With the analysis of binary code once again becoming relevant due to the proliferation of interconnected embedded devices, the subfield of binary analysis techniques has recently undergone a renaissance. Over the past few years, well over a dozen binary analysis frameworks were produced and released by well over a dozen research groups and private enterprise, putting the world in a situation where there are more seriously-developed binary analysis frameworks than there are web browsers. Of course, the situation has not been ignored by funding agencies, with massive grants, featuring binary analysis, being funded around the world.

This binary analysis gold rush has taken place in a mostly uncoordinated manner, with some researchers meeting up on an ad-hoc basis at conferences and other research groups working in obscurity and isolation. As a result, while commonly-adapted solutions to some problems have emerged, there is very little actual sharing and solution reuse among tools. This has resulted in missing tool functionality (e.g., some open source research prototypes support wide ranges of architectures that others do not, even though all of the code involved is open source) and needlessly duplicated effort (e.g., Miasm, Manticore, and angr all separately implement conceptually identical function summaries to simplify analysis of library code and to emulate system calls) and has hampered the adoption of fundamental scientific advances in the field.

The BAR aims to provide an interaction point for researchers doing work in binary program analysis, with half of the workshop dedicated to traditional paper sessions and the other half to a roundtable discussion among researchers, implementers, and end-users of binary analysis techniques. To this end, we welcome submissions on all aspects of binary analysis, including security, reverse engineering, visualization, AI and machine learning, program analysis theories, human factors, gamification, tooling, and transition from research.

Important: A key goal of this workshop is to foster advancement in binary analysis techniques. To this end, this workshop will emphasize the importance of releasing and sharing artifacts that can be used to reproduce results in papers and can be used as a basis for further research and development. Therefore, we sincerely hope that all authors will release or open source artifacts that are related to their submissions, including but are not limited to, software kits, source code, data-sets, raw data used in evaluations, etc. Papers submitted with artifacts or promises of artifact releases will get special recognition in the form of an artifact certification badge on the publication. Paper submissions that do not commit to releasing or open sourcing their artifacts will be considered only when there is room left after other submissions are accepted.

Topics of interest include, but are not limited to:
- Building blocks of binary analysis (program slicing, taint tracking, summarization, binary rewriting, formal methods).
- Automated binary hardening (against vulnerabilities and against analysis).
- Binary analysis to assist humans (visualization, UI/UX design).
- Human assistance to binary analysis (i.e., human-assisted cyber reasoning systems).
- Modeling and discovering non-memory-corruption vulnerabilities (information leaks, side-channels).
- Automated exploitation.
- Data exchange and sharing between binary analysis platforms.
Fundamental capabilities (root-cause analysis).
- Non-trivial targets (real-world binaries, embedded devices, beyond binary code).
- Binary analysis for CTF competitions.
- Artificial intelligence, machine learning and binary analysis.
- Environment modeling for binary analysis.
- Transition from research prototype to industry-grade tool (and practical problems thereof).
- Improving the scalability of automated binary analysis techniques.
- Interaction and integration of tools.
- Bytecode analysis (including Java/DEX bytecode)
- Reports of and lessons-learned from applying previous approaches or replicating published papers.


Important Dates
- All deadlines are in Anywhere-on-earth (AOE) time zone.


Paper submission: January 11, 2021
Acceptance notification: February 7, 2021
Camera-ready submission (after the workshop): March 12, 2021
Location
Co-located online with NDSS.


Submission Instructions
- All papers must be written in English. Papers must be formatted for US letter size paper in a two-column layout, with columns no more than 9.25-inch high and 3.5-inch wide. The text must be in Times font, 10-point or larger, with 11-point or larger line spacing. If possible, authors should use the templates provided by NDSS.

We invite both full papers and short papers. Full papers should have no more than 10 pages in total (excluding references and appendices). Short papers must no more than 6 pages (again, excluding references and appendices), and can be about work-in-progress and novel ideas. Short papers will be selected based on their potential to spark interesting discussions during the workshop.

Submissions are encouraged to be anonymized for review, but this is not necessary.

The proceedings will be published by the Internet Society after NDSS.

Submission site: https://bar2021.hotcrp.com

Program Committee
- Program Chair: Brendan Dolan-Gavitt, New York University

- Program Committee:
Yan Shoshitaishvili, Arizona State University
Xinyu Xing, Penn State University
Andrea Lanzi, Universty of Milan
Lorenzo Cavallaro, King’s College London
Sophia d’Antoine, Margin Research
Tim Bryant, Vector 35
Taegyu Kim, Purdue University
Sébastien Bardin, CEA LIST
Zhiqiang Lin, Ohio State University
Antonio Bianchi, Purdue University
Maverick Woo, Carnegie Mellon University
Daniele Cono D’Elia, Sapienza University of Rome
Sarah Zennou, Airbus
Konrad Rieck, TU Braunschweig
Ruoyu “Fish” Wang, Arizona State University
Edward J. Schwartz, Carnegie Mellon University
Martina Lindorfer, TU Wien
Mariano Graziano, Cisco Talos
Christophe Hauser, Information Sciences institute, University of Southern California
Juan Caballero, IMDEA Software Institute
Aurélien Francillon, EURECOM
Grant Hernandez, Qualcomm
Alexei Bulazel, Independent Security Researcher