Write a Blog >>
PLDI 2020
Mon 15 - Fri 19 June 2020
Wed 17 Jun 2020 16:40 - 17:00 at PLDI Research Papers live stream - Security Chair(s): Tony Hosking

Modern software systems make extensive use of libraries derived from C and C++. Because of the lack of memory safety in these languages, however, the libraries may suffer from vulnerabilities, which can expose the applications to potential attacks. For example, a very large number of return-oriented programming gadgets exist in glibc that allow stitching together semantically valid but malicious Turing-complete and -incomplete programs.
While CVEs get discovered and often patched and remedied, such gadgets serve as building blocks of future undiscovered attacks, opening an ever-growing set of possibilities for generating malicious programs. Thus, significant reduction in the quantity and expressiveness (utility) of such gadgets for libraries is an important problem.

In this work, we propose a new approach for handling an application's library functions that focuses on the principle of getting only what you want.'' This is a significant departure from the current approaches that focus oncutting what is unwanted.'' Our approach focuses on activating/deactivating library functions on demand in order to reduce the dynamically linked code surface, so that the possibilities of constructing malicious programs diminishes substantially. The key idea is to load only the set of library functions that will be used at each library call site within the application at runtime. This approach of demand-driven loading relies on an input-aware oracle that predicts a near-exact set of library functions needed at a given call site during the execution. The predicted functions are loaded just in time and unloaded on return.

We present a decision-tree based predictor, which acts as an oracle, and an optimized runtime system, which works directly with library binaries like GNU libc and libstdc++. We show that on average, the proposed scheme cuts the exposed code surface of libraries by 97.2%, reduces ROP gadgets present in linked libraries by 97.9%, achieves a prediction accuracy in most cases of at least 97%, and adds a runtime overhead of 18% on all libraries (16% for glibc, 2% for others) across all benchmarks of SPEC 2006. Further, we demonstrate BlankIt on two real-world applications, sshd and nginx, with a high amount of debloating and low overheads.

Wed 17 Jun

Displayed time zone: Pacific Time (US & Canada) change

16:00 - 17:00
SecurityPLDI Research Papers at PLDI Research Papers live stream
Chair(s): Tony Hosking Australian National University / Data61

YouTube lightning session video

16:00
20m
Talk
Towards a Verified Range Analysis for JavaScript JITs
PLDI Research Papers
Fraser Brown Stanford University, USA, John Renner University of California at San Diego, USA, Andres Nötzli Stanford University, USA, Sorin Lerner University of California at San Diego, USA, Hovav Shacham University of Texas at Austin, USA, Deian Stefan University of California at San Diego, USA
16:20
20m
Talk
Binary Rewriting without Control Flow Recovery
PLDI Research Papers
Gregory J. Duck National University of Singapore, Singapore, Xiang Gao National University of Singapore, Singapore, Abhik Roychoudhury National University of Singapore, Singapore
16:40
20m
Talk
BlankIt Library Debloating: Getting What You Want Instead of Cutting What You Don’t
PLDI Research Papers
Chris Porter Georgia Institute of Technology, USA, Girish Mururu Georgia Institute of Technology, USA, Prithayan Barua Georgia Institute of Technology, USA, Santosh Pande Georgia Institute of Technology, USA