Visible to the public Secure Native Binary Executions--2022 Q4Conflict Detection Enabled

Submitted by prasadk on Wed, 01/11/2023 - 11:32am

PI(s): Prasad Kulkarni

HARD PROBLEM(S) ADDRESSED:

Scalability and Composability, Security Metrics

PUBLIC ACCOMPLISHMENT HIGHLIGHTS:

Our overall project goal is to develop a high-performance framework for client-side security assessment and enforcement for binary software.

In this quarter we continued our work to: (a) Develop tools and techniques to evaluate the client-side security properties of binary software, and (b) Understand the efficiency, effectiveness, challenges and tradeoffs in implementing binary analysis and security mechanisms at the binary-level, as compared to source-level (compiler based) techniques.

The major highlights in the last quarter were the following:

(a) We presented our paper describing techniques, results, and observations regarding the detection of compiler-added security checks in binaries in Springer's ISPEC 2022 conference.

(b) Our work that built and demonstrated a framework to assess the inference accuracy of binary decompilers regarding functions, variables, and data types detection was accepted for publication at the ICISSP 2023 conference. We used the Ghidra decompiler as a case-study.

(c) We continued to develop techniques that can detect the presence of CWEs and indicators of secure coding practices adopted during the (source level) coding stage from just the binary code.

(d) We continued our work to develop a modular framework and insightful metrics to assess the effectiveness and efficiency of binary-level control-flow integrity (CFI) techniques.

PUBLICATIONS FROM THE QUARTER:

1. Pramanick, Koyel and Kulkarni, Prasad A. (2022). Detect Compiler Inserted Run-time Security Checks in Binary Software. Published in the 17th International Conference on Information Security Practice and Experience (ISPEC 2022), Taipei, Taiwan, November 23-25, 2022, Lecture Notes in Computer Science, vol 13620. Springer, Cham. https://doi.org/10.1007/978-3-031-21280-2_15.

2. Kline, Jace and Kulkarni, Prasad A. (2023). A Framework for Assessing Decompiler Inference Accuracy of Source-Level Program Constructs. To be published in the 9th International Conference on Information Systems Security and Privacy (ICISSP '23), February 22-24, 2023.

Groups: