CAREER: Binary-Level Security via ABI-Centric Semantic Inference

职业：通过以 ABI 为中心的语义推理实现二进制级安全

• 批准号: 2047205
• 负责人: Aravind Prakash
• 金额: $ 49.99万
• 依托单位: SUNY at Binghamton
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-10-01 至 2026-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2047205&HistoricalAwards=false
• 关键词: CAREER; Binary; Level; Security; via

Understanding the inner workings of software is essential to protect desktop and mobile computers. Lack of source code for most commercial software makes it necessary to analyze and defend software binaries. However, unlike source code, binaries are devoid of rich semantic information that is crucial for security. Traditional binary analysis and reverse engineering approaches are limited by factors such as obfuscation, choice of compiler and compilation flags, availability of debug information, and underlying instruction set architecture. This project bridges the semantic gap in binary analysis by leveraging the interface between a binary and its environment. Such interactions are mandated by the Application Binary Interface (ABI) specification. The project is based on the insight that ABI adherence confers certain properties to a binary that form a strong basis for reverse engineering. Because ABI adherence is necessary for interoperability, relying on ABI cues for reverse engineering offers an unprecedented level of robustness that is impervious to obfuscation and compilation environment (e.g., optimization). This project utilizes two independent yet complementary mechanisms that leverage language ABIs to vastly improve the state of the art in binary analysis and code-reuse attack detection. It employs a combination of static and dynamic binary analysis approaches in order to derive high-level design information (e.g., object-oriented language class diagrams) from binaries. Such information is central to solving problems in decompilation, software specialization, software similarity detection, etc. While the project evaluates binaries that adhere to Itanium and Microsoft’s MSVC ABIs, the discovered techniques will be applicable to more modern languages such as Rust. Additionally, this project leverages System V ABI, the most popular C language ABI to derive integrity policies for binaries that run on UN*X (unix like) operating systems, and addresses modern code-reuse attacks that operate within the confines of a statically recovered control-flow graph.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

了解软件的内部工作原理对于保护台式机和移动的计算机至关重要。由于大多数商业软件缺乏源代码，因此有必要分析和保护软件二进制文件。然而，与源代码不同，二进制文件缺乏对安全性至关重要的丰富语义信息。传统的二进制分析和逆向工程方法受到诸如混淆、编译器和编译标志的选择、调试信息的可用性以及底层指令集架构等因素的限制。这个项目通过利用二进制文件和它的环境之间的接口来弥合二进制分析中的语义鸿沟。这种交互是由应用程序二进制接口（ABI）规范规定的。该项目是基于这样的见解，即ABI的遵守赋予了某些属性的二进制文件，形成了一个强大的基础，逆向工程。因为遵循ABI对于互操作性是必要的，所以依赖于ABI线索进行逆向工程提供了前所未有的鲁棒性水平，其不受混淆和编译环境（例如，优化）。该项目利用两个独立但互补的机制，利用语言ABI来极大地改进二进制分析和代码重用攻击检测的最新技术水平。它采用静态和动态二进制分析方法的组合，以获得高级设计信息（例如，面向对象的语言类图）。这些信息是解决反编译、软件专业化、软件相似性检测等问题的核心。虽然该项目评估了遵循Itanium和微软MSVC ABI的二进制文件，但发现的技术将适用于更现代的语言，如Rust。此外，该项目利用System V ABI（最流行的C语言ABI）为UN*X上运行的二进制文件导出完整性策略（类Unix）操作系统，并解决了在静态恢复控件范围内操作的现代代码重用攻击，该奖项反映了NSF的法定使命，并通过使用基金会的智力价值和更广泛的评估被认为是值得支持的。影响审查标准。

项目成果

Control Flow and Pointer Integrity Enforcement in a Secure Tagged Architecture

• DOI: 10.1109/sp46215.2023.10179416
• 发表时间: 2023-05
• 期刊: 2023 IEEE Symposium on Security and Privacy (SP)
• 作者: Ravi Theja Gollapudi;Gokturk Yuksek;David Demicco;Matthew Cole;Gaurav Kothari;Rohit Kulkarni;Xin Z

Program Obfuscation via ABI Debiasing

• DOI: 10.1145/3485832.3488017
• 发表时间: 2021-12
• 期刊: Proceedings of the 37th Annual Computer Security Applications Conference
• 作者: David Demicco;R. Erinfolami;Aravind Prakash

A Security Analysis of Labeling-Based Control-Flow Integrity Schemes

• DOI: 10.1109/hipcw57629.2022.00011
• 发表时间: 2022-12
• 期刊: 2022 IEEE 29th International Conference on High Performance Computing, Data and Analytics Workshop (HiPCW)
• 作者: David Demicco;Matthew Cole;Shengdun Wang;Aravind Prakash

Simplex: Repurposing Intel Memory Protection Extensions for Secure Storage

Simplex：重新利用英特尔内存保护扩展来实现安全存储

• 发表时间: 2023
• 期刊: NordSec 2022: Secure IT Systems
• 作者: Cole, Matthew;Prakash, Aravind
• 通讯作者: Prakash, Aravind