|
|||||
Research projects:
|
|||||
Levee: a CPI/CPS/Double Stack Prototype ImplementationLevee is a prototype implementation of Code-Pointer Integrity (CPI), Code-Pointer Separation (CPS), and the Double Stack proposed in our OSDI'14 paper. The full source code is released as open-source and as LLVM patch, hardened FreeBSD packages are released as binaries. Downloads fuzzBALL: a Fast Symbolic Execution FrameworkfuzzBALL is a is a symbolic execution tool for binary code, based on the BitBlaze Vine library. (The name comes from the phrase "FUZZing Binaries with A Little Language", where "fuzzing" is a common application of symbolic execution to bug-finding, and the "little language" refers to the Vine intermediate language that FuzzBALL uses for execution. Also "fuzzball" is a common nickname for a small kitten, and FuzzBALL was (originally) intended to be simpler and lighter-weight than some other symbolic execution tools.) fuzzBALL is used in several research projects, e.g., HI-CFG, transformation-aware exploit generation, and transformation-aware system test generation Downloads memTrace: Lightweight Memory Tracing
memTrace is a lightweight memory tracing infrastructure that supports
user-defined memlets (short sequences of code, execute for every memory
access) for unmodified binary x86 applications. A cross-ISA binary
translator builds on libdetox to translate the application from x86 to
x86_64 and to weave the memlets into the executed application code. Downloads
TRuE: Trusted RUntime EnvironmentTRuE is a secure runtime environment that enables the safe execution of untrusted (but not malicious) code. Untrusted code (e.g., the Apache server) is dynamically analyzed and secured against different forms of control-flow based attacks like code injection, control-flow redirection, and return oriented programming. This fine-grained security layer detects attacks right when they happen (i.e., before the control flow is executed) and the program is terminated. A second layer of protection uses a system-call interposition layer to validate each executed system call against a vigorous system call policy. TRuE uses several components to both extract information from the application and to secure the application:
For a complete description and evaluation of TRuE look at my PhD thesis. If you are interested in a quick overview watch my Google TechTalk for an overview of fastBT, or my 27c3 talk and my 26c3 talk for an overview of libdetox. TRuE has the following runtime requirements: a machine with an IA-32 (x86) CPU, a Linux kernel 2.6 or higher, and GCC version 4.2 or higher. You can download a given software package below, unpack it in a directory, read the INSTALL information, (optionally) adapt the translation tables, configure the optimizations (for both additional security and performance settings) and let it run. fastBT and libdetox both use LD_PRELOAD to inject the binary translator into the application while TRuE uses the secure loader to initialize the sandbox before the application is loaded. Downloads
adaptSTM: a fast, adaptive Software Transactional Memory systemWe present adaptSTM, a competitive, word-based STM library that is based on a
global clock and an array of combined global versions (timestamps) and
locks. To keep track of transactional data adaptSTM implements a multi-level
buffer and uses read-set extension to achieve competitive performance. Downloads
|