​Software security is one of today’s major concerns. And yet, current security analysis methods focus mainly on software source code, which cannot always be accessed. “Even when you can get to the source code, it can be challenging to analyze it thoroughly enough to detect malware or bugs introduced by compilers,” said a researcher at CEA Tech institute List.*

Researchers at List drew on their broad, deep knowledge of IT security to come up with reliable analysis tools to fill the current gaps. They started with formal methods—state-of-the-art source-code analysis techniques used for critical systems—and modified them so that they could be used to analyze executable code. “Formal methods are sensitive to the program’s behavior rather than to how the program is coded. These methods are also capable of exploring all, or almost all, behaviors.” The tools List developed are more robust and reliable than the syntax analysis used by most software manufacturers. This type of analysis provides a cursory examination of the executable code or analyzes a random selection of certain behaviors.

The tools developed by List are the result of R&D partnerships, and have been packaged together to form the BINSEC open-source binary code analysis platform. The platform was tested successfully and will be unveiled at the Black Hat Europe trade fair at the end of this year.