We have developed a variety of software hardening techniques against most of the known classes of software vulnerabilities and malicious attacks, such as race conditions, buffer underflows/overflows, null pointer exceptions, unhandled exceptions, code injection, and code-reuse attacks. However, our prior work focused on binary-only environments (i.e., post-compilation processing). While it has the advantage of broad applicability, it sacrifices efficiency and completeness due to the loss of semantic information that is present in the source code but is lost during the compilation phase. Meanwhile, the source code of many software systems, including those developed by the open-source community or used by the military, is often available. Utilizing the rich semantics of the source code can improve the efficiency and completeness of many software protection techniques. Our objective in this project is to develop new and integrate existing software protection techniques into compiler frameworks such as LLVM and GCC. We will integrate several binary-only techniques we have developed as well as several new techniques we will develop into the compiler to improve their efficiency and security.
Participants
PI: Prof. Junfeng Yang, Columbia University
PI: Prof. Angelos Keromytis, Columbia University
This work is supported by the Office of Naval Research (ONR) through Contract N00014-12-1-0166. Opinions, findings, conclusions and recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the US Government or ONR.
Related Publications
ShadowReplica: Efficient Parallelization of Dynamic Data Flow Tracking
Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS 2013), November 2013