About meResearchStudiesTeachingProjects
adaptSTM
trustVM
secuBT
fastBT
PEBSI
Multimedia Kiosk
Ethernut btstack
XML Editor
Berichte und Anträge
Newspaper archive

secuBT: Enforcing Security Through User-Space Virtualization

Description

In the age of coordinated malware distribution and zero-day exploits security becomes ever more important. This paper presents secuBT, a safe execution framework for the execution of untrusted binary code based on the fastBT dynamic binary translator.

 

secuBT implements user-space virtualization using dynamic binary translation and adds a system call interposition framework to limit and guard the interoperability of binary code with the kernel.

 

Fast binary translation is a key component to user-space virtualization. secuBT uses and extends fastBT, a generator for low-overhead, table-based dynamic (just-in-time) binary translators. We discuss the most challenging sources of overhead and propose optimizations to further reduce these penalties. We argue for hardening techniques to ensure that the translated program can not escape out of the user-space virtualization.

 

An important feature of secuBT is that only translated code is executed. This ensures code validity and makes it possible to rewrite individual instructions. The system call interposition framework validates every system call and offers the choice to (i) allow it, (ii) abort the program, (iii) redirect to an user-space emulation.

 

Installation and configuration

The following paragraphs describe the installation, configuration, and usage of the fastBT binary translation framework.

Requirements

secuBT has the following requirements:

  • A machine with an Intel IA-32 (x86) processor
  • Linux (preferred, some changes needed for Windows or Mac OSX)
  • A C compiler (preferably GCC > 4.2) and the make utility
Installation procedure

Use the following steps to install and use secuBT on your machine:

  • Unpack the tar.gz archive
  • Read the README information
  • Adapt a translation table and implement the new actions that you need for your project
  • Choose options in the Makefile
    • LD_PRELOAD injection or used in the project itself
    • Select optimizations
    • Select secuBT options
    • Debug options
  • make && make install

 

Documentation

There is not yet a lot of documentation available, but the AMAS-BT paper and the thesis from Marcel Wirth are a good starting point on how to use the fastBT engine. The secuBT framework is presented in the 26C3 paper. The secuBT extensions are available in the Makefile and can be selected on a per-extension basis. Some documentation is available in the corresponding source files and the Makefile itself.

 

Downloads

The most current version is v0.2. The secuBT extensions are now integrated into fastBT they must be actiavted in the Makefile.

Versions:

 

Contact

Mathias Payer