Visible to the public Biblio

Filters: Author is Franz, Michael  [Clear All Filters]
2019-02-08
Kroes, Taddeus, Altinay, Anil, Nash, Joseph, Na, Yeoul, Volckaert, Stijn, Bos, Herbert, Franz, Michael, Giuffrida, Cristiano.  2018.  BinRec: Attack Surface Reduction Through Dynamic Binary Recovery. Proceedings of the 2018 Workshop on Forming an Ecosystem Around Software Transformation. :8-13.

Compile-time specialization and feature pruning through static binary rewriting have been proposed repeatedly as techniques for reducing the attack surface of large programs, and for minimizing the trusted computing base. We propose a new approach to attack surface reduction: dynamic binary lifting and recompilation. We present BinRec, a binary recompilation framework that lifts binaries to a compiler-level intermediate representation (IR) to allow complex transformations on the captured code. After transformation, BinRec lowers the IR back to a "recovered" binary, which is semantically equivalent to the input binary, but does have its unnecessary features removed. Unlike existing approaches, which are mostly based on static analysis and rewriting, our framework analyzes and lifts binaries dynamically. The crucial advantage is that we can not only observe the full program including all of its dependencies, but we can also determine which program features the end-user actually uses. We evaluate the correctness and performance of BinRec, and show that our approach enables aggressive pruning of unwanted features in COTS binaries.

2018-12-10
Burow, Nathan, Carr, Scott A., Nash, Joseph, Larsen, Per, Franz, Michael, Brunthaler, Stefan, Payer, Mathias.  2017.  Control-Flow Integrity: Precision, Security, and Performance. ACM Comput. Surv.. 50:16:1–16:33.
Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today’s systems. Control-flow hijacking attacks exploit memory corruption vulnerabilities to divert program execution away from the intended control flow. Researchers have spent more than a decade studying and refining defenses based on Control-Flow Integrity (CFI); this technique is now integrated into several production compilers. However, so far, no study has systematically compared the various proposed CFI mechanisms nor is there any protocol on how to compare such mechanisms. We compare a broad range of CFI mechanisms using a unified nomenclature based on (i) a qualitative discussion of the conceptual security guarantees, (ii) a quantitative security evaluation, and (iii) an empirical evaluation of their performance in the same test environment. For each mechanism, we evaluate (i) protected types of control-flow transfers and (ii) precision of the protection for forward and backward edges. For open-source, compiler-based implementations, we also evaluate (iii) generated equivalence classes and target sets and (iv) runtime performance.