UROBOROS: Instrumenting Stripped Binaries with Static Reassembling

Wang, Shuai; Wang, Pei; Wu, Dinghao

doi:10.1109/saner.2016.106

Cited by 42 publications

(27 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the reassembleable disassembly approach, a reusable tool extracts relocatable assembly from the binary without the use of debugging or relocation information. Uroboros [47], [48] was the first end-to-end system to provide such functionality. To make a disassembly reassembleable (relocatable), the main challenge is determining whether an immediate is used as an integer or as a label referencing another location.…”

Section: B Binary Rewritingmentioning

confidence: 99%

Binary Mutation Analysis of Tests Using Reassembleable Disassembly

Emamdoost¹,

Sharma²,

Byun³

et al. 2019

Proceedings 2019 Workshop on Binary Analysis Research

View full text Add to dashboard Cite

Good tests are important in software development, but it can be hard to tell whether tests will reveal future faults that are themselves unknown. Mutation analysis, which checks whether tests reveal inserted changes in a program, is a strong measure of test suite adequacy, but common source-or compilerlevel approaches to mutation testing are not applicable to software available only in binary form. We explore mutation analysis as an application of the reassembleable disassembly approach to binary rewriting, building a tool for x86 binaries on top of the previously-developed Uroboros system, and apply it to the C benchmarks from SPEC CPU 2006 and to five examples of embedded control software. The results demonstrate that our approach works effectively across these software domains: as expected, tests designed for performance benchmarking reveal fewer mutants than tests generated to achieve high code coverage, but mutation scores indicate differences in test origins and features such as code size and fault-tolerance. Our binary-level tool also achieves comparable results to source-level mutation analysis despite supporting a more limited set of mutation operators. More generally we also argue that our experience shows how reassembleable disassembly is a valuable approach for constructing novel binary rewriting tools.

show abstract

Section: B Binary Rewritingmentioning

confidence: 99%

Binary Mutation Analysis of Tests Using Reassembleable Disassembly

Emamdoost¹,

Sharma²,

Byun³

et al. 2019

Proceedings 2019 Workshop on Binary Analysis Research

View full text Add to dashboard Cite

show abstract

“…But the size of a gap is usually not enough for a patch. Another way is reassembling which injects patch to the original code and relocates it [68], [70]. Since the long jumps added by BINPATCH might violate security requirements (e.g., Control Flow Integrity [1]), reassembling is the future choice for BINPATCH.…”

Section: Binary Rewritingmentioning

confidence: 99%

“…Dyninst [6] disassembles the binary function and extracts its control flow graph, then inserts new basic blocks into the graph. Uroboros [69], [70] leverages the technique of reassembling which re-computes the addresses and offsets after inserting new code. It avoids the huge overhead introduced by detours (i.e.…”

Section: ) Static Binary Rewritingmentioning

confidence: 99%

Automatically Patching Vulnerabilities of Binary Programs via Code Transfer From Correct Versions

Zhang

2019

IEEE Access

View full text Add to dashboard Cite

The security of binary programs is significantly threatened by software vulnerabilities. When vulnerabilities are found, those applications are exposed to malicious attacks that exploit the known vulnerabilities. Thus, it is necessary to patch them when vulnerabilities are reported to the public as soon as possible. However, it still heavily relies on manual work to locate and correct the corresponding defective code in the binary programs. In order to raise productivity and ensure software security, it becomes imperative to automate the process. In this paper, we propose BINPATCH to automatically patch known vulnerabilities of binary programs. It first locates the defective function, which contains the vulnerability, via similar code comparison. Then, it reuses the corresponding code from the correct version of the defective function as the patch code and inserts it to the defective function via binary rewriting. BINPATCH is evaluated on eight real-world vulnerabilities, and the experimental results show that it is able to not only locate the defective code effectively but also patch the code correctly. INDEX TERMS Reverse engineering, binary code patching, binary program analysis, software security.

show abstract

“…DYNINST [6] 2011 STIR/REINS [46], [47] 2012 CCFIR [51] 2013 BISTRO [15] 2013 BINCFI [53] 2013 PSI [52] 2014 UROBOROS [44] 2016 RAMBLR [42] 2017 MULTIVERSE 2018 sizes [48]. Subsequent work has leveraged these foundations to implement Opaque Control-flow Integrity [28].…”

Section: Related Workmentioning

confidence: 99%

“…UROBOROS [43] makes binary disassembly reassemblable by using the same disassembling algorithm from BINCFI, but it still uses a number of heuristics to differentiate memory addresses and constant integers when relocating a binary. The recent extension of UROBOROS [44] has been made to be a more general static binary instrumentation framework.…”

Section: Related Workmentioning

confidence: 99%

Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics

Bauman

Lin

Hamlen

2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Static binary rewriting is a core technology for many systems and security applications, including profiling, optimization, and software fault isolation. While many static binary rewriters have been developed over the past few decades, most make various assumptions about the binary, such as requiring correct disassembly, cooperation from compilers, or access to debugging symbols or relocation entries. This paper presents MUL-TIVERSE, a new binary rewriter that is able to rewrite Intel CISC binaries without these assumptions. Two fundamental techniques are developed to achieve this: (1) a superset disassembly that completely disassembles the binary code into a superset of instructions in which all legal instructions fall, and (2) an instruction rewriter that is able to relocate all instructions to any other location by mediating all indirect control flow transfers and redirecting them to the correct new addresses. A prototype implementation of MUL-TIVERSE and evaluation on SPECint 2006 benchmarks shows that MULTIVERSE is able to rewrite all of the testing binaries with a reasonable runtime overhead for the new rewritten binaries. Simple static instrumentation using MULTIVERSE and its comparison with dynamic instrumentation shows that the approach achieves better average performance. Finally, the security applications of MUL-TIVERSE are exhibited by using it to implement a shadow stack.

show abstract

UROBOROS: Instrumenting Stripped Binaries with Static Reassembling

Cited by 42 publications

References 27 publications

Binary Mutation Analysis of Tests Using Reassembleable Disassembly

Binary Mutation Analysis of Tests Using Reassembleable Disassembly

Automatically Patching Vulnerabilities of Binary Programs via Code Transfer From Correct Versions

Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics

Contact Info

Product

Resources

About