The amount of software keeps growing steadily, and users are faced with an increasingly complex choice of which applications to trust and install. Existing mechanisms to weed out malicious and bogus apps have so far been insufficient at protecting users.

In my talk, I propose to use program analysis for judging the possible behavior of software. In this setting, one faces potentially malicious developers and cannot rely on their cooperation. Therefore, I apply static analysis directly to binaries and harden it against common obfuscation schemes by tightly integrating it with disassembly and control flow reconstruction. Based on this approach, I show how to statically defeat the infamous “virtualization obfuscation”, which compiles programs into bytecode for randomized architectures.

For a complementing dynamic approach, I turn to symbolic execution. I explain tradeoffs in this generally expensive technique and introduce a heuristic for minimizing its cumulative cost, which allows experimental speed-ups of up to ten orders of magnitude.