About | Contact Us | Register | Login
ProceedingsSeriesJournalsSearchEAI
sesa 22(30): 4

Research Article

Mitigating Vulnerabilities in Closed Source Software

Download1097 downloads
Cite
BibTeX Plain Text
  • @ARTICLE{10.4108/eetss.v8i30.253,
        author={Zhen Huang and Gang Tan and Xiaowei Yu},
        title={Mitigating Vulnerabilities in Closed Source Software},
        journal={EAI Endorsed Transactions on Security and Safety},
        volume={8},
        number={30},
        publisher={EAI},
        journal_a={SESA},
        year={2022},
        month={8},
        keywords={Software vulnerability, vulnerability mitigation, program analysis, binary rewriting},
        doi={10.4108/eetss.v8i30.253}
    }
    
  • Zhen Huang
    Gang Tan
    Xiaowei Yu
    Year: 2022
    Mitigating Vulnerabilities in Closed Source Software
    SESA
    EAI
    DOI: 10.4108/eetss.v8i30.253
Zhen Huang1,*, Gang Tan2, Xiaowei Yu1
  • 1: DePaul University
  • 2: Pennsylvania State University
*Contact email: zhen.huang@depaul.edu

Abstract

Many techniques have been proposed to harden programs with protection mechanisms to defend against vulnerability exploits. Unfortunately the vast majority of them cannot be applied to closed source software because they require access to program source code. This paper presents our work on automatically hardening binary code with security workarounds, a protection mechanism that prevents vulnerabilities from being triggered by disabling vulnerable code. By working solely with binary code, our approach is applicable to closed source software. To automatically synthesize security workarounds, we develop binary program analysis techniques to identify existing error handling code in binary code, synthesize security workarounds in the form of binary code, and instrument security workarounds into binary programs. We designed and implemented a prototype or our approach for Windows and Linux binary programs. Our evaluation shows that our approach can apply security workarounds to an average of 69.3% of program code and the security workarounds successfully prevents exploits to trigger real-world vulnerabilities.

Keywords
Software vulnerability, vulnerability mitigation, program analysis, binary rewriting
Received
2022-04-02
Accepted
2022-07-28
Published
2022-08-04
Publisher
EAI
http://dx.doi.org/10.4108/eetss.v8i30.253

Copyright © 2022 Zhen Huang et al., licensed to EAI. This is an open access article distributed under the terms of the Creative Commons Attribution license, which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.

EBSCOProQuestDBLPDOAJPortico
EAI Logo

About EAI

  • Who We Are
  • Leadership
  • Research Areas
  • Partners
  • Media Center

Community

  • Membership
  • Conference
  • Recognition
  • Sponsor Us

Publish with EAI

  • Publishing
  • Journals
  • Proceedings
  • Books
  • EUDL