real programs.
Credits and History
BAP is the next-generation binary analysis platform. The BAP team is:
- David Brumley (PI)
- Thanassis Avgerinos
- Edward J. Schwartz
- Spencer Whitman
BAP is made possible by grants from CyLab.
The History of BAP
BAP is the successor to the binary analysis techniques developed for Vine (the static analysis component of BitBlaze) as part of David Brumley work on the BitBlaze project, which is headed up by Dawn Song. BAP clearly builds upon Vine, and we are indebted to all that worked with us on that project. Although BAP is a complete rewrite of Vine, many of the core ideas remain the same, such as a formalized IL. However, many things changed. For example, the IL now allows us to express endianness explicitly. We found this necessary in order to fully support bi-endian architectures such as ARM. This change in the IL required changes throughout the code. In addition, we now have well-defined interfaces and utilities. Vine grew organically out of many projects. We took lessons learned from those projects to develop the core API and utilities.
We would especially like to thank former contributors to Vine and BAP and to the general development and direction of our platform. In particular, we would like to thank and recognize:
- Cody Hartwig
- Dawn Song
- Eric Li
- Ivan Jager
- James Newsome
- Jonghyup Lee
- Juan Caballero
- Pongsin Poosankam
- Zhenkai Liang