BlankIt Library Debloating: Getting What You Want Instead of Cutting What You Don’t
Modern software systems make extensive use of libraries derived from C and C++. Because of the lack of memory safety in these languages, however, the libraries may suffer from vulnerabilities, which can expose the applications to potential attacks. For example, a very large number of return-oriented programming gadgets exist in glibc that allow stitching together semantically valid but malicious Turing-complete and -incomplete programs.
While CVEs get discovered and often patched and remedied, such gadgets serve as building blocks of future undiscovered attacks, opening an ever-growing set of possibilities for generating malicious programs. Thus, significant reduction in the quantity and expressiveness (utility) of such gadgets for libraries is an important problem.
In this work, we propose a new approach for handling an application's library functions that focuses on the principle of getting only what you want.'' This is a significant departure from the current approaches that focus oncutting what is unwanted.'' Our approach focuses on activating/deactivating library functions on demand in order to reduce the dynamically linked code surface, so that the possibilities of constructing malicious programs diminishes substantially. The key idea is to load only the set of library functions that will be used at each library call site within the application at runtime. This approach of demand-driven loading relies on an input-aware oracle that predicts a near-exact set of library functions needed at a given call site during the execution. The predicted functions are loaded just in time and unloaded on return.
We present a decision-tree based predictor, which acts as an oracle, and an optimized runtime system, which works directly with library binaries like GNU libc and libstdc++. We show that on average, the proposed scheme cuts the exposed code surface of libraries by 97.2%, reduces ROP gadgets present in linked libraries by 97.9%, achieves a prediction accuracy in most cases of at least 97%, and adds a runtime overhead of 18% on all libraries (16% for glibc, 2% for others) across all benchmarks of SPEC 2006. Further, we demonstrate BlankIt on two real-world applications, sshd and nginx, with a high amount of debloating and low overheads.
Fri 22 OctDisplayed time zone: Central Time (US & Canada) change
10:50 - 12:10 | PLDI 2020 Papers 4SIGPLAN Papers at Zurich G Chair(s): Muhammad Usman University of Texas at Austin, USA | ||
10:50 15mTalk | BlankIt Library Debloating: Getting What You Want Instead of Cutting What You Don’t SIGPLAN Papers Chris Porter Georgia Institute of Technology, USA, Girish Mururu Georgia Institute of Technology, Prithayan Barua Georgia Institute of Technology, USA, Santosh Pande Georgia Institute of Technology | ||
11:05 15mTalk | Crafty: Efficient, HTM-Compatible Persistent Transactions SIGPLAN Papers Kaan Genç Ohio State University, USA, Michael D. Bond Ohio State University, USA, Guoqing Harry Xu University of California at Los Angeles | ||
11:20 15mTalk | SCAF: A Speculation-Aware Collaborative Dependence Analysis Framework SIGPLAN Papers Sotiris Apostolakis Google, Ziyang Xu Princeton University, Zujun Tan Princeton University, USA, Greg Chan Princeton University, USA, Simone Campanoni Northwestern University, USA, David I. August Princeton University DOI Pre-print | ||
11:35 15mTalk | Towards a Verified Range Analysis for JavaScript JITs SIGPLAN Papers Fraser Brown Stanford University, USA, John Renner University of California at San Diego, USA, Andres Nötzli Stanford University, USA, Sorin Lerner University of California at San Diego, Hovav Shacham University of Texas at Austin, Deian Stefan University of California at San Diego, USA Link to publication DOI | ||
11:50 20mLive Q&A | Discussion, Questions and Answers SIGPLAN Papers | ||