Reducing the attack surface of computer programs

What is it about?

Some programming errors can cause unintended modifications to the computer's main memory, leading to unexpected behavior, crashes, and even security breaches. Attackers can exploit these errors by injecting malicious code into running programs, enabling them to take control of the program and carry out harmful activities. For this reason, modern systems typically do not allow modifications to the code of running programs. However, attackers get around this restriction by recombining parts of the existing code to alter the program's behavior and achieve their malicious goals using so-called code-reuse attacks (e.g., return-oriented programming). One approach to address this problem is binary debloating, which removes code that is not needed by the program. By reducing the available code, it becomes more difficult for an attacker to find ways to reuse code for exploitation. However, existing binary debloating methods have limited effectiveness because they can only debloat specific parts of the program. This results in low overall code-reduction rates. In this paper, we propose a novel dynamic binary-debloating approach that offers significantly higher code-reduction rates. Our technique enables independent debloating of different parallel running activities (threads) within a program, and it considers the complete code of the program. For the programs we tested, we can remove between 84% and 98% of the code that is available for an attacker to exploit. Our comprehensive approach can effectively prevent code-reuse attacks conducted by an exploit tool for all tested programs.

Featured Image

Photo by FLY:D on Unsplash

Photo by FLY:D on Unsplash