A platform for secure static binary instrumentation

VEE 2014 - Proceedings of the 10th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

Volumn , Issue , 2014, Pages 129-140

  Zhang, Mingwei ^a   Qiao, Rui ^a   Hasabnis, Niranjan ^a   Sekar, R ^a  

^a STONY BROOK UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

BENCHMARKING; BINARY SEQUENCES;

APPLICATION CODES; BINARY INSTRUMENTATIONS; DYNAMIC BINARY INSTRUMENTATION; MAGNITUDE REDUCTION; POLICY ENFORCEMENT; PROGRAM INSTRUMENTATIONS; RETURN-ORIENTED PROGRAMMING; SECURITY POLICY ENFORCEMENT;

INSTRUMENTS;

EID: 84897515810     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2576195.2576208     Document Type: Conference Paper

References (38)

1. Lmbench tool for performance analysis. http://lmbench.sourceforge.net/.
2. M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Controlflow integrity principles, implementations, and applications. ACM TISSEC, 2009.
3. K. Anand, M. Smithson, A. Kotha, K. Elwazeer, and R. Barua. Decompilation to compiler high IR in a binary rewriter. Technical report, University of Maryland, 2010.
4. K. Anand, M. Smithson, K. Elwazeer, A. Kotha, and J. Gruen et al. A compiler-level intermediate representation based binary analysis and rewriting system. In EuroSys, 2013.
5. T. Avgerinos, S. K. Cha, A. Rebert, E. J. Schwartz, and M. Woo et al. AEG: automatic exploit generation. In NDSS, 2011.
6. T. Bletsch, X. Jiang, and V. Freeh. Mitigating code-reuse attacks with control-flow locking. In ACSAC, 2011.
7. E. Borin, C. Wang, Y. Wu, and G. Araujo. Software-based transparent and comprehensive control-flow error detection. In CGO, 2006.
8. D. Bruening. Efficient, transparent, and comprehensive run-time code manipulation. PhD thesis, 2004.
9. D. Brumley, I. Jager, T. Avgerinos, and E. Schwartz. BAP: a binary analysis platform. In CAV, 2011.
10. B. Buck and J. Hollingsworth. An API for runtime code patching. Int. J. High Perform. Comput. Appl., 2000.
11. P. Chen, H. Xiao, X. Shen, X. Yin, and B. Mao et al. DROP: detecting return-oriented programming malicious code. In ICISS, 2009.
12. L. Davi, A.-R. Sadeghi, and M. Winandy. ROPdefender: a detection tool to defend against return-oriented programming attacks. In ASIACCS, 2011.
13. K. ElWazeer, K. Anand, A. Kotha, M. Smithson, and R. Barua. Scalable variable and data type detection in a binary rewriter. In PLDI, 2013.
14. U. Erlingsson, M. Abadi, M. Vrable, M. Budiu, and G. Necula. XFI: software guards for system address spaces. In OSDI, 2006.
15. B. Ford and R. Cox. Vx32: lightweight user-level sandboxing on the x86. In USENIX ATC, 2008.
16. J. Hiser, A. Nguyen-Tuong, M. Co, M. Hall, and J. Davidson. ILR: where'd my gadgets go? In S&P, 2012.
17. V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In USENIX Security, 2002.
18. M. Laurenzano, M. Tikir, L. Carrington, and A. Snavely. PEBIL: efficient static binary instrumentation for Linux. In IEEE International Symposium on Performance Analysis of Systems Software (ISPASS), 2010.
19. C.-K. Luk, R. Cohn, R. Muth, H. Patil, and A. Klauser et al. Pin: building customized program analysis tools with dynamic instrumentation. In PLDI, 2005.
20. S. McCamant and G. Morrisett. Evaluating SFI for a CISC architecture. USENIX Security, 2006.
21. S. Nanda, W. Li, L.-C. Lam, and T.-c. Chiueh. BIRD: binary interpretation using runtime disassembly. In CGO, 2006.
22. N. Nethercote and J. Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation. In PLDI, 2007.
23. J. Newsome. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In NDSS, 2005.
24. K. Onarlioglu, L. Bilge, A. Lanzi, D. Balzarotti, and E. Kirda. G-Free: defeating return-oriented programming through gadget-less binaries. In ACSAC, 2010.
25. V. Pappas, M. Polychronakis, and A. Keromytis. Smashing the gadgets: Hindering return-oriented programming using inplace code randomization. In S&P, 2012.
26. M. Payer and T. Gross. Fine-grained user-space security through virtualization. In VEE, 2011.
27. M. Prasad and T.-c. Chiueh. A binary rewriting defense against stack based overflow attacks. In USENIX ATC, 2003.
28. F. Qin, C. Wang, Z. Li, H.-s. Kim, and Y. Zhou et al. LIFT: a low-overhead practical information flow tracking system for detecting security attacks. In MICRO, 2006.
29. P. Saxena, R. Sekar, and V. Puranik. Efficient fine-grained binary instrumentation with applications to taint-tracking. In CGO, 2008.
30. K. Scott, N. Kumar, S. Velusamy, B. Childers, and J. Davidson et al. Retargetable and reconfigurable software dynamic translation. In CGO, 2003.
31. D. Song, D. Brumley, H. Yin, J. Caballero, and I. Jager et al. BitBlaze: a new approach to computer security via binary analysis. In ICISS, 2008.
32. R. Wahbe, S. Lucco, T. Anderson, and S. Graham. Efficient software-based fault isolation. In SOSP, 1993.
33. R. Wartell, V. Mohan, K. Hamlen, and Z. Lin. Securing untrusted code via compiler-agnostic binary rewriting. In ACSAC, 2012.
34. R.Wartell, V. Mohan, K. Hamlen, and Z. Lin. Binary stirring: self-randomizing instruction addresses of legacy x86 binary code. In CCS, 2012.
35. B. Yee, D. Sehr, G. Dardyk, J. B. Chen, and R. Muth et al. Native Client: a sandbox for portable, untrusted x86 native code. In S&P, 2009.
36. C. Zhang, T. Wei, Z. Chen, L. Duan, and S. McCamant et al. Protecting function pointers in binary. In ASIACCS, 2013.
37. C. Zhang, T. Wei, Z. Chen, L. Duan, and L. Szekeres et al. Practical control flow integrity & randomization for binary executables. In S&P, 2013.
38. M. Zhang and R. Sekar. Control flow integrity for COTS binaries. In USENIX Security, 2013.