Robust, Low-overhead Binary Rewriting: Design, Extensibility and Customizability

Abstract

A binary rewriter is a software tool that can change binary code (also known as machine code) without needing its source code, in order to improve it in some way, such as in its security, perfor-mance, manageability, or track-ability. Binary programs are very common today in IP-protected applications meant for distribution to customers, and high-performance codes.Despite 15 years of research on binary rewriting, it is surprising that the following is not avail-able today: a binary rewriter that can (1) reliably rewrite all benign programs, and (2) incur low overhead. Existing dynamic rewriters are reliable, but incur high overheads. Existing static rewrit-ers have low overhead, but are not reliable ??? it is difficult to distinguish code from data in com-mercially widespread stripped binaries (those lacking symbolic and relocation information). Static rewriters also cannot handle obfuscated, dynamically generated, and self-modifying code.Conversations with industry professionals have revealed that they will not accept an unreliable tool that may occasionally crash the program. Nor will they accept a tool that has more than a few percent overhead in deployment use. No existing rewriter can meet these requirements. Thus all the advantages of instrumentation and monitoring in security, performance, manageability and track-ability are lost for deployed binary programs.We are developing a new type of binary rewriter called RL-Bin that can, for the first time, reliably rewrite all benign programs, and incurs low runtime overhead. It does so using a design that (1) avoids the copying and address translation inherent in code-cached-based dynamic rewriters by rewriting the memory image in-place; (2) is purely dynamic, and continuously instruments the code to conceptually monitor every control transfer to discover new code; (3) rewrites a memory block in the code segment only after it is known to be code at runtime; (4) uses a design that adaptively removes code-discovering instrumentation at runtime after it is no longer needed; and (5) uses just-in-time (JIT) analysis to perform further optimizations to reduce overhead.An early version of RL-Bin is currently being developed. In this project, we request funds to complete the development of a mature, extensible and usable software tool from the current early re-search prototype. To this end, we propose to develop new optimizations and extensions to RL-Bin. We will enhance existing optimizations to reduce the run-time overhead of RL-Bin, and will design and implement new optimization techniques. In addition, the following extensions are proposed:(i) output trusted disassembly; (ii) output runtime metadata; and (iii) develop custom easy-to-use APIs for RL-Bin for adding instrumentation. With these changes, RL-Bin will enable the recovery of accurate, guaranteed-correct program structure and run-time behavior information, necessary for users to build subsequent binary analysis. RL-Bin???s source code will be made available to the government every 6 months, which then the government can provide to other ONR funded teams.Having a reliable, low-overhead binary rewriter will bring the advantages of managed code (such as interpreted code) to unmanaged binary code for the first time. By being able to monitor and instrument binary code, it will enable the many uses of potential uses of runtime code instru-mentation in deployment that are not possible today, such as application performance monitoring (APM), resource monitoring, security policy enforcement, vulnerability patching, and performance optimization. Thus users will be able to manage binary codes just like interpreted languages. This could open up major sectors of the software industry to binary codes for the first time, leading to the foundation of a thriving industry in the United States, as well as a boost to the DoD???s capabilities to manage, secure, and optimize its vast repository of binary codes used in deployment.

Document Details

Document Type

DoD Grant Award

Publication Date

Sep 04, 2018

Source ID

N000141812772

Entities

Tags