CS Talk - Aravind Prakash, Syracuse University
Binary Program Integrity Models for Defeating Code-Reuse Attacks
Abstract: During a proverbial ‘hack’, an attacker often exploits a vulnerability in a program, hijacks control-flow, and executes malicous code. Data Execution Prevention (DEP), a hardware-enforced security feature, prevents an attacker from directly executing the injected malicious code. Therefore, attackers have resorted to code-reuse attacks, wherein carefully chosen fragments of code within existing code sections of a program are sequentially executed to accomplish malicious logic. Code-reuse attacks are ubiquitous and account for majority of the attacks in the wild. On one hand, due to the wide use of closed-source software, binary-level solutions are essential. On the other hand, without access to source-code and debug-information, defending raw binaries is hard.
A majority of defenses against code-reuse attacks enforce “control-flow integrity”, a program property that requires the runtime execution of a program to adhere to a statically determined control-flow graph (CFG) — a graph that captures the intended flow of control within a program. State-of-the-art binary-level defenses lack in two areas. (1) Precision: Without source-code, binary-level defenses recover a conservative and approximate CFG that accommodates several illegitimate edges along with all the legitimate edges. By launching practical attacks that leverage the illegitimate edges within the approximate CFG, attackers have highlighted the need for more precise CFG. (2) Incremental deploy-ability: A complete CFG includes inter-module control flows, which are unknown until the load time. Therefore, such defenses can either protect all the modules used by a program, or none of them. Partial protection leads to unaffordable false alarms. Runtime optimizations to merge inter-module CFGs have been shown to impose prohibitive performance overhead.
In this talk, I will first provide an overview of state-of-the-art in code-reuse attacks and binary-level defenses. Then, I will present two of my works that address precision and deploy-ability of defenses: The first work improves precision of CFI in C++ binaries, and the second work introduces Stack-Pointer Integrity (SPI), a program property that defends against code-reuse attacks by enforcing integrity of stack pointer.
Bio: Aravind Prakash is a PhD candidate in Dept of Electrical Engineering and Computer Science at Syracuse University. His speciality is system security with emphasis on binary analysis. He holds a Master of Science degree from University of Miami, FL, and a Bachelor of Engineering from VTU, India.