Visible to the public Secure Native Binary Executions--2021 Q4Conflict Detection Enabled

PI(s): Prasad Kulkarni

HARD PROBLEM(S) ADDRESSED:

Scalability and Composability, Security Metrics

PUBLIC ACCOMPLISHMENT HIGHLIGHTS:

Our overall project goal is to develop a high-performance framework for client-side security assessment and enforcement for binary software.

In this quarter we continued our work to: (a) Develop tools and techniques to evaluate the client-side security properties of binary software, and (b) Understand the challenges in implementing source-level (compiler-based) security techniques at the binary-level and develop new techniques to protect binary software from common classes of security attacks.

Dr. Jantz and his team at the University of Tennessee (sub-contract) are developing custom tools to study the effectiveness of different strategies for making binary programs more secure.

The major highlights in the last quarter were the following:

(a) We completed most experiments and started writing a paper to explain our techniques and observations regarding the detection of compiler-added security checks in binaries. As opposed to current approaches, our techniques do not look for specific/known instruction patterns in the binary code. So, the same techniques can detect any security check inserted by a rules-based tool, like a compiler.

(b) We started a new study to develop techniques that can detect the presence of secure coding practices adopted during the (source level) coding stage from just the binary code.

(c) We published and presented our paper to determine the effectiveness of performing memory safety checks with information collected from program binaries by the latest reverse engineering tools at ISPEC (16th Conference on Information Security Practice and Experience). We continue work on our next study to assess the effectiveness and efficiency of conducting control-flow integrity (CFI) on binary code as compared to performing CFI on source code.

PUBLICATIONS FROM THE QUARTER:

Vaidya R., Kulkarni P.A., Jantz M.R. (2021) Explore Capabilities and Effectiveness of Reverse Engineering Tools to Provide Memory Safety for Binary Programs. In: Deng R. et al. (eds) Information Security Practice and Experience. ISPEC 2021. Lecture Notes in Computer Science, vol 13107, pp. 11-31, Dec. 19-21 . Springer. https://doi.org/10.1007/978-3-030-93206-0_2