research-article

Public Access

On the Impact of Exception Handling Compatibility on Binary Instrumentation

Authors:

Soumyakant Priyadarshan,

R. SekarAuthors Info & Claims

FEAST'20: Proceedings of the 2020 ACM Workshop on Forming an Ecosystem Around Software Transformation

Pages 23 - 28

https://doi.org/10.1145/3411502.3418428

Published: 09 November 2020 Publication History

Abstract

To support C++ exception handling, compilers generate metadata that is a rich source of information about the code layout. On Linux, this metadata is also used to support stack tracing, thread cleanup and other functions. For this reason, Linux binaries contain code-layout-revealing metadata for C-code as well. Even hand-written assembly in low-level system libraries is covered by such metadata. We investigate the implications of this metadata in this paper, and show that it can be used to (a) improve accuracy of disassembly, (b) achieve significantly better accuracy at function boundary identification as compared to previous research, and (c) as a rich source of information for defeating fine-grained code randomization.

References

[1]

Martin Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti. Cfi: Principles, implementations, and applications. In ACM CCS, 2005.

[2]

Dennis Andriesse, Asia Slowinska, and Herbert Bos. Compiler-agnostic function detection in binaries. In IEEE European Symposium on Security and Privacy, 2017.

[3]

T. Bao, J. Burket, M. Woo, R. Turner, and D. Brumley. BYTEWEIGHT: Learning to recognize functions in binary code. In USENIX Security, 2014.

Digital Library

[4]

Erick Bauman, Zhiqiang Lin, and Kevin W Hamlen. Superset disassembly: Statically rewriting x86 binaries without heuristics. In NDSS, 2018.

[5]

Sandeep Bhatkar, R. Sekar, and Daniel C. DuVarney. Efficient techniques for comprehensive protection from memory error exploits. In USENIX Security Symposium, 2005.

Digital Library

[6]

Derek Bruening, Timothy Garnett, and Saman Amarasinghe. An infrastructure for adaptive dynamic optimization. In Code Generation and Optimization, 2003.

Digital Library

[7]

D. Brumley, I. Jager, T. Avgerinos, and E. Schwartz. Bap: a binary analysis platform. In Computer Aided Verification, 2011.

Digital Library

[8]

Stephen Crane, Christopher Liebchen, Andrei Homescu, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, Stefan Brunthaler, and Michael Franz. Readactor: Practical code randomization resilient to memory disclosure. In IEEE Security and Privacy, 2015.

Digital Library

[9]

Lucas Davi, Ahmad-Reza Sadeghi, and Marcel Winandy. ROPdefender: a detection tool to defend against return-oriented programming attacks. In ASIACCS, 2011.

Digital Library

[10]

Lucas Vincenzo Davi, Alexandra Dmitrienko, Stefan Nürnberger, and Ahmad-Reza Sadeghi. Gadge me if you can: secure and efficient ad-hoc instruction-level randomization for x86 and arm. In ACM CCS, 2013.

Digital Library

[11]

Sushant Dinesh, Nathan Burow, Dongyan Xu, and Mathias Payer. Retrowrite: Statically instrumenting cots binaries for fuzzing and sanitization. In IEEE Symposium on Security and Privacy, 2020.

[12]

Halvar Flake. Structural comparison of executable objects. DIMVA, 2004.

[13]

Laune C Harris and Barton P Miller. Practical analysis of stripped binary code. ACM SIGARCH, 2005.

Digital Library

[14]

Jason Hiser, Anh Nguyen-Tuong, Michele Co, Matthew Hall, and Jack W Davidson. Ilr: Where'd my gadgets go? In IEEE Security and Privacy, 2012.

Digital Library

[15]

Jason Hiser, Anh Nguyen-Tuong, William Hawkins, Matthew McGill, Michele Co, and Jack Davidson. Zipr exceptional binary rewriting. In Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, 2017.

Digital Library

[16]

Hex rays. https://www.hex-rays.com/index.shtml.

[17]

Chongkyung Kil, Jinsuk Jun, Christopher Bookholt, Jun Xu, and Peng Ning. Address space layout permutation (aslp): Towards fine-grained randomization of commodity software. In Annual Computer Security Applications Conference, 2006.

Digital Library

[18]

Vladimir Kiriansky, Derek Bruening, and Saman P. Amarasinghe. Secure execution via program shepherding. In USENIX Security Symposium, 2002.

Digital Library

[19]

Hyungjoon Koo, Yaohui Chen, Long Lu, Vasileios P Kemerlis, and Michalis Polychronakis. Compiler-assisted code randomization. In Security and Privacy, 2018.

[20]

James R. Larus and Eric Schnarr. EEL: machine-independent executable editing. In Programming language design and implementation, 1995.

Digital Library

[21]

Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In Programming language design and implementation, 2005.

Digital Library

[22]

Stephen McCamant and Greg Morrisett. Evaluating sfi for a cisc architecture. In USENIX Security Symposium, 2006.

Digital Library

[23]

Kenneth Miller, Yonghwi Kwon, Yi Sun, Zhuo Zhang, Xiangyu Zhang, and Zhiqiang Lin. Probabilistic disassembly. In IEEE/ACM 41st International Conference on Software Engineering (ICSE), 2019.

Digital Library

[24]

James Oakley and Sergey Bratus. Exploiting the hard-working dwarf: Trojan and exploit techniques with no native executable code. In WOOT, 2011.

Digital Library

[25]

Vasilis Pappas, Michalis Polychronakis, and Angelos D Keromytis. Smashing the gadgets: Hindering return-oriented programming using in-place code randomization. In Security and Privacy, 2012.

Digital Library

[26]

Mathias Payer, Tobias Hartmann, and Thomas R. Gross. Safe loading - a foundation for secure execution of untrusted programs. In S&P, 2012.

Digital Library

[27]

Marios Pomonis, Theofilos Petsios, Angelos D Keromytis, Michalis Polychronakis, and Vasileios P Kemerlis. kr^ x: Comprehensive kernel protection against just-in-time code reuse. In EuroSys, 2017.

Digital Library

[28]

Soumyakant Priyadarshan. A study of binary instrumentation techniques. Research Proficiency Report, Secure Systems Lab, Stony Brook University, http://seclab.cs.sunysb.edu/seclab/pubs/soumyakant_rpe.pdf. Accessed: 2020-08-30.

[29]

Soumyakant Priyadarshan, Huan Nguyen, and R. Sekar. Practical fine-grained binary code randomization. In Annual Computer Security Applications Conference (ACSAC), 2020.

Digital Library

[30]

Rui Qiao and R Sekar. A principled approach for function recognition in COTS binaries. In Dependable Systems and Networks (DSN), 2017.

[31]

Rui Qiao, Mingwei Zhang, and R Sekar. A principled approach for rop defense. In Annual Computer Security Applications Conference, 2015.

Digital Library

[32]

Eui Chul Richard Shin, Dawn Song, and Reza Moazzezi. Recognizing functions in binaries with neural networks. In USENIX Security Symposium, 2015.

Digital Library

[33]

Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, et al. Sok:(state of) the art of war: Offensive techniques in binary analysis. In Security and Privacy (SP), 2016.

[34]

Matthew Smithson, Khaled ElWazeer, Kapil Anand, Aparna Kotha, and Rajeev Barua. Static binary rewriting without supplemental information: Overcoming the tradeoff between coverage and correctness. In Working Conference on Reverse Engineering (WCRE), 2013.

[35]

Dawn Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Gyung Kang, Zhenkai Liang, James Newsome, Pongsin Poosankam, and Prateek Saxena. Bitblaze: A new approach to computer security via binary analysis. In International Conference on Information Systems Security, 2008.

Digital Library

[36]

Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. Efficient software-based fault isolation. In SOSP, 1993.

Digital Library

[37]

Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, and Giovanni Vigna. Ramblr: Making reassembly great again. In Network and Distributed System Security Symposium, 2017.

[38]

Richard Wartell, Vishwath Mohan, Kevin W Hamlen, and Zhiqiang Lin. Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code. In ACM CCS, 2012.

Digital Library

[39]

Richard Wartell, Vishwath Mohan, Kevin W. Hamlen, and Zhiqiang Lin. Securing untrusted code via compiler-agnostic binary rewriting. In ACSAC, 2012.

Digital Library

[40]

David Williams-King, Graham Gobieski, Kent Williams-King, James P Blake, Xinhao Yuan, Patrick Colp, Michelle Zheng, Vasileios P Kemerlis, Junfeng Yang, and William Aiello. Shuffler: Fast and deployable continuous code re-randomization. In OSDI, 2016.

Digital Library

[41]

David Williams-King, Hidenori Kobayashi, Kent Williams-King, Graham Patterson, Frank Spano, Yu Jian Wu, Junfeng Yang, and Vasileios P Kemerlis. Egalito: Layout-agnostic binary recompilation. In ASPLOS, 2020.

Digital Library

[42]

Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar. Native Client: A sandbox for portable, untrusted x86 native code. In IEEE Symposium on Security and Privacy, 2009.

Digital Library

[43]

Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song, and Wei Zou. Practical control flow integrity and randomization for binary executables. In IEEE Security and Privacy, 2013.

Digital Library

[44]

Mingwei Zhang, Michalis Polychronakis, and R Sekar. Protecting cots binaries from disclosure-guided code reuse attacks. In Annual Computer Security Applications Conference, 2017.

Digital Library

[45]

Mingwei Zhang, Rui Qiao, Niranjan Hasabnis, and R Sekar. A platform for secure static binary instrumentation. ACM VEE, 2014.

Digital Library

[46]

Mingwei Zhang and R Sekar. Control flow integrity for cots binaries. In USENIX Security, 2013.

Digital Library

[47]

Mingwei Zhang and R Sekar. Control flow and code integrity for cots binaries: An effective defense against real-world rop attacks. In ACSAC, 2015.

Digital Library

Cited By

Priyadarshan SNguyen HChouhan RSekar RCalandrino JTroncoso C(2023)SAFERProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620319(1451-1468)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620319
Pang CZhang TXu XWang LMao BJust RFraser G(2023)OCFI: Make Function Entry Identification Hard AgainProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598097(804-815)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598097
Kim HLee JKim SJung SCha S(2022)How’d Security Benefit Reverse Engineers? : The Implication of Intel CET on Function Identification2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN53405.2022.00061(559-566)Online publication date: Jun-2022
https://doi.org/10.1109/DSN53405.2022.00061

Index Terms

On the Impact of Exception Handling Compatibility on Binary Instrumentation
1. Security and privacy
  1. Software and application security
    1. Software reverse engineering
    2. Software security engineering
2. Software and its engineering
  1. Software creation and management
    1. Software post-development issues
      1. Software reverse engineering
  2. Software organization and properties
    1. Extra-functional properties
      1. Software safety
    2. Software functional properties
      1. Correctness
        Completeness
        Functionality
      2. Formal methods
        Automated static analysis

Recommendations

Efficient Java exception handling in just-in-time compilation
Research Articles

Java uses exceptions to provide elegant error handling capabilities during program execution. However, the presence of exception handlers complicates the job of the just-in-time (JIT) compiler, while exceptions are rarely used in most programs. This ...
Anywhere, any-time binary instrumentation
PASTE '11: Proceedings of the 10th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools

The Dyninst binary instrumentation and analysis framework distinguishes itself from other binary instrumentation tools through its abstract, machine independent interface; its emphasis on anywhere, any-time binary instrumentation; and its low overhead ...
Code recommendation for exception handling
ESEC/FSE 2020: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering

Exception handling is an effective mechanism to avoid unexpected runtime errors. However, novice programmers might fail to handle exceptions properly, causing serious errors like system crashing or resource leaking. In this paper, we introduce ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

FEAST'20: Proceedings of the 2020 ACM Workshop on Forming an Ecosystem Around Software Transformation

November 2020

46 pages

ISBN:9781450380898

DOI:10.1145/3411502

Program Chairs:
Kevin W. Hamlen
The University of Texas at Dallas, USA
,
Long Lu
Northeastern University, USA

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 November 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS '20

Sponsor:

SIGSAC

CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security

November 13, 2020

Virtual Event, USA

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
216
Total Downloads

Downloads (Last 12 months)86
Downloads (Last 6 weeks)24

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Priyadarshan SNguyen HChouhan RSekar RCalandrino JTroncoso C(2023)SAFERProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620319(1451-1468)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620319
Pang CZhang TXu XWang LMao BJust RFraser G(2023)OCFI: Make Function Entry Identification Hard AgainProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598097(804-815)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598097
Kim HLee JKim SJung SCha S(2022)How’d Security Benefit Reverse Engineers? : The Implication of Intel CET on Function Identification2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN53405.2022.00061(559-566)Online publication date: Jun-2022
https://doi.org/10.1109/DSN53405.2022.00061

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents