Bending Binary Programs to your Will

Rajeev Barua

What is a Binary Rewriter

High-level language program (C, C++, Java, SQL,……)

Binary executable program

Binary executable program

ImprovedBinary executable program

Traditionally Recently

Binary RewriterCompiler

• Allows optimizations missed by compiler– Including inter-procedural optimization

• Portable across any language– No need for repeated compiler implementation

• Applicable to legacy codes and assembly level programs

• Enhanced security of binaries

Advantages of Binary Rewriting

Flow of Compiler

llvm-gccllvm-gfortran

C, C++Fortran

Code Improvement

LLVM IR

Machine CodeGenerator

Layout Modifications

Binary Reader

Flow of Binary Rewriter

LLVM IR

LLVM IR

+

Existing Binary Rewriters

Commercial Binary Program

Rewritten Commercial Binary Program

Symbolic & Relocation Information

Existing Binary Rewriter

SecondWrite √

SecondWrite

• Improvement in Execution Speed– Automatic Parallelization– Better memory management

• Improvement of security and reliability– Protection against malicious attacks– Access control

Applications of Binary Rewriting

Security Policy Enforcement in Binaries

Security PolicyLibrary

Security PolicyLibrary

Binary Reader

Code Improvement

Layout ModificationsCode Generator

System CallDetector

Security check inserter

+

Security Policy Enforcement

Input Binary Program Security Policy

SecondWrite

Output Binary

SecurityPolicy

Enforcing a Policy on a Malicious Binary

Malicious binary thatdeletes files under the/c/important directory.

Run binary Deletes files!

(Binary runs under your permissions)

Enforcing a Policy on a Malicious Binary

Malicious binary thatdeletes files under the/c/important directory.

SecondWrite

Malicious Binary

SecurityPolicy

+ Security policy for downloaded applications:

• Cannot delete files which the application did not itself create

Enforcing a Policy on a Malicious Binary

MaliciousBinary

Run binary Kill application!

SecurityPolicy

• Prevent network send after reading sensitive files

• Impose quota on resource usage (e.g. heap memory)

Examples of Other Policies

• Customizable: Security checks customizable to application, source, user and site.

• Wide Scope: Completely enforce Confidentiality, Integrity, and Availability (CIA triad) in a binary

• Preventative: Ability to stop attacks before they succeed

• Portable: Approach is independent of operating system and programming language

Advantages of this Approach