Refining Indirect Call Targets at the Binary Level

Sun Hyoung Kim, Cong Sun, Dongrui Zeng, Gang Tan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Scopus citations

Abstract

Enforcing fine-grained Control-Flow Integrity (CFI) is critical for increasing software security. However, for commercial off-the-shelf (COTS) binaries, constructing high-precision Control-Flow Graphs (CFGs) is challenging, because there is no source-level information, such as symbols and types, to assist in indirect-branch target inference. The lack of source-level information brings extra challenges to inferring targets for indirect calls compared to other kinds of indirect branches. Points-to analysis could be a promising solution for this problem, but there is no practical points-to analysis framework for inferring indirect call targets at the binary level. Value set analysis (VSA) is the state-of-the-art binary-level points-to analysis but does not scale to large programs. It is also highly conservative by design and thus leads to low-precision CFG construction. In this paper, we present a binary-level points-to analysis framework called BPA to construct sound and high-precision CFGs. It is a new way of performing points-to analysis at the binary level with the focus on resolving indirect call targets. BPA employs several major techniques, including assuming a block memory model and a memory access analysis for partitioning memory into blocks, to achieve a better balance between scalability and precision. In evaluation, we demonstrate that BPA achieves a 34.5% precision improvement rate over the current state-of-the-art technique without introducing false negatives.

Original languageEnglish (US)
Title of host publication28th Annual Network and Distributed System Security Symposium, NDSS 2021
PublisherThe Internet Society
ISBN (Electronic)1891562665, 9781891562662
DOIs
StatePublished - 2021
Event28th Annual Network and Distributed System Security Symposium, NDSS 2021 - Virtual, Online
Duration: Feb 21 2021Feb 25 2021

Publication series

Name28th Annual Network and Distributed System Security Symposium, NDSS 2021

Conference

Conference28th Annual Network and Distributed System Security Symposium, NDSS 2021
CityVirtual, Online
Period2/21/212/25/21

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Control and Systems Engineering
  • Safety, Risk, Reliability and Quality

Cite this