The BitBlaze Binary Analysis Platform features a novel fusion of static and dynamic analysis techniques, mixed concrete and symbolic execution, and whole-system emulation and binary instrumentation, all to facilitate state-of-the art research on real security problems. Two of the most important components in BitBlaze are Vine, the static analysis component that provides an intermediate language for analyzing machine code, and TEMU, the dynamic analysis component that provides whole-system emulation and dynamic binary instrumentation including taint analysis.
We have now made some of the core parts of the BitBlaze platform (Vine and TEMU) available for the use of other researchers, under open source licenses. Note however that this does not include the particular applications we have built using that platform.
In conjunction with our BlackHat 2010 presentation, we have made a demonstration binary release of some tools for trace-based crash analysis.
Some additional BitBlaze-related source code is available which is not a complete release, but includes code for some more functionality compared to the 1.0 releases. This code, which was previously available by request, is now available for direct download; see the Downloads section below.
FuzzBALL, a binary symbolic execution tool based on Vine, now has a preview release available.
Vine 1.0 is now available for download under the ISC License. The release includes C++ and OCaml source code and appropriate versions of the VEX library and the STP decision procedure for recent Linux/x86 systems.
The version 1.0 release contains some of the core Vine functionality related to the IL and trace processing, but we have plans to release more parts of Vine in the future: stay subscribed to the bitblaze-announcements list for updates.
vine-1.0.tar.gz (3.3MB)
TEMU 1.0 is now available for download. The release includes the source code for the TEMU core (based on QEMU 0.9.1) and a sample tainting plugin, released under the ISC License, as well as a Linux binary for the tracing plugin Tracecap. This release does not include many other analysis plugins we have built using TEMU, but stay subscribed to the bitblaze-announcements list for updates about future releases.
temu-1.0.tar.gz (8.9MB)
A release of additional source is now available for direct download. This release includes code for some additional functionality compared to the TEMU and Vine 1.0 releases, including source code for the Tracecap plugin. We are releasing all the code written by BitBlaze under the ISC License. (Of course, when combining BitBlaze-developed code with other software, you must comply with all of the relevant licenses.)
bitblaze-additional-2010-06.tar.gz (4.0MB)
@InProceedings{SBYCJKLNPS2008,
author = {Dawn Song and David Brumley and Heng Yin and Juan Caballero and
Ivan Jager and Min Gyung Kang and Zhenkai Liang and James Newsome and
Pongsin Poosankam and Prateek Saxena},
title = {{BitBlaze}: A New Approach to Computer Security via Binary Analysis},
booktitle = {Proceedings of the 4th International Conference on Information Systems Security. Keynote invited paper.},
address = {Hyderabad, India},
year = 2008,
month = dec,
}
@Misc{BitBlazeWebSite,
key = {BitBlaze},
title = {{BitBlaze}: Binary Analysis for Computer Security},
note = {\url{http://bitblaze.cs.berkeley.edu/}}
}
Though we are not providing formal support for BitBlaze at this time, we would like to hear if you are making use of it, if you run into any bugs or problems, or if you have suggestions for feature additions. Please subscribe to the bitblaze-users mailing list (via Google Groups) and share your experiences.
For general questions regarding the BitBlaze project, please send email to bitblaze at gmail.com.
To receive announcements about code releases and other bitblaze related updates, please subscribe to the Bitblaze Announcement List
Back to BitBlaze