ABSTRACT
Automated cyber defense tools require the ability to analyze binary applications, detect vulnerabilities and automatically patch those vulnerabilities. The insertion of security mechanisms that operate at function boundaries (e.g, control flow mitigation, stack guards) require automated detection of those boundaries. This paper introduces a publicly available function boundary detection tool for 32 and 64-bit Intel binaries running under Linux, that is more accurate than other reported approaches.
- M. Abadi, M. Budiu, U. Erlingsson,, and J. Ligatti. 2008. Control-flow integrity---principles, implementations, and applications. ACM Transactions on Information and System Security 13, 1 (2008), 1--40.Google ScholarDigital Library
- National Security Agency. 2017. Ghidra Reverse Engineering Tool. (2017). https://www.nsa.gov/resources/everyone/ghidra/Google Scholar
- Dennis Andriesse, Asia Slowinska, and Herbert Bos. 2017. Compiler-Agnostic Function Detection in Binaries. In 2017 IEEE European Symposium on Security and Privacy (EuroS&P). 177--189.Google Scholar
- T. Avgerinos, D. Brumley, J. Davis, R. Goulden, T. Nighswander, A. Rebert, and N. Williamson. 2018. The Mayhem Cyber Reasoning System. IEEE Security & Privacy 16, 2 (2018), 52--60.Google ScholarCross Ref
- Tiffany Bao and David Brumley. 2014. ByteWeight: Recognizing Functions in Binary Code. (2014). http://security.ece.cmu.edu/byteweight/Google Scholar
- Tiffany Bao, Jonathan Burket, Maverick Woa, Rafael Turner, and David Brumley. 2014. ByteWeight: Learning to Recognize Functions in Binary Code. In Proc. USENIX Security Symposium. 845--860.Google Scholar
- BAP 2019. BAP: Binary analysis platform. (2019). http://bap.ece.cmu.edu/Google Scholar
- Capstone 2019. Capstone: The Ultimate Disassembler. (2019). http://www.capstone-engine.org/Google Scholar
- SPEC Corp. 2017. SPEC Benchmarks. (2017). http://www.spec.orgGoogle Scholar
- Alessandro Di Federico, Mathias Payer, and Giovanni Agosta. 2017. REV.NG: A Unified Binary Analysis Framework to Recover CFGs and Function Boundaries. In 52nd Annual IEEE Carnahan Conference on Security Technology. 131--141. Google ScholarDigital Library
- IDA 2019. Hex-Rays IDA. (2019). https://www.hex-rays.com/products/ida/Google Scholar
- Nucleus 2018. Nucleus source code. (2018). https://www.vusec.net/projects/function-detectionGoogle Scholar
- N. E. Rosenblum, X. Zhu, B. P. Miller, and K. Hunt. 2008. Learning to analyze binary computer code.. In National Conference on Artificial Intelligence. 798--804.Google Scholar
- Eui Chul Richard Shin, Dawn Song, and Reza Moazzezi. 2015. Recognizing Functions in Binaries with Neural Networks. In Proc. USENIX Security Symposium. 611--626.Google Scholar
- Jia Song and Jim Alves-Foss. 2015. The DARPA Cyber Grand Challenge: A Competitor's Perspective, Part 1. IEEE Security & Privacy 13, 6 (2015), 72--76.Google ScholarDigital Library
- Jia Song and Jim Alves-Foss. 2016. The DARPA Cyber Grand Challenge: A Competitor's Perspective, Part 2. IEEE Security & Privacy 14, 1 (2016), 76--81.Google ScholarDigital Library
- M. Zhang and R. Sekar. 2013. Control flow integrity for COTS binaries. In 22nd USENIX Security Symposium. 337--352.Google Scholar
Index Terms
- Function boundary detection in stripped binaries
Recommendations
Black-box Attacks Against Neural Binary Function Detection
RAID '23: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and DefensesBinary analyses based on deep neural networks (DNNs), or neural binary analyses (NBAs), have become a hotly researched topic in recent years. DNNs have been wildly successful at pushing the performance and accuracy envelopes in the natural language and ...
Improving Accuracy of Static Integer Overflow Detection in Binary
RAID 2015: Proceedings of the 18th International Symposium on Research in Attacks, Intrusions, and Defenses - Volume 9404Integer overflow presents a major source of security threats to information systems. However, current solutions are less effective in detecting integer overflow vulnerabilities: they either produce unacceptably high false positive rates or cannot ...
BootKeeper: Validating Software Integrity Properties on Boot Firmware Images
CODASPY '19: Proceedings of the Ninth ACM Conference on Data and Application Security and PrivacyBoot firmware, like UEFI-compliant firmware, has been the target of numerous attacks, giving the attacker control over the entire system while being undetected. The measured boot mechanism of a computer platform ensures its integrity by using ...
Comments