Visible to the public Establishing Trust in Binary Analysis in Software Development and Applications

TitleEstablishing Trust in Binary Analysis in Software Development and Applications
Publication TypeConference Paper
Year of Publication2020
AuthorsCalhoun, C. S., Reinhart, J., Alarcon, G. A., Capiola, A.
Conference Name2020 IEEE International Conference on Human-Machine Systems (ICHMS)
Date Publishedsep
KeywordsBinary Analysis, binary analysis techniques, binary analysis tools, binary code, binary code behavior, binary code components, Binary codes, binary component, binary release metadata, computer security, data loss, Human Behavior, human trust, implementation risk assessment, knowledge acquisition, knowledge elicitations, Libraries, pubcrawl, security of data, security vulnerability minimization, Software, Software development, software engineering, software programmer trust, source security, Standards, Tools, Trust, Trusted Computing, vulnerability reports
AbstractThe current exploratory study examined software programmer trust in binary analysis techniques used to evaluate and understand binary code components. Experienced software developers participated in knowledge elicitations to identify factors affecting trust in tools and methods used for understanding binary code behavior and minimizing potential security vulnerabilities. Developer perceptions of trust in those tools to assess implementation risk in binary components were captured across a variety of application contexts. The software developers reported source security and vulnerability reports provided the best insight and awareness of potential issues or shortcomings in binary code. Further, applications where the potential impact to systems and data loss is high require relying on more than one type of analysis to ensure the binary component is sound. The findings suggest binary analysis is viable for identifying issues and potential vulnerabilities as part of a comprehensive solution for understanding binary code behavior and security vulnerabilities, but relying simply on binary analysis tools and binary release metadata appears insufficient to ensure a secure solution.
Citation Keycalhoun_establishing_2020