Visible to the public Secure Native Binary Executions--2021 Q3Conflict Detection Enabled

Submitted by prasadk on Sat, 10/09/2021 - 12:38pm

PI(s): Prasad Kulkarni

HARD PROBLEM(S) ADDRESSED:
Scalability and Composability, Security Metrics

PUBLIC ACCOMPLISHMENT HIGHLIGHTS:

Our overall project goal is to develop a high-performance framework for client-side security assessment and enforcement for binary software.

In this quarter we continued our work to: (a) Develop tools and techniques to evaluate the client-side security properties of binary software, and (b) Understand the challenges in implementing source-level (compiler-based) security techniques at the binary-level and develop new techniques to protect binary software from common classes of security attacks.

Dr. Jantz and his team at the University of Tennessee (sub-contract) are developing custom tools to study the effectiveness of different strategies for making binary programs more secure.

The major highlights in the last quarter were the following: (a) We developed new techniques, collected diverse benchmarks, and designed the experimental framework to automatically detect if the given binary code was compiled with compiler-based security checks. (b) We developed a new technique and ML models to infer the programming language used, when given only the stripped binary executable. (c) We revised our paper that studies the effectiveness of performing memory safety checks with information collected from program binaries by the latest reverse engineering tools. We started a new study to assess the effectiveness and efficiency of conducting control-flow integrity (CFI) on binary code as compared to performing CFI on source code.

PUBLICATIONS FROM THE QUARTER:

Ruturaj Vaidya, Prasad Kulkarni, and Michael Jantz. Explore Capabilities and Effectiveness of Reverse Engineering Tools to Provide Memory Safety for Binary Programs, conditionally accepted to the international conference on Information Security Practice and Experience, 2021.

Groups: