Adapting Static and Dynamic Program Analysis to Effectively Harden Debloated Software

  • Portokalidis, Georgios (PI)

Project: Research project

Project Details

Description

Software security research has made significant strides in recent years with improvements both in hardening software against attacks and improving reliability. However, a lot of the research has not made its way into production systems, with severe repercussions such as the Office of Personnel Management data breach. One of the reasons is that state-of-the-art solutions cannot be easily applied on the large and complex software found on production systems. For example, control-flow graph generation and pointer analysis, two techniques broadly used in software security do not scale well. Debloated software, that is, trimmed software that has had its unnecessary layers, such as unused code and data, removed, presents an opportunity. Not only does it expose a smaller attack surface, but the complexity that impedes the adoption of various defensive techniques is also lower. This project aims to harden debloated software be leveraging static and dynamic analysis. It will focus on defenses in three different axes. First, fine-grained randomization techniques that dynamically alter the image of an application in memory even while it is running, creating a moving target for the attacker. Second, control-flow restricting techniques that ensure the application remains on allowable execution paths, severely limiting the attacker's capability to launch code-reuse attacks. Third, techniques for preventing race conditions to harden multithreaded applications. The static components of the developed techniques will be built using the LLVM compiler framework and will operate on LLVM's intermediate representation (IR). There are multiple benefits on operating on the IR. First, the techniques will be applicable to both source code compiled with LLVM, as well as binaries raised to IR through reverse engineering, taking advantage of recent developments on the area. Second, multiple languages map to the same IR enabling the application of the techniques in a language agnostic way. Dynamic analysis components (e.g., re-randomize a binary at run time) will be incorporated in binaries during compilation an at load time. Even though the techniques will operate on LLVM IR, they will not rely on the existence of source code, while they will support incremental deployment.

StatusActive
Effective start/end date1/03/16 → …

Fingerprint

Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.