skip to main content
10.1145/3243734.3278518acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
poster

MORPH: Enhancing System Security through Interactive Customization of Application and Communication Protocol Features

Published: 15 October 2018 Publication History

Abstract

The ongoing expansion and addition of new features in software development bring inefficiency and vulnerabilities into programs, resulting in an increased attack surface with higher possibility of exploitation. Creating customized software systems that contain just-enough features and yet satisfy specific user needs is currently an extremely slow, build-to-order process. In this paper, we propose MORPH, an Interactive Program Feature Customization framework to provide broad capabilities for automated program feature identification and feature customization. Our preliminary results show that MORPH can identify program features at an average accuracy of 92.7% and swiftly generate variations of self-contained, customized programs in an unsupervised fashion.

References

[1]
2006. SPEC CPU 2006. https://www.spec.org/cpu2006/.
[2]
2014. CVE-2014--3565. https://www.cvedetails.com/cve/CVE-2014--3565/.
[3]
J. Chen, G. Venkataramani, and H. H. Huang. 2012. RePRAM: Re-cycling PRAM faulty blocks for extended lifetime. In IEEE/IFIP International Conference on Dependable Systems and Networks.
[4]
Yurong Chen, Tian Lan, and Guru Venkataramani. 2017. DamGate: Dynamic Adaptive Multi-feature Gating in Program Binaries. In Proceedings of theWorkshop on Forming an Ecosystem Around Software Transformation.
[5]
Yufei Jiang, Dinghao Wu, and Peng Liu. 2016. Jred: Program customization and bloatware mitigation based on static analysis. In 40th Annual Computer Software and Applications Conference.
[6]
Shan Lu, Zhenmin Li, Feng Qin, Lin Tan, Pin Zhou, and Yuanyuan Zhou. 2005. Bugbench: Benchmarks for evaluating bug detection tools. In Workshop on the evaluation of software defect detection tools.
[7]
Jungju Oh, Christopher J. Hughes, Guru Venkataramani, and Milos Prvulovic. 2011. LIME: A Framework for Debugging Load Imbalance in Multi-threaded Execution. In Intl. Conference on Software Engineering.
[8]
Jianli Shen, Guru Venkataramani, and Milos Prvulovic. 2006. Tradeoffs in finegrained heap memory protection. In Proceedings of the 1st workshop on Architectural and system support for improving software dependability. ACM.
[9]
Guru Venkataramani, Ioannis Doudalis, Yan Solihin, and Milos Prvulovic. 2009. Flexitaint: A programmable accelerator for dynamic taint propagation. In IEEE 14th International Symposium on High Performance Computer Architecture.
[10]
Guru Venkataramani, Ioannis Doudalis, Yan Solihin, and Milos Prvulovic. 2009. MemTracker: An accelerator for memory debugging and monitoring. ACM Transactions on Architecture and Code Optimization (TACO) (2009).
[11]
Hongfa Xue, Yurong Chen, Fan Yao, Yongbo Li, Tian Lan, and Guru Venkataramani. 2017. SIMBER: Eliminating redundant memory bound checks via statistical inference. In IFIP International Conference on ICT Systems Security and Privacy Protection.
[12]
Hongfa Xue, Guru Venkataramani, and Tian Lan. 2018. Clone-hunter: accelerated bound checks elimination via binary code clone detection. In 2nd ACM SIGPLAN Intl. Workshop on Machine Learning and Programming Languages.
[13]
Fan Yao, Yongbo Li, Yurong Chen, Hongfa Xue, Tian Lan, and Guru Venkataramani. 2017. StatSym: vulnerable path discovery through statistics-guided symbolic execution. In International Conference on Dependable Systems and Networks.
[14]
Michal Zalewski. 2007. American Fuzzy Lop.

Cited By

View all
  • (2022)Verify-Pro: A Framework for Server Authentication using Communication Protocol DialectsMILCOM 2022 - 2022 IEEE Military Communications Conference (MILCOM)10.1109/MILCOM55135.2022.10017675(743-750)Online publication date: 28-Nov-2022
  • (2022)Verify-Pro: A Framework for Server Authentication Using Communication Protocol DialectsMILCOM 2022 - 2022 IEEE Military Communications Conference (MILCOM)10.1109/MILCOM55135.2022.10017649(450-457)Online publication date: 28-Nov-2022
  • (2020)Twin-Finder: Integrated Reasoning Engine for Pointer-Related Code Clone Detection2020 IEEE 14th International Workshop on Software Clones (IWSC)10.1109/IWSC50091.2020.9047638(1-7)Online publication date: Feb-2020
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
October 2018
2359 pages
ISBN:9781450356930
DOI:10.1145/3243734
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 October 2018

Check for updates

Author Tags

  1. binary analysis
  2. debloating
  3. machine learning
  4. program customization

Qualifiers

  • Poster

Funding Sources

  • US Office of Naval Research

Conference

CCS '18
Sponsor:

Acceptance Rates

CCS '18 Paper Acceptance Rate 134 of 809 submissions, 17%;
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)14
  • Downloads (Last 6 weeks)1
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2022)Verify-Pro: A Framework for Server Authentication using Communication Protocol DialectsMILCOM 2022 - 2022 IEEE Military Communications Conference (MILCOM)10.1109/MILCOM55135.2022.10017675(743-750)Online publication date: 28-Nov-2022
  • (2022)Verify-Pro: A Framework for Server Authentication Using Communication Protocol DialectsMILCOM 2022 - 2022 IEEE Military Communications Conference (MILCOM)10.1109/MILCOM55135.2022.10017649(450-457)Online publication date: 28-Nov-2022
  • (2020)Twin-Finder: Integrated Reasoning Engine for Pointer-Related Code Clone Detection2020 IEEE 14th International Workshop on Software Clones (IWSC)10.1109/IWSC50091.2020.9047638(1-7)Online publication date: Feb-2020
  • (2019)Machine Learning-Based Analysis of Program Binaries: A Comprehensive StudyIEEE Access10.1109/ACCESS.2019.29176687(65889-65912)Online publication date: 2019
  • (2019)CustomPro: Network Protocol Customization Through Cross-Host Feature AnalysisSecurity and Privacy in Communication Networks10.1007/978-3-030-37231-6_4(67-85)Online publication date: 11-Dec-2019
  • (2019)Hecate: Automated Customization of Program and Communication Features to Reduce Attack SurfacesSecurity and Privacy in Communication Networks10.1007/978-3-030-37231-6_17(305-319)Online publication date: 11-Dec-2019

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media