RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization
@article{Dinesh2020RetroWriteSI,
title={RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization},
author={Sushant Dinesh and Nathan Burow and Dongyan Xu and Mathias Payer},
journal={2020 IEEE Symposium on Security and Privacy (SP)},
year={2020},
pages={1497-1511},
url={https://api.semanticscholar.org/CorpusID:160016679}
}RetroWrite is developed, a binary-rewriting instrumentation to support American Fuzzy Lop and Address Sanitizer and it is shown that it can achieve compiler-level performance while retaining precision and is identical in performance to compiler-instrumented binaries.
Figures and Tables from this paper
Topics
Position Independent Code (opens in a new tab)Static Binary Rewriting (opens in a new tab)Binary Fuzzing (opens in a new tab)Binary Rewriting (opens in a new tab)Ramblr (opens in a new tab)Static Rewriting (opens in a new tab)AFL-QEMU (opens in a new tab)Instrumentation Pass (opens in a new tab)AFL-Dyninst (opens in a new tab)COTS Binaries (opens in a new tab)
135 Citations
Performant Binary Fuzzing without Source Code using Static Instrumentation
- 2022
Computer Science
This paper explores techniques to replicate the depth and efficiency of source-code available fuzzers via static binary instrumentation, and shows that techniques for binary fuzzing may approach the functional ability of sources-available fuzzing.
A Binary-level Thread Sanitizer or Why Sanitizing on the Binary Level is Hard
- 2024
Computer Science
This paper systematically identifies the key challenges of applying sanitizers to binary-only targets, and presents the design and implementation of BIN TSAN, an approach to realize the data race detector TSAN targeting binary-only Linux x86-64 targets.
MTSan: A Feasible and Practical Memory Sanitizer for Fuzzing COTS Binaries
- 2023
Computer Science, Engineering
This paper presents a feasible and practical hardware-assisted memory sanitizer, MTSan, for binary fuzzing, which can detect both spatial and temporal memory safety violations at runtime and introduces much lower run-time and memory overhead.
ArmWrestling: efficient binary rewriting for ARM
- 2021
Computer Science
RetroWrite-ARM is presented, a zero-overhead static binary rewriter for aarch64 executables that solves key challenges such as pointer construction symbolization and jump table instrumentation, based on the (x86 64) RetroWrite project.
SAFER: Efficient and Error-Tolerant Binary Instrumentation
- 2023
Computer Science
This work presents a new instrumentation technique that tolerates the use of position-dependent code and common disassembly and static analysis errors, and detects assumption violations at runtime before they can lead to undefined behavior.
ARMore: Pushing Love Back Into Binaries
- 2023
Computer Science, Engineering
ARMore is the first e ffi cient, robust, and heuristic-free static binary rewriter for arbitrary aarch64 binaries that produces reassembleable assembly and is the only static rewriter whose rewritten binaries correctly pass all SQLite3 and core-utils test cases and autopkgtest of 97.5% Debian packages.
Fuzzm: Finding Memory Bugs through Binary-Only Instrumentation and Fuzzing of WebAssembly
- 2021
Computer Science
The first binary-only fuzzer for WebAssembly, called Fuzzm, combines canary instrumentation to detect overflows and underflows on the stack and the heap, an efficient coverage instrumentation, a WebAssembly VM, and the input generation algorithm of the popular AFL fuzzer to prevent the exploitation of vulnerable binaries in production.
This paper is included in the Proceedings of the 32nd USENIX Security Symposium.
Computer Science
This work presents a new instrumentation technique that tolerates the use of position-dependent code and common disassembly and static analysis errors, and detects assumption violations at runtime before they can lead to undefined behavior.
Gadgets Splicing: Dynamic Binary Transformation for Precise Rewriting
- 2022
Computer Science
This paper presents GRIN, a novel binary rewriting tool that allows for high-precision instruction identification and demonstrates that the precision of GRIN is improved to 99.92% compared to current state-of the-art techniques.
StochFuzz: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting
- 2021
Computer Science
A novel incremental and stochastic rewriting technique StochFuzz is proposed that generates many different versions of rewritten binaries whose validity can be approved/disapproved by numerous fuzzing runs and achieves performance comparable to source-based fuzzers.
85 References
Securing untrusted code via compiler-agnostic binary rewriting
- 2012
Computer Science
Reins, a new, more general, and lighter-weight binary rewriting and in-lining system to tame and secure untrusted binary programs, is presented, demonstrating that it is effective and practical for a real-world OS and architecture.
Static Analysis of x86 Executables
- 2010
Computer Science
This dissertation argues for the integration of disassembly, control flow reconstruction, and static analysis in a unified process and introduces a framework for simultaneous control and data flow analysis on low level binary code, which overcomes the "chicken and egg" problem and is proven to yield the most precise control flow graph with respect to the precision of the data flow domain.
Strict Virtual Call Integrity Checking for C++ Binaries
- 2017
Computer Science
VCI is proposed, a binary rewriting system that secures C++ binaries against vtable attacks, and constructs a strict CFI policy by resolving and pairing virtual function calls (vcalls) with precise sets of target classes.
rev.ng: a unified binary analysis framework to recover CFGs and function boundaries
- 2017
Computer Science
This paper proposes a set of analyses to address predicate instructions, noreturn functions, tail calls, and context-dependent CFG to provide accurate information about a program's CFG and function boundaries without employing debugging information or symbols.
Ramblr: Making Reassembly Great Again
- 2017
Computer Science
This paper presents a new systematic approach for binary reassembling that is implemented in a tool called Ramblr and successfully reassembles most of the binaries, which is an improvement over the state-of-the-art approach.
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits
- 2003
Computer Science
This paper develops a systematic study of a particular kind of obfuscation called address obfuscation that randomizes the location of victim program data and code, and presents an implementation that transforms object files and executables at link-time and load-time.
T-Fuzz: Fuzzing by Program Transformation
- 2018
Computer Science
T-Fuzz leverages a symbolic execution-based approach to filter out false positives and reproduce true bugs in the original program by transforming the program as well as mutating the input, and covers more code and finds more true bugs than any existing technique.
Control Flow Integrity for COTS Binaries
- 2013
Computer Science, Engineering
This work demonstrates that the first work to apply CFI to complex shared libraries such as glibc is effective against control-flow hijack attacks, and eliminates the vast majority of ROP gadgets.
Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics
- 2018
Computer Science
MULTIVERSE is a new binary rewriter that is able to rewrite Intel CISC binaries without making various assumptions about the binary, such as requiring correct disassembly, cooperation from compilers, or access to debugging symbols or relocation entries.
Static binary rewriting without supplemental information: Overcoming the tradeoff between coverage and correctness
- 2013
Computer Science
This work has designed the first static binary rewriter that guarantees 100% code coverage without the need for relocation or symbolic information and drastically limiting the number of possible speculative sequences using a new technique called binary characterization.