Secure Native Binary Executions--2019 Q2

PI(s): Prasad Kulkarni

HARD PROBLEM(S) ADDRESSED:
Scalability and Composability, Security Metrics

PUBLIC ACCOMPLISHMENT HIGHLIGHTS:

Our project goal is to develop a high-performance framework for client-side security assessment and enforcement for COTS (commercial off the shelf) binary software. During the last quarter we conducted the following tasks:

1. Framework to update any binary with additional security checks:

Several mechanisms to protect software written in unsafe languages, like C and C++, against different kinds of memory related attacks have already been proposed and evaluated. However, most of these mechanisms need high-level program structure and data-flow information and then need to insert additional control and data-flow checks in the generated binary. The analysis and code generation is either performed manually by the programmer or automatically from the source code by the compiler.

Our goal is to implement important existing security mechanisms on software binaries. Our technique employs two tools, (a) NSA's open-source reverse engineering software called Ghidra to conduct most of the static analysis, and (b) Intel's dynamic binary instrumentation engine called Pin to complete the analysis using execution-time data and extend the executed code with security checks. We have defined an interface to communicate the static analysis data gathered by Ghidra to the Pin runtime engine. We are currently in the final stages of implementing the SoftBound technique that can provide complete spatial memory safety for code written using unsafe languages (Santosh Nagarakatte, Jianzhou Zhao, Milo M.K. Martin, and Steve Zdancewic. 2009. SoftBound: highly compatible and complete spatial memory safety for c. SIGPLAN Not. 44, 6 (June 2009), 245-258. DOI: https://doi.org/10.1145/1543135.1542504).

We are attempting to answer fundamental questions, including:

(a) How can we collect high-level program information from low-level binaries?

(b) How can we efficiently implement existing security mechanisms using dynamic runtime engines?

(c) How can we still provide a reduced level of protection when the required analysis information cannot be accurately collected from binary programs?

(d) How can we leverage static tools like Ghidra with dynamic tools like Pin to most effectively and efficiently implement security defense techniques?

2. Framework to determine the security level of a given binary executable:

For this thrust we are exploring a fundamental question, how can we assess if a given binary program is susceptible to certain classes of attacks? We are exploring mechanisms based on signature/code-pattern detection in the static binary code and orchestrating attacks (using the Pin instrumentation engine) at execution-time that would be caught by a defense, if it was implemented.

We selected the "stack canary" defense (as generated by the GCC -fstack-protector flag) as a case study. We have implemented a signature based method that checks the static binary code to detect code patterns to determine if the binary has implemented this defense. We are in the process of building an automated strategy to orchestrate a buffer overflow attack on any binary that would trigger the stack protection check, if present in the binary. Triggering of the defense confirms its presence.

3. We are also continuing our work to improve the startup and steady-state performance of a DBT, as identified in the previous quarterly report. In this quarter we specifically focused on the fundamental question of accurately apportioning the overhead that is caused by each stage of the DBT, including translation, context switching, branch handling, etc.

PUBLICATIONS FROM THE QUARTER:

None