MINESTRONE: Testing the SOUP

Software development using type-unsafe languages (e.g., C and C++) is a challenging task for several reasons, security being one of the most important. Ensuring that a piece of code is bug or vulnerability free is one of the most critical aspects of software engineering. While most software development life cycle processes address security early on in the requirement analysis phase and refine it during testing, it is not always sufficient. Therefore the use of commercial security tools has been widely adopted by the software industry to help identify vulnerabilities, but they often have a high false-positive rate and have limited effectiveness. In this paper we present MINESTRONE, a novel architecture that integrates static analysis, dynamic confinement, and code diversification to identify, mitigate, and contain a broad class of software vulnerabilities in Software Of Uncertain Provenance (SOUP). MINESTRONE has been tested against an extensive test suite and showed promising results. MINESTRONE showed an improvement of 34.6% over the state-of-the art for memory corruption bugs that are commonly exploited.

[1]  Angelos D. Keromytis,et al.  Using Rescue Points to Navigate Software Recovery (Short Paper) , 2007 .

[2]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[3]  Angelos D. Keromytis,et al.  A Dynamic Mechanism for Recovering from Buffer Overflow Attacks , 2005, ISC.

[4]  Angelos D. Keromytis,et al.  Fast and practical instruction-set randomization for commodity systems , 2010, ACSAC '10.

[5]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[6]  Salvatore J. Stolfo,et al.  The MINESTRONE Architecture Combining Static and Dynamic Analysis Techniques for Software Security , 2011, 2011 First SysSec Workshop.

[7]  James R. Cordy,et al.  The TXL source transformation language , 2006, Sci. Comput. Program..

[8]  George Candea,et al.  Efficient state merging in symbolic execution , 2012, Software Engineering.

[9]  Xuezheng Liu,et al.  Usenix Association 8th Usenix Symposium on Operating Systems Design and Implementation R2: an Application-level Kernel for Record and Replay , 2022 .

[10]  Chris Lattner,et al.  LLVM: AN INFRASTRUCTURE FOR MULTI-STAGE OPTIMIZATION , 2000 .

[11]  Nicholas Nethercote,et al.  Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[12]  Angelos D. Keromytis,et al.  REASSURE: A Self-contained Mechanism for Healing Software Using Rescue Points , 2011, IWSEC.

[13]  Damien Doligez,et al.  A foundation for flow-based program matching: using temporal logic and model checking , 2009, POPL '09.

[14]  Rajiv Kapoor,et al.  Pinpointing Representative Portions of Large Intel® Itanium® Programs with Dynamic Instrumentation , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[15]  Angelos D. Keromytis,et al.  libdft: practical dynamic data flow tracking for commodity systems , 2012, VEE '12.

[16]  Yasushi Saito,et al.  Jockey: a user-space library for record-replay debugging , 2005, AADEBUG'05.