BinRec: dynamic binary lifting and recompilation

Anil Altinay, Joseph Nash, Taddeus Kroes, Prabhu Rajasekaran, Dixin Zhou, Adrian Dabrowski, David Gens, Yeoul Na, Stijn Volckaert, Cristiano Giuffrida, Herbert Bos, Michael Franz

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Binary lifting and recompilation allow a wide range of install-Time program transformations, such as security hardening, deobfuscation, and reoptimization. Existing binary lifting tools are based on static disassembly and thus have to rely on heuristics to disassemble binaries. In this paper, we present BinRec, a new approach to heuristic-free binary recompilation which lifts dynamic traces of a binary to a compiler-level intermediate representation (IR) and lowers the IR back to a "recovered" binary. This enables BinRec to apply rich program transformations, such as compiler-based optimization passes, on top of the recovered representation. We identify and address a number of challenges in binary lifting, including unique challenges posed by our dynamic approach. In contrast to existing frameworks, our dynamic frontend can accurately disassemble and lift binaries without heuristics, and we can successfully recover obfuscated code and all SPEC INT 2006 benchmarks including C++ applications. We evaluate BinRec in three application domains: i) binary reoptimization, ii) deobfuscation (by recovering partial program semantics from virtualization-obfuscated code), and iii) binary hardening (by applying existing compiler-level passes such as AddressSanitizer and SafeStack on binary code).

Original languageEnglish
Title of host publicationEuroSys '20
Subtitle of host publicationProceedings of the Fifteenth European Conference on Computer Systems
PublisherAssociation for Computing Machinery, Inc
Pages1-16
Number of pages16
ISBN (Electronic)9781450368827
DOIs
Publication statusPublished - Apr 2020
Event15th European Conference on Computer Systems, EuroSys 2020 - Heraklion, Greece
Duration: 27 Apr 202030 Apr 2020

Conference

Conference15th European Conference on Computer Systems, EuroSys 2020
Country/TerritoryGreece
CityHeraklion
Period27/04/2030/04/20

Funding

We thank our shepherd and the anonymous reviewers for their feedback. This material is based upon work partially supported by the Defense Advanced Research Projects Agency (DARPA) under contracts FA8750-15-C-0124 and FA8750-15-C-0085, by the United States Office of Naval Research (ONR) under contract N00014-17-1-2782, by the National Science Foundation under awards CNS-1619211 and CNS-1513837, and by the Netherlands Organisation for Scientific Research through grant NWO 639.023.309 VICI “Dowsing”. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the Defense Advanced Research Projects Agency (DARPA) or its Contracting Agents, the Office of Naval Research or its Contracting Agents, the National Science Foundation, or any other agency of the U.S. Government. The authors also gratefully acknowledge a gift from Oracle Corporation.

FundersFunder number
United States Office of Naval Research
National Science FoundationCNS-1619211, CNS-1513837
National Science Foundation
Office of Naval ResearchN00014-17-1-2782
Office of Naval Research
Defense Advanced Research Projects AgencyFA8750-15-C-0085, FA8750-15-C-0124
Defense Advanced Research Projects Agency
Nederlandse Organisatie voor Wetenschappelijk Onderzoek639.023.309
Nederlandse Organisatie voor Wetenschappelijk Onderzoek

    Fingerprint

    Dive into the research topics of 'BinRec: dynamic binary lifting and recompilation'. Together they form a unique fingerprint.

    Cite this