Visible to the public Secure Native Binary Executions--2019 Q1Conflict Detection Enabled

PI(s): Prasad Kulkarni

HARD PROBLEM(S) ADDRESSED:
Scalability and Composability, Security Metrics

PUBLIC ACCOMPLISHMENT HIGHLIGHTS:

Our project goal is to develop a high-performance framework for client-side security assessment and enforcement for COTS (commercial off the shelf) binary software. During the last quarter we conducted the following tasks:

1. We are building a framework using Intel's Pin dynamic binary translator (DBT) to instrument any unprotected software binary to detect and prevent memory attacks. Several mechanisms to protect binary software written in unsafe languages, like C and C++, against different kinds of memory related attacks have already been proposed and evaluated. However, most of these mechanisms need high-level program structure and data-flow information. Such information is then provided manually by the programmer or extracted automatically from the source code by the compiler. These techniques result in the insertion of additional data and control-flow checks in the binary, along with code that at run-time generates and stores metadata (on the program stack and/or heap) and later uses that during the security checks. The goal of our effort is to

(a) implement these techniques at the binary level without access to any high-level program information,

(b) update the actual executed code to generate identical metadata and security checks, appropriately adjusting the stack and heap structure, and

(b) understand and compare the effectiveness (and overhead) of such techniques when implemented at the binary level (as opposed to a compiler).

2. We are also working to improve the startup and steady-state performance of a DBT. We proposed a technique to reduce the number of stalls and context switches caused by block translation requests that occur whenever a code region is first reached during execution. Our technique will predict the blocks that are most likely to be reached during future execution and translate them before-hand, so that the corresponding translated code blocks are available (and not cause an application stall) when reached later during execution. We are implementing various machine learning and data mining based techniques to evaluate their effectiveness to correctly predict the blocks that the future program execution will need.

PUBLICATIONS FROM THE QUARTER:

None