More Web Proxy on the site http://driver.im/

research-article

Public Access

BinRec: Attack Surface Reduction Through Dynamic Binary Recovery

Authors:

Stijn Volckaert,

Cristiano GiuffridaAuthors Info & Claims

FEAST '18: Proceedings of the 2018 Workshop on Forming an Ecosystem Around Software Transformation

Pages 8 - 13

https://doi.org/10.1145/3273045.3273050

Published: 15 January 2018 Publication History

Abstract

Compile-time specialization and feature pruning through static binary rewriting have been proposed repeatedly as techniques for reducing the attack surface of large programs, and for minimizing the trusted computing base. We propose a new approach to attack surface reduction: dynamic binary lifting and recompilation. We present BinRec, a binary recompilation framework that lifts binaries to a compiler-level intermediate representation (IR) to allow complex transformations on the captured code. After transformation, BinRec lowers the IR back to a "recovered" binary, which is semantically equivalent to the input binary, but does have its unnecessary features removed. Unlike existing approaches, which are mostly based on static analysis and rewriting, our framework analyzes and lifts binaries dynamically. The crucial advantage is that we can not only observe the full program including all of its dependencies, but we can also determine which program features the end-user actually uses. We evaluate the correctness and performance of BinRec, and show that our approach enables aggressive pruning of unwanted features in COTS binaries.

References

[1]

DynamoRIO. http://dynamorio.org.

[2]

Ropper. https://scoding.de/ropper/.

[3]

Kapil Anand, Matthew Smithson, Khaled Elwazeer, Aparna Kotha, Jim Gruen, Nathan Giles, and Rajeev Barua. A compiler-level intermediate representation based binary analysis and rewriting system. In Eurosys, 2013.

Digital Library

[4]

Fabrice Bellard. Qemu, a fast and portable dynamic translator. In USENIX ATC, 2005.

Digital Library

[5]

Ahmed Bougacha, Geoffroy Aubey, Pierre Collet, Thomas Coudray, Jonathan Salwan, and Amaury de la Vieuville. Dagger decompiling to ir. 2013.

[6]

Bryan Buck and Jeffrey K Hollingsworth. An api for runtime code patching. IJHPCA, 2000.

Digital Library

[7]

Cristian Cadar, Daniel Dunbar, and Dawson R Engler. Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In OSDI, 2008.

Digital Library

[8]

Cristian Cadar, Patrice Godefroid, Sarfraz Khurshid, Corina S Pua sua reanu, Koushik Sen, Nikolai Tillmann, and Willem Visser. Symbolic execution for software testing in practice: preliminary assessment. In ICSE, 2011.

Digital Library

[9]

Dominique Chanet, Bjorn De Sutter, Bruno De Bus, Ludo Van Put, and Koen De Bosschere. System-wide compaction and specialization of the linux kernel. ACM SIGPLAN Notices, 2005.

Digital Library

[10]

Vitaly Chipounov and George Candea. Reverse engineering of binary device drivers with revnic. In EuroSys, 2010.

Digital Library

[11]

Vitaly Chipounov and George Candea. Enabling sophisticated analyses of x86 binaries with revgen. In DSN-W, 2011.

Digital Library

[12]

Vitaly Chipounov, Volodymyr Kuznetsov, and George Candea. S2E: a platform for in-vivo multi-path analysis of software systems. 2012.

[13]

Cristina Cifuentes and Mike Van Emmerik. Uqbt: Adaptable binary translation at low cost. Computer, 2000.

Digital Library

[14]

Zhui Deng, Xiangyu Zhang, and Dongyan Xu. Bistro: Binary component extraction and embedding for software security applications. In Computer Security -- ESORICS 2013, 2013.

[15]

Alessandro Di Federico, Mathias Payer, and Giovanni Agosta. Rev. ng: a unified binary analysis framework to recover cfgs and function boundaries. In CC, 2017.

Digital Library

[16]

Artem Dinaburg and Andrew Ruef. Mcsema: Static translation of x86 instructions to llvm. In ReCon, 2014.

[17]

Alan Eustace and Amitabh Srivastava. Atom: A flexible interface for building high performance program analysis tools. In USENIX TCON, 1995.

Digital Library

[18]

Haifeng He, John Trimble, Somu Perianayagam, Saumya Debray, and Gregory Andrews. Code compaction of an operating system kernel. In CGO, 2007.

Digital Library

[19]

Ding-Yong Hong, Chun-Chen Hsu, Pen-Chung Yew, Jan-Jan Wu, Wei-Chung Hsu, Pangfeng Liu, Chien-Min Wang, and Yeh-Ching Chung. Hqemu: A multi-threaded and retargetable dynamic binary translator on multicores. In CGO, 2012.

Digital Library

[20]

Dohyeong Kim, William N. Sumner, Xiangyu Zhang, Dongyan Xu, and Hira Agrawal. Reuse-oriented reverse engineering of functional components from x86 binaries. In ICSE, 2014.

Digital Library

[21]

James C King. Symbolic execution and program testing. CACM, 1976.

Digital Library

[22]

Anil Kurmus, Reinhard Tartler, Daniela Dorneanu, Bernhard Heinloth, Valentin Rothberg, Andreas Ruprecht, Wolfgang Schröder-Preikschat, Daniel Lohmann, and Rüdiger Kapitza. Attack surface metrics and automated compile-time os kernel tailoring. In NDSS, 2013.

[23]

Michael A Laurenzano, Mustafa M Tikir, Laura Carrington, and Allan Snavely. Pebil: Efficient static binary instrumentation for linux. In ISPASS, 2010.

[24]

Chi-Tai Lee, Jim-Min Lin, Zeng-Wei Hong, and Wei-Tsong Lee. An application-oriented linux kernel customization for embedded systems. J. Inf. Sci. Eng., 2004.

[25]

Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In SIGPLAN, 2005.

Digital Library

[26]

Nicholas Nethercote and Julian Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation. In SIGPLAN, 2007.

Digital Library

[27]

L. Van Put, D. Chanet, B. De Bus, B. De Sutter, and K. De Bosschere. Diablo: a reliable, retargetable and extensible link-time rewriting framework. In ISSPIT, 2005.

[28]

Benjamin Schwarz, Saumya Debray, Gregory Andrews, and Matthew Legendre. Plto: A link-time optimizer for the intel ia-32 architecture. In WBT, 2001.

[29]

Bor-Yeh Shen, Jiunn-Yeu Chen, Wei-Chung Hsu, and Wuu Yang. Llbt: an llvm-based static binary translator. In CASES, 2012.

Digital Library

[30]

Bor-Yeh Shen, Wei-Chung Hsu, and Wuu Yang. A retargetable static binary translator for the arm architecture. TACO, 2014.

Digital Library

[31]

Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. SoK: (State of) The Art of War: Offensive Techniques in Binary Analysis. In S&P, 2016.

[32]

A. Srivastava, A. Edwards, and H. Vo. Vulcan: Binary transformation in a distributed environment. Technical report, Microsoft Research, 2001.

[33]

Jonas Wagner, Volodymyr Kuznetsov, George Candea, and Johannes Kinder. High system-code security with low overhead. In Security and Privacy (SP), 2015 IEEE Symposium on, pages 866--879. IEEE, 2015.

Digital Library

[34]

Shuai Wang, Pei Wang, and Dinghao Wu. Reassembleable disassembling. In USENIX SEC, 2015.

Digital Library

Cited By

Wodiany IPop ALuján MFilkov VRay BZhou M(2024)LeanBin: Harnessing Lifting and Recompilation to Debloat BinariesProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695515(1434-1446)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695515
Alhanahnah MBoshmaf YGehani ACraven RMickelson M(2024)SoK: Software Debloating Landscape and Future DirectionsProceedings of the 2024 Workshop on Forming an Ecosystem Around Software Transformation10.1145/3689937.3695792(11-18)Online publication date: 14-Oct-2024
https://dl.acm.org/doi/10.1145/3689937.3695792
Chen YWang JZhou XPang J(2024)Software Diversification Protection Methods for Binary Programs2024 9th International Conference on Intelligent Computing and Signal Processing (ICSP)10.1109/ICSP62122.2024.10743227(285-291)Online publication date: 19-Apr-2024
https://doi.org/10.1109/ICSP62122.2024.10743227
Show More Cited By

Index Terms

BinRec: Attack Surface Reduction Through Dynamic Binary Recovery
1. Security and privacy
  1. Software and application security
    1. Software reverse engineering

Recommendations

BinRec: dynamic binary lifting and recompilation
EuroSys '20: Proceedings of the Fifteenth European Conference on Computer Systems

Binary lifting and recompilation allow a wide range of install-time program transformations, such as security hardening, deobfuscation, and reoptimization. Existing binary lifting tools are based on static disassembly and thus have to rely on heuristics ...
LeanBin: Harnessing Lifting and Recompilation to Debloat Binaries
ASE '24: Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering

To reduce the source of potential exploits, binary debloating or specialization tools are used to remove unnecessary code from binaries. This paper presents a new binary debloating and specialization tool, LeanBin, that harnesses lifting and ...
Polynima: Practical Hybrid Recompilation for Multithreaded Binaries
EuroSys '24: Proceedings of the Nineteenth European Conference on Computer Systems

The maintenance of software distributed in its binary form can become challenging over time, due to the lack of vendor support or obsolete build environments. This can be costly when dealing with critical security vulnerabilities that are difficult to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

FEAST '18: Proceedings of the 2018 Workshop on Forming an Ecosystem Around Software Transformation

October 2018

39 pages

ISBN:9781450359979

DOI:10.1145/3273045

Program Chairs:
Yan Shoshitaishvili
Arizona State University
,
Mayur Naik
University of Pennsylvania

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 January 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS '18

Sponsor:

SIGSAC

CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security

October 15 - 19, 2018

Toronto, Canada

Acceptance Rates

Overall Acceptance Rate 4 of 4 submissions, 100%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
814
Total Downloads

Downloads (Last 12 months)157
Downloads (Last 6 weeks)19

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wodiany IPop ALuján MFilkov VRay BZhou M(2024)LeanBin: Harnessing Lifting and Recompilation to Debloat BinariesProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695515(1434-1446)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695515
Alhanahnah MBoshmaf YGehani ACraven RMickelson M(2024)SoK: Software Debloating Landscape and Future DirectionsProceedings of the 2024 Workshop on Forming an Ecosystem Around Software Transformation10.1145/3689937.3695792(11-18)Online publication date: 14-Oct-2024
https://dl.acm.org/doi/10.1145/3689937.3695792
Chen YWang JZhou XPang J(2024)Software Diversification Protection Methods for Binary Programs2024 9th International Conference on Intelligent Computing and Signal Processing (ICSP)10.1109/ICSP62122.2024.10743227(285-291)Online publication date: 19-Apr-2024
https://doi.org/10.1109/ICSP62122.2024.10743227
Trivedi ABrunella MBaumann ACrooks NSchwarzkopf M(2023)CPU-free Computing: A Vision with a BlueprintProceedings of the 19th Workshop on Hot Topics in Operating Systems10.1145/3593856.3595906(1-14)Online publication date: 22-Jun-2023
https://dl.acm.org/doi/10.1145/3593856.3595906
Ahmad AAnwar MSharif HGehani AZaffar F(2022)Trimmer: Context-Specific Code ReductionProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering10.1145/3551349.3559529(1-5)Online publication date: 10-Oct-2022
https://dl.acm.org/doi/10.1145/3551349.3559529
Ahmad ANoor ASharif HHameed UAsif SAnwar MGehani AZaffar FSiddiqui J(2022)Trimmer: An Automated System for Configuration-Based Software DebloatingIEEE Transactions on Software Engineering10.1109/TSE.2021.309571648:9(3485-3505)Online publication date: 1-Sep-2022
https://doi.org/10.1109/TSE.2021.3095716
Schultz NDuby A(2022)Towards A Framework for Preprocessing Analysis of Adversarial Windows Malware2022 10th International Symposium on Digital Forensics and Security (ISDFS)10.1109/ISDFS55398.2022.9800812(1-6)Online publication date: 6-Jun-2022
https://doi.org/10.1109/ISDFS55398.2022.9800812
Alhanahnah MJain RRastogi VJha SReps T(2022)Lightweight, Multi-Stage, Compiler-Assisted Application Specialization2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP53844.2022.00024(251-269)Online publication date: Jun-2022
https://doi.org/10.1109/EuroSP53844.2022.00024
Altinay ANash JKroes TRajasekaran PZhou DDabrowski AGens DNa YVolckaert SGiuffrida CBos HFranz MBilas AMagoutis KMarkatos EKostic DSeltzer M(2020)BinRecProceedings of the Fifteenth European Conference on Computer Systems10.1145/3342195.3387550(1-16)Online publication date: 15-Apr-2020
https://dl.acm.org/doi/10.1145/3342195.3387550
Mishra SPolychronakis M(2020)Saffire: Context-sensitive Function Specialization against Code Reuse Attacks2020 IEEE European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP48549.2020.00010(17-33)Online publication date: Sep-2020
https://doi.org/10.1109/EuroSP48549.2020.00010
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents