Abstract
Program instrumentation techniques form the basis of many recent software security defenses, including defenses against common exploits and security policy enforcement. As compared to source-code instrumentation, binary instrumentation is easier to use and more broadly applicable due to the ready availability of binary code. Two key features needed for security instrumentations are (a) it should be applied to all application code, including code contained in various system and application libraries, and (b) it should be non-bypassable. So far, dynamic binary instrumentation (DBI) techniques have provided these features, whereas static binary instrumentation (SBI) techniques have lacked them. These features, combined with ease of use, have made DBI the de facto choice for security instrumentations. However, DBI techniques can incur high overheads in several common usage scenarios, such as application startups, system-calls, and many real-world applications. We therefore develop a new platform for secure static binary instrumentation (PSI) that overcomes these drawbacks of DBI techniques, while retaining the security, robustness and ease-of-use features. We illustrate the versatility of PSI by developing several instrumentation applications: basic block counting, shadow stack defense against control-flow hijack and return-oriented programming attacks, and system call and library policy enforcement. While being competitive with the best DBI tools on CPU-intensive SPEC 2006 benchmark, PSI provides an order of magnitude reduction in overheads on a collection of real-world applications.
- Lmbench tool for performance analysis. http://lmbench.sourceforge.net/.Google Scholar
- M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control- flow integrity principles, implementations, and applications. ACM TISSEC, 2009. Google Scholar
Digital Library
- K. Anand, M. Smithson, A. Kotha, K. Elwazeer, and R. Barua. Decompilation to compiler high IR in a binary rewriter. Technical report, University of Maryland, 2010.Google Scholar
- K. Anand, M. Smithson, K. Elwazeer, A. Kotha, and J. Gruen et al. A compiler-level intermediate representation based binary analysis and rewriting system. In EuroSys, 2013. Google Scholar
Digital Library
- T. Avgerinos, S. K. Cha, A. Rebert, E. J. Schwartz, and M. Woo et al. AEG: automatic exploit generation. In NDSS, 2011.Google Scholar
- T. Bletsch, X. Jiang, and V. Freeh. Mitigating code-reuse attacks with control-flow locking. In ACSAC, 2011. Google Scholar
Digital Library
- E. Borin, C. Wang, Y. Wu, and G. Araujo. Software-based transparent and comprehensive control-flow error detection. In CGO, 2006. Google Scholar
Digital Library
- D. Bruening. Efficient, transparent, and comprehensive run- time code manipulation. PhD thesis, 2004. Google Scholar
Digital Library
- D. Brumley, I. Jager, T. Avgerinos, and E. Schwartz. BAP: a binary analysis platform. In CAV, 2011. Google Scholar
Digital Library
- B. Buck and J. Hollingsworth. An API for runtime code patching. Int. J. High Perform. Comput. Appl., 2000. Google Scholar
Digital Library
- P. Chen, H. Xiao, X. Shen, X. Yin, and B. Mao et al. DROP: detecting return-oriented programming malicious code. In ICISS, 2009. Google Scholar
Digital Library
- L. Davi, A.-R. Sadeghi, and M. Winandy. ROPdefender: a detection tool to defend against return-oriented programming attacks. In ASIACCS, 2011. Google Scholar
Digital Library
- K. ElWazeer, K. Anand, A. Kotha, M. Smithson, and R. Barua. Scalable variable and data type detection in a binary rewriter. In PLDI, 2013. Google Scholar
Digital Library
- U. Erlingsson, M. Abadi, M. Vrable, M. Budiu, and G. Necula. XFI: software guards for system address spaces. In OSDI, 2006. Google Scholar
Digital Library
- B. Ford and R. Cox. Vx32: lightweight user-level sandboxing on the x86. In USENIX ATC, 2008. Google Scholar
Digital Library
- J. Hiser, A. Nguyen-Tuong, M. Co, M. Hall, and J. Davidson. ILR: where'd my gadgets go? In S&P, 2012. Google Scholar
Digital Library
- V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure exe- cution via program shepherding. In USENIX Security, 2002. Google Scholar
Digital Library
- M. Laurenzano, M. Tikir, L. Carrington, and A. Snavely. PEBIL: efficient static binary instrumentation for Linux. InIEEE International Symposium on Performance Analysis of Systems Software (ISPASS), 2010.Google Scholar
Cross Ref
- C.-K. Luk, R. Cohn, R. Muth, H. Patil, and A. Klauser et al. Pin: building customized program analysis tools with dynamic instrumentation. In PLDI, 2005. Google Scholar
Digital Library
- S. McCamant and G. Morrisett. Evaluating SFI for a CISC architecture. USENIX Security, 2006. Google Scholar
Digital Library
- S. Nanda, W. Li, L.-C. Lam, and T.-c. Chiueh. BIRD: binary interpretation using runtime disassembly. In CGO, 2006. Google Scholar
Digital Library
- N. Nethercote and J. Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation. In PLDI, 2007. Google Scholar
Digital Library
- J. Newsome. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In NDSS, 2005.Google Scholar
- K. Onarlioglu, L. Bilge, A. Lanzi, D. Balzarotti, andE. Kirda. G-Free: defeating return-oriented programming through gadget-less binaries. In ACSAC, 2010. Google Scholar
Digital Library
- V. Pappas, M. Polychronakis, and A. Keromytis. Smashing the gadgets: Hindering return-oriented programming using in- place code randomization. In S&P, 2012. Google Scholar
Digital Library
- M. Payer and T. Gross. Fine-grained user-space security through virtualization. In VEE, 2011. Google Scholar
Digital Library
- M. Prasad and T.-c. Chiueh. A binary rewriting defense against stack based overflow attacks. In USENIX ATC, 2003.Google Scholar
- F. Qin, C. Wang, Z. Li, H.-s. Kim, and Y. Zhou et al. LIFT: a low-overhead practical information flow tracking system for detecting security attacks. In MICRO, 2006. Google Scholar
Digital Library
- P. Saxena, R. Sekar, and V. Puranik. Efficient fine-grained binary instrumentation with applications to taint-tracking. In CGO, 2008. Google Scholar
Digital Library
- K. Scott, N. Kumar, S. Velusamy, B. Childers, and J. Davidson et al. Retargetable and reconfigurable software dynamic translation. In CGO, 2003. Google Scholar
Digital Library
- D. Song, D. Brumley, H. Yin, J. Caballero, and I. Jager et al. BitBlaze: a new approach to computer security via binary analysis. In ICISS, 2008. Google Scholar
Digital Library
- R. Wahbe, S. Lucco, T. Anderson, and S. Graham. Efficient software-based fault isolation. In SOSP, 1993. Google Scholar
Digital Library
- R. Wartell, V. Mohan, K. Hamlen, and Z. Lin. Securing untrusted code via compiler-agnostic binary rewriting. In ACSAC, 2012. Google Scholar
Digital Library
- R. Wartell, V. Mohan, K. Hamlen, and Z. Lin. Binary stirring: self-randomizing instruction addresses of legacy x86 binary code. In CCS, 2012. Google Scholar
Digital Library
- B. Yee, D. Sehr, G. Dardyk, J. B. Chen, and R. Muth et al. Native Client: a sandbox for portable, untrusted x86 native code. In S&P, 2009. Google Scholar
Digital Library
- C. Zhang, T. Wei, Z. Chen, L. Duan, and S. McCamant et al. Protecting function pointers in binary. In ASIACCS, 2013. Google Scholar
Digital Library
- C. Zhang, T. Wei, Z. Chen, L. Duan, and L. Szekeres et al. Practical control flow integrity & randomization for binary executables. In S&P, 2013. Google Scholar
Digital Library
- M. Zhang and R. Sekar. Control flow integrity for COTS binaries. In USENIX Security, 2013 Google Scholar
Digital Library
Index Terms
A platform for secure static binary instrumentation
Recommendations
A platform for secure static binary instrumentation
VEE '14: Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environmentsProgram instrumentation techniques form the basis of many recent software security defenses, including defenses against common exploits and security policy enforcement. As compared to source-code instrumentation, binary instrumentation is easier to use ...
Anywhere, any-time binary instrumentation
PASTE '11: Proceedings of the 10th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software toolsThe Dyninst binary instrumentation and analysis framework distinguishes itself from other binary instrumentation tools through its abstract, machine independent interface; its emphasis on anywhere, any-time binary instrumentation; and its low overhead ...
Efficient, sensitivity resistant binary instrumentation
ISSTA '11: Proceedings of the 2011 International Symposium on Software Testing and AnalysisBinary instrumentation allows users to inject new code into programs without requiring source code, symbols, or debugging information. Instrumenting a binary requires structural modifications such as moving code, adding new code, and overwriting ...







Comments