© recon.cx 2005-2014
  • home
  • conference
  • training
  • schedule
  • cfp
  • sponsors
  • travel
  • archives
  • contact

Recon 2014 Schedule

  • Schedule
  • Speakers
  • Events
  • iCalendar
  • -
  • xCal
  • -
  • XML
  • -
  • JSON


Rewriting x86 Binaries

Many PEs, Such Secure, Wow.

Event_large

Binary code from untrusted sources remains one of the primary vehicles for software propagation and malicious software attacks. All previous work to mitigate such attacks requires code-producer cooperation, has significant deployment issues, or incurs a high performance penalty. The problem of accurate static x86 disassembly without metadata is provably undecidable, and is regarded by many as uncircumventable.

I will demonstrate a framework for x86 binary rewriting that requires no cooperation from code-producers in the form of source code or debugging symbols, requires no client-side support infrastructure (e.g., a virtual machine or hypervisor), and preserves the behavior of even complex, event-driven, x86 native COTS binaries generated by aggressively optimizing compilers. This makes it exceptionally easy to deploy. The framework is instantiated as two software security systems: Stir, a runtime basic block randomization rewriter for Return-oriented programming (ROP) attack mitigation, and Reins, a machine verifiable Software Fault Isolation (SFI) and security policy specification rewriter. Both systems exhibit extremely low performance overheads in experiments on real-world COTS software 1.6% and 2.4% respectively. The foundation of the system includes three novel approaches to static x86 disassembly, along with a method of statically proving transparency for rewriting systems.

Info

Day: 2014-06-29
Start time: 13:00
Duration: 01:00
Room: Grand Salon Opera
Track: Main

Links:

  • iCalendar
  • Publication 1
  • Publication 2

Speakers

Person_small
Wartortell