Abstract
With the general availability of closed-source software for various CPU architectures, there is a need to identify security-critical vulnerabilities at the binary level. Unfortunately, existing bug finding methods fall short in that they i) require source code, ii) only work on a single architecture (typically x86), or iii) rely on dynamic analysis, which is difficult for embedded devices. In this paper, we propose a system to derive bug signatures for known bugs. First, we compute semantic hashes for the basic blocks of the binary. When can then use these semantics to find code parts in the binary that behave similarly to the bug signature, effectively revealing code parts that contain the bug. As a result, we can find vulnerabilities, e.g., the famous Heartbleed vulnerabilities, in buggy binary code for any of the supported architectures (currently, ARM, MIPS and x86).
About the authors
Jannik Pewny, M.Sc., studied IT-Security and Applied Informatics at the Ruhr-University Bochum, Germany (M.Sc. 2012, B.Sc. 2013). Since then, he worked for Prof. Dr. Thorsten Holz at the chair for System Security, where his dissertation topic is Retrofitting Security into Legacy Software Systems. In short, he tries to introduce the merits of modern IT-Security into old software.
Ruhr-Universität Bochum, Lehrstuhl für Systemsicherheit, Universitätsstraße 120, 44780 Bochum, Germany
Dipl. Inform. Behrad Garmany studied Informatics at the RWTH Aachen, Germany (Dipl. Inform. 2012). He also works at the same chair for System Security for Prof. Dr. Thorsten Holz, studying modern attack and defense vectors against modern software. Lately, he focussed his efforts towards bounded model checking.
Ruhr-Universität Bochum, Lehrstuhl für Systemsicherheit, Universitätsstraße 120, 44780 Bochum, Germany
Dipl. Biol. Robert Gawlik developed a taste for exploitation and bug hunting during his original career path, the study of biology. He switched his field of work and is now a colleague of the former two authors at the chair for System Security in Bochum. He still focussed mainly on modern attack vectors, where he often targets web browsers.
Ruhr-Universität Bochum, Lehrstuhl für Systemsicherheit, Universitätsstraße 120, 44780 Bochum, Germany
Dr. Christian Rossow obtained his PhD degree from the VU Amsterdam in April 2013, worked at the Institute for Internet Security if(is) in Gelsenkirchen, Germany, and was a postdoctoral researcher at the VU Amsterdam (Herbert Bos) and the Ruhr University Bochum (Thorsten Holz). Since June 2014, he leads the System Security research group at the Saarland University in Germany since June 2014.
Universität des Saarlandes, Cluster of Excellence on Multimodal Computing and Interaction,Campus E 9 1, Raum 3.07, 66123 Saarbrücken, Germany
Prof. Dr. Thorsten Holz is Professor at the faculty for electrical engineering and information technology at the Ruhr University Bochum, Germany. His research focus is on applied aspects of security IT-systems and machine-oriented IT-security. He earned his degree in informatics at the RWTH Aachen, Germany in 2005 and his PhD at the University Mannheim, Germany in 2009. Before he his call to the Ruhr-University, he worked as a Post-Doc at the institute of Computer-Aided Automation at the Technical University in Vienna. In 2011, he received the Heinz-Maier-Leibnitz Prize.
Ruhr-Universität Bochum, Lehrstuhl für Systemsicherheit, Universitätsstraße 120, 44780 Bochum, Germany
Acknowledgement
This work was supported by ERC Starting Grant No. 640110 (BASTION) and German Research Foundation (DFG) research training group UbiCrypt (GRK 1817).
©2017 Walter de Gruyter Berlin/Boston