Visible to the public Secure Native Binary Executions--2022 Q3Conflict Detection Enabled

Submitted by prasadk on Thu, 10/06/2022 - 11:55am

PI(s): Prasad Kulkarni

HARD PROBLEM(S) ADDRESSED:

Scalability and Composability, Security Metrics

PUBLIC ACCOMPLISHMENT HIGHLIGHTS:

Our overall project goal is to develop a high-performance framework for client-side security assessment and enforcement for binary software.

In this quarter we continued our work to: (a) Develop tools and techniques to evaluate the client-side security properties of binary software, and (b) Understand the efficiency and effectiveness challenges and tradeoffs in implementing source-level (compiler-based) security techniques at the binary-level.

The major highlights in the last quarter were the following:

(a) Our paper describing our techniques, results, and observations regarding the detection of compiler-added security checks in binaries was accepted in Springer's ISPEC 2022.

(b) We presented our paper that describes our technique to identify the high-level source language from the given binary at Springer's ICR 2022 conference.

(c) We continued to develop techniques that can detect the presence of CWEs and indicators of secure coding practices adopted during the (source level) coding stage from just the binary code. We developed a method to automate determining the effectiveness of our new CWE and fault detection techniques on binaries (compared to techniques at source level).

(d) We continued our work to assess the effectiveness and efficiency of conducting control-flow integrity (CFI) on binary code as compared to performing CFI on source code.

PUBLICATIONS FROM THE QUARTER:

1. Adhikari, Ashish and Kulkarni, Prasad A. (2022). Using the Strings Metadata to Detect the Source Language of the Binary. In: Daimi, K., Al Sadoon, A. (eds) Proceedings of the ICR'22 International Conference on Innovations in Computing Research. ICR 2022. Advances in Intelligent Systems and Computing, vol 1431. Springer, Cham. https://doi.org/10.1007/978-3-031-14054-9_19

2. Pramanick, Koyel and Kulkarni, Prasad A. (2022). Detect Compiler Inserted Run-time Security Checks in Binary Software. To be published in the 17th International Conference on Information Security Practice and Experience (ISPEC 2022), Taipei, Taiwan, November 23-25, 2022.

Groups: