Feast '20 slides
- 1. Binary Quilting to Generate Patched Executables without Compilation Anthony Saieva, Gail Kaiser Columbia University 1
- 2. Motivation -- Problematic Updates ● The typical update cycle is usually sufficient to keep code updated and secure. ● However in enterprise-critical systems, sysadmins may be reluctant to update systems for fear of unwanted side-effects. ● This leads to insecure deployments even when patches are available. ● When many update cycles have passed between the deployed and current versions, deploying the updated version is not simple and may not be feasible without major changes to the dependent systems. 2
- 3. Why Binary Analysis? Changes may need to be made at binary level, either because legacy code no longer has the source code available or because proprietary licenses prevent making the source code available. Binary manipulations usually involve non-semantic changes like shadow stacks and stack canaries. 3
- 4. Solution -- Customized Update Cycle Updating to the entire new version may break enterprise-critical functionality. Customized updates allows customers to maintain software through partial updates. 4
- 5. Binary Quilting ● We introduce binary quilting to accomplish these customized updates. ● We leave untouched as much of the original code as possible. ● We only replace the overwritten code with the corresponding new code and its dependencies. 5
- 6. We use binary analysis to associate changes at the source code level with changes at the binary level. The modified symbol table informs us which code to include in the update. Binary Patch Decomposition 6
- 7. Binary Patch Decomposition We record the diffs between the previously compiled versions and the newly compiled versions by integrating binary change tracking into the build process. These diffs are stored in a changelog database. The developers send the appropriate metadata to each client depending on the deployed version of the client’s software and what they want to upgrade. 7
- 8. Quilting Procedure Symbols function as a point of reference between the binaries. Since x86 defines strict function calling conventions, it guarantees a consistent state where we can interpose new code. References fall into 3 categories 1) Code References 2) Data References 3) PLT Interposition 8
- 9. Evaluation Evaluated with 5 open source projects curl, coreutils, wget, libpng, and redis. LOC changes of size up to 40+ additions and 141- deletions. Resolved hundreds of code and data section references to successfully quilt the patches. 9
- 10. Selected Case Studies Crashing bug in libpng (image processing library) where mathematical error causes invalid memory access. Quilted binary successfully parses problematic image. 10 Libcurl (command line networking client) failed to parse some malicious URL’s correctly due to erroneous conditional. Quilted binary functions correctly in network sensitive context.
- 11. Quilting Overhead Quilting in new code adds to potentially vulnerable attack surface area. Since we quilt only the minimum required patch our technique introduces minimal space overhead. The largest size increase was 14%, but usually much smaller. 11
- 12. Conclusion We successfully demonstrated binary quilting on real open source projects. In future work we plan to expand our evaluation and investigate formal verification approaches to prove that no side effects are introduced during the patching process. 12
- 13. Questions? 13
Editor's Notes
- #2: This is a note