Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

Securing Untrusted Code via Compiler-Agnostic Binary Rewriting

Paper
View File
pdf
230KB

Richard Wartell
University of Texas at Dallas
United States

Vishwath Mohan
University of Texas at Dallas
United States

Kevin W. Hamlen
University of Texas at Dallas
United States

Zhiqiang Lin
University of Texas at Dallas
United States

Abstract:
Binary code from untrusted sources remains one of the primary vehicles for malicious software attacks. This paper presents REINS, a new, more general, and lighter-weight binary rewriting and inlining system to tame and secure untrusted binary programs. Unlike traditional monitoring approaches, R EINS requires no cooperation from code-producers in the form of source code or debugging symbols, requires no client-side support infrastructure (e.g., a VM or hypervisor), and preserves the behavior of even complex, event-driven, x86 native code COTS binaries generated by aggressively optimizing compilers. This makes it exceptionally easy to deploy. The safety of programs rewritten by REINS is also independently machine-verifiable, allowing rewriting to be deployed as an untrusted third-party service. An implementation of R EINS for Microsoft Windows demonstrates that it is effective and practical for a real-world OS and architecture, and introduces only about 3% runtime overhead for rewritten binaries.

 

Powered by OpenConf®
Copyright ©2002-2012 Zakon Group LLC