Manta: Hybrid-Sensitive Type Inference Toward Type-Assisted Bug Detection for Stripped Binaries

Chengfeng Ye; Yuandao Cai; Anshunkang Zhou; Heqing Huang; Hao Ling; Charles Zhang

doi:10.1145/3622781.3674177

Manta: Hybrid-Sensitive Type Inference Toward Type-Assisted Bug Detection for Stripped Binaries

Chengfeng Ye, Yuandao Cai^*, Anshunkang Zhou, Heqing Huang, Hao Ling, Charles Zhang

^*Corresponding author for this work

Department of Computer Science and Engineering

Research output: Chapter in Book/Conference Proceeding/Report › Conference Paper published in a book › peer-review

1 Citation (Scopus)

Abstract

Static binary bug detection has been a prominent approach for ensuring the security of binaries used in our daily lives. However, the type information lost in binaries prevents the improvement opportunity for a static analyzer to utilize type information to prune away infeasible facts and increase analysis precision. To make binary bug detection more practical with higher precision, in this work, we propose the first hybrid-sensitive type inference, Manta, that combines data-flow analysis with different sensitivities to complement each other and infer precise types for many variables. The inferred types are then used to assist with bug detection by pruning infeasible indirect call targets and data dependencies. Our experiments indicate Manta outperforms prior work by inferring types with 78.7% precision and 97.2% recall. Based on the inferred types, we can prune away 63.9% more infeasible indirect-call targets compared to existing type analysis techniques and perform program slicing on binaries with 61.1% similarity to that on source code. Moreover, Manta has led to 86 new developer-confirmed vulnerabilities in many popular IoT firmware, with 64 CVE/PSV IDs assigned.

Original language	English
Title of host publication	ASPLOS 2024 - Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems
Publisher	Association for Computing Machinery
Pages	170-187
Number of pages	18
ISBN (Electronic)	9798400703911
DOIs	https://doi.org/10.1145/3622781.3674177
Publication status	Published - 10 Apr 2025
Event	29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2024 - San Diego, United States Duration: 27 Apr 2024 → 1 May 2024

Publication series

Name	International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS
Volume	4

Conference

Conference	29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2024
Country/Territory	United States
City	San Diego
Period	27/04/24 → 1/05/24

Bibliographical note

Publisher Copyright:
© 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.

Access to Document

10.1145/3622781.3674177

Cite this

Ye, C., Cai, Y., Zhou, A., Huang, H., Ling, H., & Zhang, C. (2025). Manta: Hybrid-Sensitive Type Inference Toward Type-Assisted Bug Detection for Stripped Binaries. In ASPLOS 2024 - Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (pp. 170-187). (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS; Vol. 4). Association for Computing Machinery. https://doi.org/10.1145/3622781.3674177

Ye, Chengfeng ; Cai, Yuandao ; Zhou, Anshunkang et al. / Manta : Hybrid-Sensitive Type Inference Toward Type-Assisted Bug Detection for Stripped Binaries. ASPLOS 2024 - Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. Association for Computing Machinery, 2025. pp. 170-187 (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS).

@inproceedings{72bdfc92fef64795b90af1f4055c80c8,

title = "Manta: Hybrid-Sensitive Type Inference Toward Type-Assisted Bug Detection for Stripped Binaries",

abstract = "Static binary bug detection has been a prominent approach for ensuring the security of binaries used in our daily lives. However, the type information lost in binaries prevents the improvement opportunity for a static analyzer to utilize type information to prune away infeasible facts and increase analysis precision. To make binary bug detection more practical with higher precision, in this work, we propose the first hybrid-sensitive type inference, Manta, that combines data-flow analysis with different sensitivities to complement each other and infer precise types for many variables. The inferred types are then used to assist with bug detection by pruning infeasible indirect call targets and data dependencies. Our experiments indicate Manta outperforms prior work by inferring types with 78.7\% precision and 97.2\% recall. Based on the inferred types, we can prune away 63.9\% more infeasible indirect-call targets compared to existing type analysis techniques and perform program slicing on binaries with 61.1\% similarity to that on source code. Moreover, Manta has led to 86 new developer-confirmed vulnerabilities in many popular IoT firmware, with 64 CVE/PSV IDs assigned.",

author = "Chengfeng Ye and Yuandao Cai and Anshunkang Zhou and Heqing Huang and Hao Ling and Charles Zhang",

note = "Publisher Copyright: {\textcopyright} 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.; 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2024 ; Conference date: 27-04-2024 Through 01-05-2024",

year = "2025",

month = apr,

day = "10",

doi = "10.1145/3622781.3674177",

language = "English",

series = "International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS",

publisher = "Association for Computing Machinery",

pages = "170--187",

booktitle = "ASPLOS 2024 - Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems",

}

Ye, C, Cai, Y, Zhou, A, Huang, H, Ling, H & Zhang, C 2025, Manta: Hybrid-Sensitive Type Inference Toward Type-Assisted Bug Detection for Stripped Binaries. in ASPLOS 2024 - Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS, vol. 4, Association for Computing Machinery, pp. 170-187, 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2024, San Diego, United States, 27/04/24. https://doi.org/10.1145/3622781.3674177

Manta: Hybrid-Sensitive Type Inference Toward Type-Assisted Bug Detection for Stripped Binaries. / Ye, Chengfeng; Cai, Yuandao; Zhou, Anshunkang et al.
ASPLOS 2024 - Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. Association for Computing Machinery, 2025. p. 170-187 (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS; Vol. 4).

Research output: Chapter in Book/Conference Proceeding/Report › Conference Paper published in a book › peer-review

TY - GEN

T1 - Manta

T2 - 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2024

AU - Ye, Chengfeng

AU - Cai, Yuandao

AU - Zhou, Anshunkang

AU - Huang, Heqing

AU - Ling, Hao

AU - Zhang, Charles

PY - 2025/4/10

Y1 - 2025/4/10

N2 - Static binary bug detection has been a prominent approach for ensuring the security of binaries used in our daily lives. However, the type information lost in binaries prevents the improvement opportunity for a static analyzer to utilize type information to prune away infeasible facts and increase analysis precision. To make binary bug detection more practical with higher precision, in this work, we propose the first hybrid-sensitive type inference, Manta, that combines data-flow analysis with different sensitivities to complement each other and infer precise types for many variables. The inferred types are then used to assist with bug detection by pruning infeasible indirect call targets and data dependencies. Our experiments indicate Manta outperforms prior work by inferring types with 78.7% precision and 97.2% recall. Based on the inferred types, we can prune away 63.9% more infeasible indirect-call targets compared to existing type analysis techniques and perform program slicing on binaries with 61.1% similarity to that on source code. Moreover, Manta has led to 86 new developer-confirmed vulnerabilities in many popular IoT firmware, with 64 CVE/PSV IDs assigned.

AB - Static binary bug detection has been a prominent approach for ensuring the security of binaries used in our daily lives. However, the type information lost in binaries prevents the improvement opportunity for a static analyzer to utilize type information to prune away infeasible facts and increase analysis precision. To make binary bug detection more practical with higher precision, in this work, we propose the first hybrid-sensitive type inference, Manta, that combines data-flow analysis with different sensitivities to complement each other and infer precise types for many variables. The inferred types are then used to assist with bug detection by pruning infeasible indirect call targets and data dependencies. Our experiments indicate Manta outperforms prior work by inferring types with 78.7% precision and 97.2% recall. Based on the inferred types, we can prune away 63.9% more infeasible indirect-call targets compared to existing type analysis techniques and perform program slicing on binaries with 61.1% similarity to that on source code. Moreover, Manta has led to 86 new developer-confirmed vulnerabilities in many popular IoT firmware, with 64 CVE/PSV IDs assigned.

UR - https://www.webofscience.com/wos/woscc/full-record/WOS:001483831800012

UR - https://openalex.org/W4409328482

UR - https://www.scopus.com/pages/publications/105006975767

U2 - 10.1145/3622781.3674177

DO - 10.1145/3622781.3674177

M3 - Conference Paper published in a book

T3 - International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS

SP - 170

EP - 187

BT - ASPLOS 2024 - Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

PB - Association for Computing Machinery

Y2 - 27 April 2024 through 1 May 2024

ER -

Ye C, Cai Y, Zhou A, Huang H, Ling H, Zhang C. Manta: Hybrid-Sensitive Type Inference Toward Type-Assisted Bug Detection for Stripped Binaries. In ASPLOS 2024 - Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. Association for Computing Machinery. 2025. p. 170-187. (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS). doi: 10.1145/3622781.3674177

Manta: Hybrid-Sensitive Type Inference Toward Type-Assisted Bug Detection for Stripped Binaries

Abstract

Publication series

Conference

Bibliographical note

Access to Document

Other files and links

Fingerprint

Cite this