Stony Brook University Logo Department of Computer Science Stony Brook Search Button
Secure Systems Lab

SAFER

Soumyakant Priyadarshan, Huan Nguyen, and R. Sekar

See our USENIX paper for an overview of our approach.

Introduction

SAFER is a binary instrumentation tool designed to operate on stripped COTS binaries. The primary motivation behing developing SAFER is to deal with instrumentation errors such as incorrect disassembly and incorrect pointer classification while incurring a low performance overhead (~2%). SAFER does so by combining a novel pointer encoding scheme with runtime address translation. SAFER works well with executables as well as shared libraries and has been extensively tested against wide range of applications (1.1 GB of binary code) and low level libraries such as glibc and libpthread.so. Unlike recent works that heavily rely on relocation information and limit themselves only to position independent executables (PIEs), SAFER can instrument both modern PIE binaries as well as non-PIE binaries. The instrumentation technique employed by SBR has proven to work with binaries having data embedded in code.

Key features

  • Compatibility with COTS binaries: Today's software distribution model is centered around binaries. Even open source software is predominantly distributed in binary format for convenience. Source-based instrumentation techniques do not play well with this model: they not only require per-user recompilation, but also the distribution of distinct binaries and distinct patches for distinct users. Worse, some open-source software may rely on libraries or packages whose source code is not available. And of course, source-based randomization is not an option for closed-source applications.
  • Completeness: Security policies such as CFI and code randomization are secure only to the extent they are complete. If parts of an application are not instrumented, e.g., (some) libraries, then attackers can find and exploit gadgets from these components. Operating on binaries gives SAFER the ability to instrument all code, including hand written assembly and code portions inserted by compiler tool chain, e.g., initialization and clean up functions present in every executable. Such code portions are usually missed by source code based approaches.
  • Robustness: Ability to correctly instrument complex real world applications gives SAFER an edge over contemporary instrumentation tools. SAFER has been tested on low-level system libraries containing substantial hand-written assembly, such as the glibc and libpthread.so system libraries. Altogether, it has been tested on over 1.1 GB of binaries, including 572 of the most commonly used libraries on Ubuntu Linux. It has been successfully tested with these libraries, as well as the coreutils and SPEC benchmark suite and other complex applications such as gimp, gedit and evince.
  • Fail-crash: SAFER can tolerate most common disassembly errors and provides a fail-crash for other undetected errors. The fail-crash detects the error and runtime and halts the program immediately to prevent error propagaton. This helps in two ways: (i) It prevents unpredictable behavior and severe damage such as data loss and security failure. (ii) It helps identify program module that has error. The module can then be re-instrumented correctly with full address translation.
  • Performance: SAFER introduces a minimal overhead of 2% and hence is the perfect tool for real world deployment.
  • C++ exception compatibility: SAFER updates all exception handling and stack tracing related metadata so that the instrumented binaries maintain compatiblity without compromising on performance.
  • In built security features: SAFER comes pre-packaged with CFI, shadow stack and code randomization. User can choose to apply any of those security policies on instrumented binaries. Each of the policy will result in additional overhead on top of SAFER's 2% overhead.

    Download and Installation

    Shipped under GPLv3. The download is available in the form of a preconfigured Linux VM image in the open virtual architecture (ova) format.

    Acknowledgements

    This work was supported by an ONR grant N00014-17-1-2891 and in part by NSF grants 1918667 and 2153056.


Home Contact NSI Computer Science Stony Brook University

Copyright © 1999-2013 Secure Systems Laboratory, Stony Brook University. All rights reserved.