Opportunistic Binary Software Fault Encouragement

Period of Performance: 11/02/2015 - 09/02/2016

$80K

Phase 1 SBIR

Recipient Firm

Galois, Inc.
421 SW Sixth Ave Suite 300
Portland, OR 97204
Firm POC
Principal Investigator

Abstract

For many programs, it would be desirable to fail fast in the face of attack in order to preserve confidentiality and integrity. We propose a tool to statically rewrite binaries to increase their fragility, adding this fail-fast property. We will operate on binaries to maximize the number of programs we can protect. Binary rewriting can be applied to any program without cooperation from the compiler, thus supporting programs written in multiple languages or composed from components from different vendors where source may not be available.<br>Our defenses are designed to protect against information disclosure and control flow hijacking attacks. These defenses will introduce fragility to hinder attacks both before they can inject a malicious payload as well as during active attacks. These defenses turn invalid or undefined behaviors in source programs into fail-stop conditions at run time. Nothing we propose relies on particular software or hardware platform features, and is thus suitable for embedded as well as more traditional server platforms. With prior experience in both binary analysis and verification, Galois is well-positioned to develop high-assurance semantics preserving binary transformations.