FEAST 2017

Workshop Program


  • Friday, November 03, 2017

  • 7:30am - 9:00am Registration desk open

  • 8:00am - 9:00am Breakfast

  • 9:00am - 10:00am Opening Session and Keynote

  • Opening Session

    Taesoo Kim (Georgia Tech) and Dinghao Wu (Penn State University)

  • Keynote: ALLVM: Enabling Sophisticated Late-Stage Program Analysis and Transformation Across the System Stack

    Vikram Sadanand Adve (Interim Head and Professor of Computer Science, University of Illinois at Urbana-Champaign)

    Abstract: The traditional compiler approach of shipping native machine code to end-users is inflexible: it is unable to account for increasingly sophisticated software practices (predefined software containers, dynamically loaded libraries, and install-time and run-time software extensions) or increasing performance disparaties in hardware architectures (due to diverse cache hierarchies, vector instruction sets, and heterogeneous parallel systems). We are developing a system called ALLVM (http://allvm.org) in which all native software components are represented and shipped in the LLVM virtual instruction set, including all applications, static and dynamic libraries, and optionally the entire operating system as well. The key technical advantage of ALLVM is that it enables sophisticated "late-stage" compilation techniques for all software components and across all traditional boundaries between components. The broad goal of the ALLVM project is to explore the potential benefits of this capability for performance, software complexity reduction, failure diagnosis, and software security. For example, we are able to achieve a large reduction in disk and memory footprint of application software by automatically eliminating redundant software components across applications. We also obtain significant additional reductions by using static analysis together with install-time configuration information.


    Bio: Vikram Adve is a Professor and Interim Head of Computer Science at the University of Illinois at Urbana-Champaign, where he has been on the faculty since 1999. Adve's research interests lie in developing and using compiler techniques to improve the performance, reliability and security of computer systems. In the ALLVM project, Adve is exploring how to make systems faster, more reliable and easier to program by applying rich compiler techniques across all layers of a computer system, both before and during execution. In the HPVM project, Adve is developing compiler techniques that can be used for improving programmability and performance of heterogeneous parallel systems. Previously, Adve and his PhD student, Chris Lattner, co-developed the LLVM Compiler Infrastructure, which enables novel and sophisticated compiler techniques for a wide range of languages. LLVM is widely used in industry today, ranging from smartphones (iOS and Android) to supercomputers (Cray) to large-scale Internet services (Google). Adve, Lattner and Evan Cheng received the ACM Software System Award in 2012 for co-developing LLVM. Adve's Ph.D. student Robert Bocchino received the ACM SIGPLAN Distinguished Dissertation Award and another, John Criswell, won an Honorable Mention for the ACM Doctoral Dissertation Award. Adve was named a Fellow of the ACM in 2014 and a University Scholar at the University of Illinois in 2015.


  • 10:00am - 10:30am Coffee Break

  • 10:30am - 12:00pm Technical Session 1 - Binary Rewriting and Transformation

    Session/Discussion Lead: Gang Tan (Penn State University)

    Room: Dallas Ballroom A3

  • Vertx: Automated Validation of Binary Transformations

    Denis Gopan (GrammaTech, Inc); Peter Ohmann (Xavier Univeristy); David Melski (GrammaTech, Inc)

    • Abstract:

      The paper describes Vertx, a tool for validating software binary transformations. Vertx enables software developers and system administrators to automatically check the correctness of software binary transformations such as security hardening and optimization. Transformation validation increases user trust in binary-transformation technology and allows binary transformations to be safely used in critical applications that have narrow margins of error.


  • Zipr++: Exceptional Binary Rewriting

    Jason Hiser (University of Virginia); Anh Nguyen-Tuong (University of Virginia); William Hawkins (University of Virginia); Matthew McGill (University of Virginia); Michele Co (University of Virginia); Jack W. Davidson (University of Virginia)

    • Abstract:

      Current software development methodologies and practices, while enabling the production of large complex software systems, can have a serious negative impact on software quality. These negative impacts include excessive and unnecessary software complexity, higher probability of software vulnerabilities, diminished execution performance in both time and space, and the inability to easily and rapidly deploy even minor updates to deployed software, to name a few. Consequently, there has been growing interest in the capability to do late-stage software (i.e., at the binary level) manipulation to address these negative impacts. Unfortunately, highly robust, late-stage manipulation of arbitrary binaries is difficult due to complex implementation techniques and the corresponding software structures. Indeed, many binary rewriters have limitations that constrain their use. For example, to the best of our knowledge, no binary rewriters handle applications that include and use exception handlers--a feature used in programming languages such as C++, Ada, Common Lisp, ML, to name a few. This paper describes how Zipr, an efficient binary rewriter, manipulates applications with exception handlers and tables which are required for unwinding the stack. While the technique should be applicable to other binary rewriters, it is particularly useful for Zipr because the recovery of the IR exposed in exception handling tables significantly improves the runtime performance of Zipr'ed binaries---average performance overhead on the full SPEC CPU2006 benchmark is reduced from 15% to 3%.


  • RL-Bin, Robust Low-overhead Binary Rewriter

    Amir Majlesi-Kupaei (University of Maryland); Danny Kim (University of Maryland); Kapil Anand (SecondWrite LLC); Khaled ElWazeer (SecondWrite LLC); Rajeev Barua (University of Maryland)

    • Abstract:

      Binary rewriters are used to ensure security properties or optimize and reduce runtime of existing binary applications. Existing binary rewriters are either static or dynamic, and both have severe shortcomings. Existing static rewriters have low overhead, but cannot rewrite correctly for all binaries. Existing dynamic rewriters are robust, but have high overhead -- for example, for a subset of SPEC'06 benchmarks we measured, their overhead is 1.59X for PIN and 1.32X for DynamoRIO. Because of this high overhead, they are limited to off line testing, and cannot be used in deployment. We have built the first binary rewriter called RL-Bin which can rewrite all binaries correctly, but has low overhead (averaging 1.09X for our programs.) This makes it practical for continuous use in deployed software for the first time. This paper represents an early snapshot of on-going research, and we hope to bring this overhead down even further in the future. We have also shown how RL-Bin can be used to enforce CFI, a security mechanism.


  • DAMGate: Dynamic Adaptive Multi-feature Gating in Program Binaries

    Yurong Chen (George Washington University); Tian Lan (George Washington University); Guru V. Venkataramani (George Washington University)

    • Abstract:

      Feature creep has emerged as a serious threat due to the growing number of utilities and capabilities crammed into modern software systems. While feature elimination and de-bloating techniques can produce slimmer executables, a complete elimination of all unnecessary or unwanted features is often not possible, not only due to the tight coupling of feature-related functions/codes, but also because the usefulness/necessity of program features is often difficult to determine statically and can vary during runtime. This paper presents DamGate, a framework for dynamic feature customization, allowing vigilant management of program features at runtime to prevent violation of privacy and security policies. At the heart of this technique is the selective placement of checker functions(known as gates) into feature-constituent functions that need to be protected. Through execution gating and feature validation on the fly, DamGate provides differentiated control policy for program features and enables flexible runtime reconfiguration. The proposed framework is prototyped and evaluated using LibreOffice, a large-scale office suit. The evaluation results show that it can achieve desired feature customization with negligible gating overhead.


  • 12:00pm - 1:30pm Lunch

  • 01:30pm - 03:00pm Technical Session 2 - CPS, Mobile, and Intel SGX

    Session/Discussion Lead: Dongyan Xu (Purdue)

    Room: Dallas Ballroom A3

  • ReDroid: Prioritizing Data Flows and Sinks for App Security Transformation

    Ke Tian (Virginia Tech); Gang Tan (Penn State University); Danfeng Yao (Virginia Tech); Barbara G. Ryder (Virginia Tech)

    • Abstract:

      Security transformation is to transfer applications to meet security guarantees. How to prioritize Android apps and find suitable transformation options is a challenging problem. Typical real-world apps have a large number of sensitive flows and sinks. Thus, security analysts need to prioritize these flows and data sinks according to their risks, i.e., flow ranking and sink ranking. We present an efficient graph-algorithm based risk metric for prioritizing risky flows and sinks in Android grayware apps. Our risk prioritization produces orderings that are highly consistent with published security reports. We demonstrate a new automatic app transformation framework that utilizes the above prioritization technique to improve app security. The framework provides more rewriting options than the state-of-art solutions by supporting flow- and sink-based security checks. Our prototype ReDroid is designed for security analysts who manage organizational app repositories and customize third-party apps to satisfy organization imposed security requirements. Our framework enables application transformation for both benchmark apps and real-world grayware to strengthen their security guarantees.


  • Binary Code Retrofitting and Hardening Using SGX

    Shuai Wang (The Pennsylvania State University); Wenhao Wang (Indiana University at Bloomington); Qinkun Bao (The Pennsylvania State University); Pei Wang (The Pennsylvania State University); XiaoFeng Wang (Indiana University at Bloomington); Dinghao Wu (The Pennsylvania State University)

    • Abstract:

      Trusted Execution Environment (TEE) is proposed to deliver a safe execution environment for software systems. Intel Software Guard Extensions (SGX) provides an isolated memory region (i.e., SGX enclave) to protect code and data from potential adversaries from the untrusted environments. While existing research has proposed techniques to execute entire application executable inside enclave instances by providing rich sets of OS facilities, one notable limitation of these techniques is the unavoidably large size of Trusted Computing Base (TCB). In this work, we describe techniques that provide practical and efficient protection of security sensitive code components in legacy binary applications. Our technique dissects input binaries into multiple components which would be further relocated into SGX enclave instances. We also perform deliberately-designed binary edit techniques to retrofit the input binary code with trampoline code to redirect the program control flow and preserve the original application functionalities. Our tentative evaluation on hardening AES decryption procedures demonstrates the practicability and efficiency of the proposed technique.


  • CPS Runtime Architecture and Automated Transformation of Applications

    Lui Sha (UIUC)

    • Abstract:

      National Academy of Science’s study on dependable software systems concluded that simplicity is the key. Reducing the complexity of software has been investigated by the FEAST community on automated transformation of application software and by the CPS runtime community on the development of runtime architectures that simply the development of applications. This creates the need of collaboration between these two communities. The goal of this review paper is to bring this need to the attention of FEAST community.


  • 02:30pm - 03:00pm Short Presentations and discussion

  • Security Analysis of Next-generation CV-based Transportation Systems

    Qi Alfred Chen (University of Michigan)

    • Abstract:

      With the recent development of connected vehicle (CV) technology across the world, vehicles and infrastructure will be connected through wireless communications. While having demonstrated the potential to greatly improve safety, mobility, and sustainability, such dramatically increased connectivity also opens a new door for cyber attacks. To ensure the security of vehicles and transportation infrastructure and, more seriously, the safety of drivers and pedestrians, it is highly important to understand the potential security challenges so that they can be proactively addressed before the actual deployment. In this work, we perform the first security analysis of transportation infrastructure systems in a CV environment. As a first step, we target the DoT sponsored design and implementation of a CV application called Intelligent Traffic Signal System (I-SIG), which is responsible for one of the most basic transportation function, traffic signal control. Targeting a realistic threat, falsified data, we perform security analysis with three categories of attack goals: traffic congestion, personal gain, and safety attack. To understand the practical implications, the identified attacks are implemented and evaluated on a real-world map with both synthetic and real-world traffic traces. Based on the results, we plan to propose a set of remediation strategies and future system design principles. Relevance to the FEAST workshop attendants: The vulnerability discovery and analysis of CV applications may facilitate interesting discussions of how to leverage software transformation techniques to systematically improve the security and efficiency in the transportation environment, which is both security and safety critical.


  • Modular, Interface-driven, Binary Software Hardening

    Kevin Hamlen (The University of Texas at Dallas)

    • Abstract:

      Modern binary software products consist of many interoperating modules with diverse provenance and trustworthiness. In many software ecosystems, it is common for one or more trustworthy modules to have strong security hardening already applied, but with strategies that are incompatible or inconsistent with one another. For example, two modules may have been hardened with different control-flow integrity enforcement algorithms. This talk will discuss our recent efforts to realize modular software hardening algorithms that retain, leverage, and harmonize these existing protections to enforce whole-product security policies through a modular, interface-driven approach to binary software security retrofitting.


  • Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics

    Zhiqiang Lin (The University of Texas at Dallas)

    • Abstract:

      Static binary rewriting is a core technology for many systems and security applications such as profiling, optimization, and software fault isolation. While many static binary rewriters have been developed over the past few decades, they all tend to make various assumptions about the binary such as requiring correct disassembly, cooperation from compilers, or access to debugging symbols or relocation entries. In this short talk, Dr. Lin will briefly introduce BinForce, a new binary rewriter that is able to rewrite x86 binaries without these assumptions. In particular, he will talk about the high level idea of BinForce, how it is designed and implemented, and also some preliminary experimental result.


  • Proving Properties of Binaries

    Jack Davidson (University of Virginia)

    • Abstract:



  • 03:00pm - 03:30pm Coffee Break

  • 03:30pm - 05:00pm Technical Session 3 - Software and Protocol Debloating

    Session/Discussion Lead: Harry Xu (UC Irvine)

    Room: Dallas Ballroom A3

  • New Directions for Container Debloating (Special Talk!)

    Vaibhav Rastogi (University of Wisconsin-Madison); Chaitra Niddodi (University of Illinois Urbana-Champaign); Sibin Mohan (University of Illinois Urbana-Champaign); Somesh Jha (University of Wisconsin-Madison)

    • Abstract:

      Application containers, such as Docker containers, are light-weight virtualization environments that ``contain'' applications together with their resources and configuration information. While they are becoming increasingly popular as a method for agile software deployment, current techniques for preparing containers add unnecessary bloat into them: they often include unneeded files that increase the container size by several orders of magnitude. This not only leads to storage and network transfer issues but also security concerns. The problem is well-recognized but available solutions are mostly ad-hoc and not largely deployed. Our previous work, Cimplifier, on debloating containers uses dynamic analysis to identify the resources necessary to a container and then debloat it. However, the dynamic analysis uses model executions or test runs, which if incomplete, may not allow detection of all the necessary resources. Therefore, it is important to explore other directions towards container debloating. In this paper, we discuss two of them: a new intermediate representation for debloating allowing incorporation of multiple techniques, such as dynamic analysis and static analysis, for debloating; and test case augmentation for dynamic analysis.


  • An Initial Investigation of Protocol Customization

    David Ke Hong (University of Michigan); Qi Alfred Chen (University of Michigan); Z. Morley Mao (University of Michigan)

    • Abstract:

      Attacks exploiting design or implementation flaw of particular feature in popular protocols are becoming prevalent and have led to severe security impacts on a majority of software systems. Protocol customization as a general approach to specialize a standard protocol holds significant promise in reducing such attack surfaces in common protocols. In this work, we perform an initial investigation of applying protocol customization practices to reduce the attack surface of standard protocols. Our characterization study on 20 high-profile common vulnerability exposures (CVEs) published in recent years indicates that some forms of customization have been supported in existing protocol softwares, but were implemented with huge human effort and in an ad-hoc manner. More systematic and automated ways of protocol customization are awaited to generalize common customization practices across protocols. To work towards this goal, we identify key research challenges for the support of systematic and sufficiently automated protocol customization through real-world case study on popular protocol softwares, and propose an access control framework as a principled solution to unify existing protocol customization practices. We also present a preliminary design of a protocol customization system based on this design principle. Preliminary evaluation results demonstrate that our proposed system supports common customization practices for a majority of real-world protocol vulnerabilities in a systematic way.


  • A Multi-OS Cross-Layer Study of Bloating in User Programs, Kernel and Managed Execution Environments

    Anh Quach (Binghamton University); Rukayat Erinfolami (Binghamton University); David Demicco (Binghamton University); Aravind Prakash (Binghamton University)

    • Abstract:

      We present a study of bloating across the software stack. We study user-level programs, OS kernels and Java virtual machine. We employ: (1) static measurements to detect limits to debloating, and (2) dynamic measurments to detect how much of the code available to a program is utilized under typical payloads. We incorporate an ultra-light weight tracing procedure in a whole-system emulator to measure the bloat in kernel. Specifically, we measure the amount of kernel code that executes during the boot process. Our findings show that programs are generally bloated. A significant fraction of code across the software stack is never executed and provides scope for debloating.