Framework for safe reuse of software binaries
December 2004
Pages 283 - 293
Abstract
In this paper we consider reusability of software component binaries Reuse of code at the binary level is important because usually only the machine code for system components is available; vendors do not want to share their source code for proprietary reasons We develop necessary and sufficient conditions for ensuring that software binaries are reusable and relate them to the coding standards that have been developed in the industry to ensure binary code reusability These coding standards, in essence, discourage the (i) use of hard-coded pointers, and (ii) writing of non-reentrant code Checking that binary code satisfies these standards/conditions, however, is undecidable, in general We thus develop static analysis based methods for checking if a software binary satisfies these conditions This static analysis rests on the abstract interpretation framework We illustrate our approach by showing how we statically analyze the presence of hard coded pointer variables in assembly code obtained from binaries of digital signal processing applications The analyzer we have developed takes the binary to be checked for reuse as input, disassembles it, builds the flow graph, and statically analyzes the flow graph to check for the presence of code that will hinder its reuse.
References
[1]
S Abramsky and C Hankin Abstract Interpretation of Declarative Languages, Ellis Horwood, 1987.
[2]
Alfred V.Aho, Ravi Sethi and Jeffrey D.Ullman Compilers: Principles, Techniques, and Tools Addison-Wesley, 1988.
[3]
J Bergeron, M Debbabi, M.M Erhioui, B Ktari Static Analysis of Binary Code to Isolate Malicious Behaviors IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 1999 Palo Alto, California
[4]
S Blonstein (Texas Instruments) Personal Communication.
[5]
Hao Chen, Jonathan S Shapiro Exploring Static Checking for Software Assurance SRL Technical Report SRL-2003-06.
[6]
B.V Chess Improving computer security using extending static checking IEEE Symposium on Security and Privacy, 2002.
[7]
P Cousot, R Cousot Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction of Approximation of Fixpoints Fourth Annual ACM Symp on Principles of Programming Languages 1977 pp 238-252.
[8]
Mihai Christodorescu and Somesh Jha Static Analysis of Executables to Detect Malicious Patterns 12th USENIX Security Symposium, August 2003.
[9]
Saumya Debray, Robert Muth, Matthew Weippert Alias analysis of executable code POPL'98.
[10]
M Fernandez and R Espasa Speculative alias analysis for executable code International Conference on Parallel Architectures and Compilation Techniques 2002.
[11]
W Frake, C Terry Software Reuse: Metrics and Models In ACM Computing Surveys 28(2):1996.
[12]
M R Garey and D S Johnson Computers and Intractability W H Freeman and Company New York 1979.
[13]
Bill Gates The Future of Programming in a World of Web Services (keynote address) 17th Annual ACM Conference on Object-Oriented Programming, Systems, Languages and Application Seattle, Washington Friday, November 8, 2002
[14]
Nevin Heintze, Oiivier Tardieu Demand-Driven Pointer Analysis Conference on Programming Language Design and Implementation 2001
[15]
Gerard J Holzmann Static Source Code Checking for User-defined Properties Conference on Integrated Design and Process Technology, IDPT-2002.
[16]
W Landi and B G Ryder, A Safe Approximate Algorithm for Interprocedural Pointer Aliasing Proc SIGPLAN PLDI '92 pp 235-248.
[17]
Horst Licheter and Gerhard Riedinger Improving software quality by static program analysis Proc of SPI 97 software process improvement, Barcelona, 1997
[18]
R Venkitaraman and G Gupta, Static Program Analysis of Embedded Executable Assembly Code Compilers, Architecture, and Synthesis for Embedded Systems (ACM CASES), September 2004 pp 157-166.
[19]
David A Wagner Static analysis and computer security: New techniques for Software Assurance University of California at Berkley Phd Dissertation Dec 2000.
[20]
W E Weihl Interprocedural data flow analysis in the presence of pointers, procedure variables, and label variables Proc ACM POPL Jan 1980 pp 83-94.
[21]
Texas Instruments Code Composer Studio and XDAIS/TMS320 Algorithmic Standards Literature (No: SPRU509C, No: SPRU301C, No: SPRU352D, No: SPRU189F).
Recommendations
Towards specifying pragmatic software reuse
ECSAW '15: Proceedings of the 2015 European Conference on Software Architecture WorkshopsSoftware reuse has numerous benefits, including reduced development time, defect density, and increased developer productivity. Numerous approaches to software reuse have been developed and we can divide them into two categories: preplanned approaches, ...
Unanticipated reuse of large-scale software features
ICSE '06: Proceedings of the 28th international conference on Software engineeringSoftware reuse has been endorsed as a way to reduce development times and costs while increasing software quality and reliability. Techniques designed to encourage software reuse have concentrated on creating reusable software in the form of frameworks, ...
Protecting COTS Binaries from Disclosure-guided Code Reuse Attacks
ACSAC '17: Proceedings of the 33rd Annual Computer Security Applications ConferenceCode diversification, combined with execute-only memory, provides an effective defense against just-in-time code reuse attacks. However, existing techniques for combining code diversification and hardware-assisted memory protections typically require ...
Comments
Information & Contributors
Information
Published In
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 22 December 2004
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0