Eliminating Vulnerabilities by Disabling Unwanted Functionality in Binary Programs

Mohamad Mansouri, Jun Xu, Georgios Portokalidis

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Scopus citations

Abstract

Driven by application diversification and market needs, software systems are integrating new features rapidly. However, this "feature creep"can compromise software security, as more code carries the risk of more vulnerabilities. This paper presents a system for disabling features activated by common input types, using a component called F-detector to detect feature-associated program control flow branches. The system includes a second component called F-blocker to disable features without disrupting application continuity. It does so by treating unwanted features as unexpected errors and leveraging error virtualization to recover execution, by redirecting it to appropriate existing error handling code. We implemented and evaluated the system on the Linux platform using 145 features from 9 programs, and results show that it can detect and disable all features with few errors, hence, outperforming previous works in terms of vulnerability mitigation through debloating.

Original languageEnglish
Title of host publicationASIA CCS 2023 - Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security
Pages259-273
Number of pages15
ISBN (Electronic)9798400700989
DOIs
StatePublished - 10 Jul 2023
Event18th ACM ASIA Conference on Computer and Communications Security, ASIA CCS 2023 - Melbourne, Australia
Duration: 10 Jul 202314 Jul 2023

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference18th ACM ASIA Conference on Computer and Communications Security, ASIA CCS 2023
Country/TerritoryAustralia
CityMelbourne
Period10/07/2314/07/23

Keywords

  • Feature removal
  • binary analysis
  • tracing
  • vulnerability removal

Fingerprint

Dive into the research topics of 'Eliminating Vulnerabilities by Disabling Unwanted Functionality in Binary Programs'. Together they form a unique fingerprint.

Cite this