The Reliable Software Decomposition SIG is a Special Interest Group at the the sandbox stage. The SIG reports to the OpenSSF Security Tooling Working Group.
Motivation
Disassembly is a foundational step of a wide range of software maintainance workflows, including debugging, profiling, reverse engineering, security analysis, dependency analysis, patching, binary translation, and optimization. Unfortunately, correct disassembly is undecidable and existing security and maintainance tools must rely on complex heuristics and manual work by experts. The resulting partial and/or inaccurate disassembly can lead to missed or erroneous vulnerability reports, inaccurate software composition analysis, or incorrect patches or optimizations.
Some of the information required to make disassembly possible without
these complex heuristics is already available in existing toolchain
artifacts, but enabled or used only to varying degrees. For example,
many system profiling tools depend on .eh_frame unwinding
metadata. Some other information, like the structure of assembly jump
tables, is simply not available.
The goal of this special interest group is to develop a set of standard practices (enabled toolchain flags, features, etc.) and/or extensions to ELF and associated toolchains to enable fully automated, reliable disassembly of the resulting binaries.
Objective
Our planned initial deliverables will include a document compiling:
- a list of existing areas where current disassemblers must rely on heuristics,
- a list of existing sources of metadata that could address these deficiencies if enabled, and
- a list of gaps that could be addressed with additional metadata generated by toolchains.
Guided by this deliverable, we then plan to draft a specification for what information must be included in an ELF object to enable disassembly, where and how it can be found in an ELF binary, and what additional data should be added as ELF extensions. We also plan to develop prototype implementations of the necessary extensions and work with toolchain communities to incorporate the required features. If we have developed sufficient community interest at this stage, we will explore converting the SIG into a OpenSSF project to organize work on the specification and tooling.
Scope
These efforts will be scoped to language-independent information about binary programs; that is, improvements to the ELF standard and related tools that enable reliable disassembly rather than the more general problem of decompilation. Initially, our efforts will focus on the x86_64 Linux platform, but the extensions should be platform agnostic where practicable.
Get Involved
- Official communications occur on via the Security Tools Working Group and via Zoom (see Meeting Times below).
Meeting times
Zoom every other Monday @ GMT starting June 9, 2025.
The meeting invite is available on the public OSSF Calendar
Governance/Membership
The CHARTER.md outlines the scope and governance of our group activities.
- Lead: Scott Moore scott@galois.com, Galois, Inc.
- Sponsor: Ryan Ware ware@opensourceware.me
Intellectual Property
In accordance with the OpenSSF Charter (PDF), work produced by this group is licensed as follows:
- Software source code
- Apache License, Version 2.0, available at https://www.apache.org/licenses/LICENSE-2.0;
- Data
- Any of the Community Data License Agreements, available at https://www.cdla.io;
- Specifications
- Community Specification License, Version 1.0, available at https://github.com/CommunitySpecification/1.0
- All other Documentation
- Creative Commons Attribution 4.0 International License, available at https://creativecommons.org/licenses/by/4.0/
Antitrust Policy Notice
Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.
Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.