Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

Securing Untrusted Code via Compiler-Agnostic Binary Rewriting

Binary code from untrusted sources remains one of the primary vehicles for malicious software attacks. This paper presents REINS, a new, more general, and lighter-weight binary rewriting and inlining system to tame and secure untrusted binary programs. Unlike traditional monitoring approaches, R EINS requires no cooperation from code-producers in the form of source code or debugging symbols, requires no client-side support infrastructure (e.g., a VM or hypervisor), and preserves the behavior of even complex, event-driven, x86 native code COTS binaries generated by aggressively optimizing compilers. This makes it exceptionally easy to deploy. The safety of programs rewritten by REINS is also independently machine-verifiable, allowing rewriting to be deployed as an untrusted third-party service. An implementation of R EINS for Microsoft Windows demonstrates that it is effective and practical for a real-world OS and architecture, and introduces only about 3% runtime overhead for rewritten binaries.

Author(s):

Richard Wartell    
University of Texas at Dallas
United States

Vishwath Mohan    
University of Texas at Dallas
United States

Kevin W. Hamlen    
University of Texas at Dallas
United States

Zhiqiang Lin    
University of Texas at Dallas
United States

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC