With the analysis of binary code once again becoming relevant due to the proliferation of interconnected embedded devices, the subfield of binary analysis techniques has recently undergone a renaissance. Over the past few years, well over a dozen binary analysis frameworks were produced and released by well over a dozen research groups and private enterprise, putting the world in a situation where there are more seriously-developed binary analysis frameworks than there are web browsers. Of course, the situation has not been ignored by funding agencies, with massive grants, featuring binary analysis, being funded around the world.
This binary analysis gold rush has taken place in a mostly uncoordinated manner, with some researchers meeting up on an ad-hoc basis at conferences and other research groups working in obscurity and isolation. As a result, while commonly-adapted solutions to some problems have emerged, there is very little actual sharing and solution reuse among tools. This has resulted in missing tool functionality (e.g., some open source research prototypes support wide ranges of architectures that others do not, even though all of the code involved is open source) and needlessly duplicated effort (e.g., Miasm, Manticore, and angr all separately implement conceptually identical function summaries to simplify analysis of library code and to emulate system calls) and has hampered the adoption of fundamental scientific advances in the field.
The BAR aims to provide an interaction point for researchers doing work in binary program analysis, with half of the workshop dedicated to traditional paper sessions and the other half to a roundtable discussion among researchers, implementers, and end-users of binary analysis techniques. To this end, we welcome submissions on all aspects of binary analysis, including security, reverse engineering, visualization, AI and machine learning, program analysis theories, human factors, gamification, tooling, and transition from research.
Important: A key goal of this workshop is to foster advancement in binary analysis techniques. To this end, this workshop will emphasize the importance of releasing and sharing artifacts that can be used to reproduce results in papers and can be used as a basis for further research and development. Therefore, we sincerely hope that all authors will release or open source artifacts that are related to their submissions, including but are not limited to, software kits, source code, data-sets, raw data used in evaluations, etc. Papers submitted with artifacts or promises of artifact releases will get special recognition in the form of an artifact certification badge on the publication. Paper submissions that do not commit to releasing or open sourcing their artifacts will be considered only when there is room left after other submissions are accepted.
Topics of interest include, but are not limited to:
- Building blocks of binary analysis (program slicing, taint tracking, summarization, binary rewriting, formal methods).
- Automated binary hardening (against vulnerabilities and against analysis).
- Binary analysis to assist humans (visualization, UI/UX design).
- Human assistance to binary analysis (i.e., human-assisted cyber reasoning systems).
- Modeling and discovering non-memory-corruption vulnerabilities (information leaks, side-channels).
- Automated exploitation.
- Data exchange and sharing between binary analysis platforms.
- Fundamental capabilities (root-cause analysis).
- Non-trivial targets (real-world binaries, embedded devices, beyond binary code).
- Binary analysis for CTF competitions.
- Artificial intelligence, machine learning and binary analysis.
- Environment modeling for binary analysis.
- Transition from research prototype to industry-grade tool (and practical problems thereof).
- Improving the scalability of automated binary analysis techniques.
- Interaction and integration of tools.
- Bytecode analysis (including Java/DEX bytecode)
- Reports of and lessons-learned from applying previous approaches or replicating published papers.