Janitizer: Rethinking Binary Tools for Practical and Comprehensive Security
Comprehensive application security can only be ensured if all code that it is going to execute is protected: any unprotected code, either from libraries or the application, becomes a potential attack surface. Compilers contain extensive suites of tools to aid in this, but require source availability that is often infeasible. Existing static and dynamic binary rewriting techniques that retrofit for security either lack in code coverage or soundness, or incur very high performance overhead.
We present a case for adopting hybrid static-dynamic mechanisms to ensure comprehensive security for binaries, providing sound and practical solutions. We highlight the limitations of existing hybrid tools in their use for security purposes, and provide insights to re-architect them to achieve comprehensive security. To demonstrate this in practice, we provide a framework implementation, Janitizer, that enables sound and comprehensive code coverage for entire applications. We present hybrid binary implementations for two important classes of security schemes; a memory sanitizer and a control flow integrity scheme. These implementations provide comprehensive code coverage equivalent to that of high-overhead dynamic techniques, while maintaining performance levels of low-coverage static techniques.
Tue 4 MarDisplayed time zone: Pacific Time (US & Canada) change
15:20 - 17:00 | Security, Fault Tolerance & CryptographyMain Conference at Casuarina Ballroom (Level 2) Chair(s): Fernando Magno Quintão Pereira Federal University of Minas Gerais | ||
15:20 20mTalk | Qiwu: Exploiting Ciphertext-Level SIMD Parallelism in Homomorphic Encryption Programs Main Conference Zhang zhongcheng Institute of Computing Technology at Chinese Academy of Sciences; University of Chinese Academy of Sciences; Zhongguancun Laboratory, Ying Liu Institute of Computing Technology, Chinese Academy of Sciences, Yuyang Zhang Institute of Computing Technology at Chinese Academy of Sciences; University of Chinese Academy of Sciences;, Zhenchuan Chen Institute of Computing Technology, Chinese Academy of Sciences, Jiacheng Zhao Institute of Computing Technology at Chinese Academy of Sciences; University of Chinese Academy of Sciences; Zhongguancun Laboratory, Xiaobing Feng ICT CAS, Huimin Cui Institute of Computing Technology, Chinese Academy of Sciences, Jingling Xue UNSW Sydney | ||
15:40 20mTalk | Cage: Hardware-Accelerated Safe WebAssembly Main Conference Martin Fink Technical University of Munich, Dimitrios Stavrakakis TU Munich and University of Edinburgh, Dennis Sprokholt TU Delft, Soham Chakraborty TU Delft, Jan-Erik Ekberg Huawei Technologies LLC, Pramod Bhatotia TU Munich, Germany | ||
16:00 20mTalk | Teapot: Efficiently Uncovering Spectre Gadgets in COTS Binaries Main Conference Fangzheng Lin Institute of Science Tokyo, Zhongfa Wang Institute of Science Tokyo, Hiroshi Sasaki Institute of Science Tokyo | ||
16:20 20mTalk | Janitizer: Rethinking Binary Tools for Practical and Comprehensive Security Main Conference Mahwish Arif University of Cambridge, Sam Ainsworth University of Edinburgh, Timothy M. Jones University of Cambridge Pre-print | ||
16:40 20mTalk | Parallaft: Runtime-based CPU Fault Tolerance via Heterogeneous Parallelism Main Conference Boyue Zhang University of Cambridge, Sam Ainsworth University of Edinburgh, Lev Mukhanov Queen Mary University London, Timothy M. Jones University of Cambridge Pre-print | ||