David Williams-King is finishing his PhD in binary security at Columbia University. He is now involved in the NYC-based startup Elpha Secure. David learned to be a hacker in a solar-powered home with limited electricity and Internet - his interests and also his environment itself all require constant ingenuity. David enjoys teaching, building computers, traveling (under normal circumstances), and writing code by voice (see The Eleventh HOPE).
Defend Your Own System Through Binary Recompilation
Software distributors typically provide software in binary form to end users, yet many DevOps activities from performance profiling to security hardening are difficult to perform without access to source code. Furthermore, significant defenses such as the recent Spectre mitigations often require compiler-level changes. Even for open source systems, it takes time to rebuild projects from source and incorporate a modified compiler.
One simple way to transform a binary is to emulate or virtualize its execution environment. Existing tools (DynamoRIO, Pin, Valgrind) that perform such dynamic binary translation will be introduced. These tools work on nearly any binary and can be extremely useful, although they necessarily introduce some overhead. Other than virtualization, another popular technique is binary rewriting, which is useful for introducing small changes (especially patches), but requires quite a thorough understanding of the binary at hand.
The main part of the talk will introduce a new tool called Egalito, which works differently than existing tools. In the past, binary analysis has been seen as intractable: it quite easily reduces to the halting problem. However, modern binaries have substantial metadata embedded in them. In particular, most Linux distributions (Debian, Ubuntu, Fedora, openSUSE, Arch, etc.) have moved to position-independent executables by default. Egalito shows that such binaries can be completely and precisely analyzed, with all cross-references resolved; after which, user modifications can be introduced; after which, a new binary can be created with no constraints from the original binary. This process is called binary recompilation: it introduces no overhead from virtualization or trampoline jumps.
The goal is to allow Linux power users to transform any binary on their system at a moment's notice, and to improve performance or security. This talk will convince developers and users that binary transformation is a useful tool for any developer's toolbox.