Bending Binary Programs to your Will Rajeev Barua
-
Upload
ramona-jacobs -
Category
Documents
-
view
37 -
download
2
description
Transcript of Bending Binary Programs to your Will Rajeev Barua
![Page 1: Bending Binary Programs to your Will Rajeev Barua](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812ee7550346895d948388/html5/thumbnails/1.jpg)
Bending Binary Programs to your Will
Rajeev Barua
![Page 2: Bending Binary Programs to your Will Rajeev Barua](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812ee7550346895d948388/html5/thumbnails/2.jpg)
What is a Binary Rewriter
High-level language program (C, C++, Java, SQL,……)
Binary executable program
Binary executable program
ImprovedBinary executable program
Traditionally Recently
Binary RewriterCompiler
![Page 3: Bending Binary Programs to your Will Rajeev Barua](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812ee7550346895d948388/html5/thumbnails/3.jpg)
• Allows optimizations missed by compiler– Including inter-procedural optimization
• Portable across any language– No need for repeated compiler implementation
• Applicable to legacy codes and assembly level programs
• Enhanced security of binaries
Advantages of Binary Rewriting
![Page 4: Bending Binary Programs to your Will Rajeev Barua](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812ee7550346895d948388/html5/thumbnails/4.jpg)
Flow of Compiler
llvm-gccllvm-gfortran
C, C++Fortran
Code Improvement
LLVM IR
Machine CodeGenerator
Layout Modifications
Binary Reader
Flow of Binary Rewriter
LLVM IR
LLVM IR
![Page 5: Bending Binary Programs to your Will Rajeev Barua](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812ee7550346895d948388/html5/thumbnails/5.jpg)
+
Existing Binary Rewriters
Commercial Binary Program
Rewritten Commercial Binary Program
Symbolic & Relocation Information
Existing Binary Rewriter
SecondWrite √
SecondWrite
![Page 6: Bending Binary Programs to your Will Rajeev Barua](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812ee7550346895d948388/html5/thumbnails/6.jpg)
• Improvement in Execution Speed– Automatic Parallelization– Better memory management
• Improvement of security and reliability– Protection against malicious attacks– Access control
Applications of Binary Rewriting
![Page 7: Bending Binary Programs to your Will Rajeev Barua](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812ee7550346895d948388/html5/thumbnails/7.jpg)
Security Policy Enforcement in Binaries
Security PolicyLibrary
Security PolicyLibrary
Binary Reader
Code Improvement
Layout ModificationsCode Generator
System CallDetector
Security check inserter
![Page 8: Bending Binary Programs to your Will Rajeev Barua](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812ee7550346895d948388/html5/thumbnails/8.jpg)
+
Security Policy Enforcement
Input Binary Program Security Policy
SecondWrite
Output Binary
SecurityPolicy
![Page 9: Bending Binary Programs to your Will Rajeev Barua](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812ee7550346895d948388/html5/thumbnails/9.jpg)
Enforcing a Policy on a Malicious Binary
Malicious binary thatdeletes files under the/c/important directory.
Run binary Deletes files!
(Binary runs under your permissions)
![Page 10: Bending Binary Programs to your Will Rajeev Barua](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812ee7550346895d948388/html5/thumbnails/10.jpg)
Enforcing a Policy on a Malicious Binary
Malicious binary thatdeletes files under the/c/important directory.
SecondWrite
Malicious Binary
SecurityPolicy
+ Security policy for downloaded applications:
• Cannot delete files which the application did not itself create
![Page 11: Bending Binary Programs to your Will Rajeev Barua](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812ee7550346895d948388/html5/thumbnails/11.jpg)
Enforcing a Policy on a Malicious Binary
MaliciousBinary
Run binary Kill application!
SecurityPolicy
![Page 12: Bending Binary Programs to your Will Rajeev Barua](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812ee7550346895d948388/html5/thumbnails/12.jpg)
• Prevent network send after reading sensitive files
• Impose quota on resource usage (e.g. heap memory)
Examples of Other Policies
![Page 13: Bending Binary Programs to your Will Rajeev Barua](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812ee7550346895d948388/html5/thumbnails/13.jpg)
• Customizable: Security checks customizable to application, source, user and site.
• Wide Scope: Completely enforce Confidentiality, Integrity, and Availability (CIA triad) in a binary
• Preventative: Ability to stop attacks before they succeed
• Portable: Approach is independent of operating system and programming language
Advantages of this Approach