Abstract
Compile-time specialization and feature pruning through static binary rewriting have been proposed repeatedly as techniques for reducing the attack surface of large programs, and for minimizing the trusted computing base. We propose a new approach to attack surface reduction: dynamic binary lifting and recompilation. We present BinRec, a binary recompilation framework that lifts binaries to a compiler-level intermediate representation (IR) to allow complex transformations on the captured code. After transformation, BinRec lowers the IR back to a "recovered" binary, which is semantically equivalent to the input binary, but has its unnecessary features removed. Unlike existing approaches, which are mostly based on static analysis and rewriting, our framework analyzes and lifts binaries dynamically. The crucial advantage is that we can not only observe the full program including all of its dependencies, but we can also determine which program features the end-user actually uses. We evaluate the correctness and performance of Bin-Rec, and show that our approach enables aggressive pruning of unwanted features in COTS binaries.
Original language | English |
---|---|
Title of host publication | FEAST 2018 - Proceedings of the 2018 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2018 |
Publisher | Association for Computing Machinery |
Pages | 8-13 |
Number of pages | 6 |
ISBN (Electronic) | 9781450359979 |
DOIs | |
Publication status | Published - 15 Oct 2018 |
Event | 2018 Workshop on Forming an Ecosystem Around Software Transformation, FEAST, held in conjunction with the 25th ACM Conference on Computer and Communications Security, CCS 2018 - Toronto, Canada Duration: 19 Oct 2018 → … |
Conference
Conference | 2018 Workshop on Forming an Ecosystem Around Software Transformation, FEAST, held in conjunction with the 25th ACM Conference on Computer and Communications Security, CCS 2018 |
---|---|
Country/Territory | Canada |
City | Toronto |
Period | 19/10/18 → … |
Funding
We thank the anonymous reviewers for their valuable feedback. This work was supported in part by the Netherlands Organisation for Scientific Research through grants NWO 639.023.309 VICI "Dowsing", in part by the United States Office of Naval Research (ONR) under contracts N00014-17-1-2782 and N00014-17-S-B010 "BinRec", in part by the European Commission (Horizon 2020 - DS-07-2017) under Grant #786669 "ReAct", in part by the Defense Advanced Research Projects Agency (DARPA) under contracts FA8750-15-C-0124 and FA8750-15-C-0085, and in part by the National Science Foundation under awards CNS-1619211 and CNS-1513837. Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of any of the sponsors or any of their affiliates. The authors also gratefully acknowledge a gift from Oracle Corporation.
Funders | Funder number |
---|---|
Defense Advanced Research Projects Agency | FA8750-15-C-0085, FA8750-15-C-0124 |
Horizon 2020 Framework Programme | 786669 |
National Science Foundation | CNS-1619211, CNS-1513837 |
Keywords
- Attack surface reduction
- Binary lifting
- LLVM
- Symbolic execution