Binary Debloating for Security via Demand Driven Loading

by   Girish Mururu, et al.
Georgia Institute of Technology

Modern software systems heavily use C/C++ based libraries. Because of the weak memory model of C/C++, libraries may suffer from vulnerabilities which can expose the applications to potential attacks. For example, a very large number of return oriented programming gadgets exist in glibc that allow stitching together semantically valid but malicious Turing-complete programs. In spite of significant advances in attack detection and mitigation, full defense is unrealistic against an ever-growing set of possibilities for generating such malicious programs. In this work, we create a defense mechanism by debloating libraries to reduce the dynamic functions linked so that the possibilities of constructing malicious programs diminishes significantly. The key idea is to locate each library call site within an application, and in each case to load only the set of library functions that will be used at that call site. This approach of demand-driven loading relies on an input-aware oracle that predicts a near-exact set of library functions needed at a given call site during the execution. The predicted functions are loaded just in time, and the complete call chain (of function bodies) inside the library is purged after returning from the library call back into the application. We present a decision-tree based predictor, which acts as an oracle, and an optimized runtime system, which works directly with library binaries like GNU libc and libstdc++. We show that on average, the proposed scheme cuts the exposed code surface of libraries by 97.2 prediction accuracy in most cases of at least 97 overhead of 18 benchmarks of SPEC 2006, suggesting this scheme is practical.


Mir: Automated Quantifiable Privilege Reduction Against Dynamic Library Compromise in JavaScript

Third-party libraries ease the development of large-scale software syste...

Automatic Diversity in the Software Supply Chain

Despite its obvious benefits, the increased adoption of package managers...

VULNERLIZER: Cross-analysis Between Vulnerabilities and Software Libraries

The identification of vulnerabilities is a continuous challenge in softw...

Fine-Grained Library Customization

Code bloat widely exists in production-run software. Left untackled, it ...

Debloating Software through Piece-Wise Compilation and Loading

Programs are bloated. Our study shows that only 5 across Ubuntu Desktop ...

On-the-fly Code Activation for Attack Surface Reduction

Modern code reuse attacks are taking full advantage of bloated software....

Extending the OpenCHK Model with Advanced Checkpoint Features

One of the major challenges in using extreme scale systems efficiently i...

Please sign up or login with your details

Forgot password? Click here to reset