Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Rewriting executable files to measure program behavior
Software—Practice & Experience
EEL: machine-independent executable editing
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
Static detection of dynamic memory errors
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
From system F to typed assembly language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
Alto: a link-time optimizer for the Compaq alpha
Software—Practice & Experience
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
UNIX System V: Understanding Elf Object Files and DeBugging Tools
UNIX System V: Understanding Elf Object Files and DeBugging Tools
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
Debugging via Run-Time Type Checking
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
Building Diverse Computer Systems
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
RAD: A Compile-Time Solution to Buffer Overflow Attacks
ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Disassembly of Executable Code Revisited
WCRE '02 Proceedings of the Ninth Working Conference on Reverse Engineering (WCRE'02)
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
An API for Runtime Code Patching
International Journal of High Performance Computing Applications
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Intrusion detection using sequences of system calls
Journal of Computer Security
Install-Time Vaccination of Windows Executables to Defend against Stack Smashing Attacks
IEEE Transactions on Dependable and Secure Computing
Protecting against unexpected system calls
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Evaluating SFI for a CISC architecture
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Utilizing Binary Rewriting for Improving End-Host Security
IEEE Transactions on Parallel and Distributed Systems
| Hi-index | 0.00 |
The ability to analyze and modify binaries is often very useful from a security viewpoint. Security operations one would like to perform on binaries include the ability to extract models of program behavior and insert inline reference monitors. Unfortunately, the existing manner in which binary code is packaged prevents even the simplest of analyses, such as distinguishing code from data, from succeeding 100 percent of the time. In this paper, we propose SELF, a security-enhanced ELF (Executable and Linking Format), which is simply ELF with an extra section added. The extra section contains information about (among other things) the address, size, and alignment requirements of each code and static data item in the program. This information is somewhat similar to traditional debugging information, but contains additional information specifically needed for binary analysis that debugging information lacks. It is also smaller, compatible with optimization, and less likely to facilitate reverse engineering, which we believe makes it practical for use with commercial software products. SELF approach has three key benefits. First, the information for the extra section is easy for compilers to provide, so little work is required on behalf of compiler vendors. Second, the extra section is ignored by default, so SELF binaries will run perfectly on all systems, including ones not interested in leveraging the extra information. Third, the extra section provides sufficient information to perform many security-related operations on the binary code. We believe SELF to be a practical approach, allowing many security analyses to be performed while not requiring major changes to the existing compiler infrastructure. An application example of the utility of SELF to perform address obfuscation (in which the addresses of all code and data items are randomized to defeat memory-error exploits) is presented.