Write a Blog >>
PLDI 2020
Mon 15 - Fri 19 June 2020
Wed 17 Jun 2020 16:20 - 16:40 at PLDI Research Papers live stream - Security Chair(s): Tony Hosking

Static binary rewriting has many important applications in software security and systems, such as hardening, repair, patching, instrumentation, and debugging. While many different static binary rewriting tools have been proposed, most rely on recovering control flow information from the input binary. The recovery step is necessary since the rewriting process may move instructions, meaning that the set of jump targets in the rewritten binary needs to be adjusted accordingly. Since the static recovery of control flow information is a hard problem in general, most tools rely on a set of simplifying heuristics or assumptions, such as specific compilers, specific source languages, or binary file meta information. However, the reliance on assumptions or heuristics tends to scale poorly in practice, and most state-of-the-art static binary rewriting tools cannot handle very large/complex programs such as web browsers.

In this paper we present E9Patch, a tool that can statically rewrite x86_64 binaries without any knowledge of control flow information. To do so, E9Patch develops a suite of binary rewriting methodologies—such as instruction punning, padding, and eviction—that can insert jumps to trampolines without the need to move other instructions. Since this preserves the set of jump targets, the need for control flow recovery and related heuristics is eliminated. As such, E9Patch is robust by design, and can scale to very large (>100MB) stripped binaries including the Google Chrome and FireFox web browsers. We also evaluate the effectiveness of E9Patch against realistic applications such as binary instrumentation, hardening and repair.

Wed 17 Jun

Displayed time zone: Pacific Time (US & Canada) change

16:00 - 17:00
SecurityPLDI Research Papers at PLDI Research Papers live stream
Chair(s): Tony Hosking Australian National University / Data61

YouTube lightning session video

Towards a Verified Range Analysis for JavaScript JITs
PLDI Research Papers
Fraser Brown Stanford University, USA, John Renner University of California at San Diego, USA, Andres Nötzli Stanford University, USA, Sorin Lerner University of California at San Diego, USA, Hovav Shacham University of Texas at Austin, USA, Deian Stefan University of California at San Diego, USA
Binary Rewriting without Control Flow Recovery
PLDI Research Papers
Gregory J. Duck National University of Singapore, Singapore, Xiang Gao National University of Singapore, Singapore, Abhik Roychoudhury National University of Singapore, Singapore
BlankIt Library Debloating: Getting What You Want Instead of Cutting What You Don’t
PLDI Research Papers
Chris Porter Georgia Institute of Technology, USA, Girish Mururu Georgia Institute of Technology, USA, Prithayan Barua Georgia Institute of Technology, USA, Santosh Pande Georgia Institute of Technology, USA