A Binary-Centric Approach to
Vulnerability Analysis and Defense
Abstract
This thesis takes a binary-centric approach for defending against
vulnerabilities. A binary-centric approach is attractive for two
reasons. First, most users only have access to programs in binary form
(e.g., executables), thus security defenses based upon binary analysis
are likely widely applicable. Second, a binary itself is often the
most faithful encoding of security-relevant details since it is what
is actually executed on hardware. This faithfulness allows us to
provide strong guarantees about what sort of overall security can be
offered. In this thesis, we first show that the binary-centric
approach allows us to automatically generate exploits based upon
vendor-provided patches for vulnerabilities. An immediate consequence
of this line of research is current vendor patching practices are
insecure because they allow attackers to create new exploits before
all vulnerable hosts can receive a patch. Next, we show how to
protect against exploits by automatically generating
vulnerability-based signatures, which are signatures based upon a
vulnerability instead of exploits. Our binary-centric approach to
signature generation provides the first comprehensive framework for
vulnerability-based signature generation and evaluation. For example,
we are the first to show how to generate signatures that are
guaranteed to never have false positives in a variety of settings. A
key component of this research is development of a binary
infrastructure to demonstrate the utility of our techniques and the
application to our problem domain. The binary analysis techniques and
architecture are of independent interest, and are currently being used
by many other research projects at various universities and labs. In
this proposal, we detail our initial research in binary analysis and
vulnerability defense, and then propose future research directions.
Full Version: PDF
Proposal Date: Dec 11, 3PM EST, Wean 4623.
Committee
Back to David's Home Page