Write a Blog >>
PLDI 2020
Mon 15 - Fri 19 June 2020
Wed 17 Jun 2020 16:20 - 16:40 at PLDI Research Papers live stream - Security Chair(s): Tony Hosking

Static binary rewriting has many important applications in software security and systems, such as hardening, repair, patching, instrumentation, and debugging. While many different static binary rewriting tools have been proposed, most rely on recovering control flow information from the input binary. The recovery step is necessary since the rewriting process may move instructions, meaning that the set of jump targets in the rewritten binary needs to be adjusted accordingly. Since the static recovery of control flow information is a hard problem in general, most tools rely on a set of simplifying heuristics or assumptions, such as specific compilers, specific source languages, or binary file meta information. However, the reliance on assumptions or heuristics tends to scale poorly in practice, and most state-of-the-art static binary rewriting tools cannot handle very large/complex programs such as web browsers.

In this paper we present E9Patch, a tool that can statically rewrite x86_64 binaries without any knowledge of control flow information. To do so, E9Patch develops a suite of binary rewriting methodologies—such as instruction punning, padding, and eviction—that can insert jumps to trampolines without the need to move other instructions. Since this preserves the set of jump targets, the need for control flow recovery and related heuristics is eliminated. As such, E9Patch is robust by design, and can scale to very large (>100MB) stripped binaries including the Google Chrome and FireFox web browsers. We also evaluate the effectiveness of E9Patch against realistic applications such as binary instrumentation, hardening and repair.

Wed 17 Jun
Times are displayed in time zone: Pacific Time (US & Canada) change

16:00 - 17:00: SecurityPLDI Research Papers at PLDI Research Papers live stream
Chair(s): Tony HoskingAustralian National University / Data61

YouTube lightning session video

16:00 - 16:20
Towards a Verified Range Analysis for JavaScript JITs
PLDI Research Papers
Fraser BrownStanford University, USA, John RennerUniversity of California at San Diego, USA, Andres NötzliStanford University, USA, Sorin LernerUniversity of California at San Diego, USA, Hovav ShachamUniversity of Texas at Austin, USA, Deian StefanUniversity of California at San Diego, USA
16:20 - 16:40
Binary Rewriting without Control Flow Recovery
PLDI Research Papers
Gregory J. DuckNational University of Singapore, Singapore, Xiang GaoNational University of Singapore, Singapore, Abhik RoychoudhuryNational University of Singapore, Singapore
16:40 - 17:00
BlankIt Library Debloating: Getting What You Want Instead of Cutting What You Don’t
PLDI Research Papers
Chris PorterGeorgia Institute of Technology, USA, Girish MururuGeorgia Institute of Technology, USA, Prithayan BaruaGeorgia Institute of Technology, USA, Santosh PandeGeorgia Institute of Technology, USA