Networking and Cybersecurity

BINARY PROGRAM ANALYSIS, VULNERABILITY DISCOVERY AND REVERSE ENGINEERING

Is Your Software Secure?

Binary program analysis is the process of analyzing software programs in their binary form—also called "executable" (such as .exe files on the Microsoft Windows platform). This process is useful in the context of reverse engineering to search for vulnerabilities in software that is released without source-code, and to assess the security of software products.

The Networking and Cybersecurity Division has been working on developing new approaches in this domain through several projects in collaboration with U.S. and international academic partners.

In a project entitled "A binary analysis approach to retrofit security input parsing routines," we have been working on a new approach for automatically detecting software vulnerabilities at a large-scale, and to directly patch those within the binary (executable) program. During this work, we have discovered multiple zero-day vulnerabilities in real-world software used in production environments, which has, so far, led to a new report in the Common Vulnerability and Exposures (CVE) database (CVE-2018-18311). We are still working on reporting additional vulnerabilities. The first phase of this project also led to a publication in the LangSec workshop, part of the 2018 IEEE Symposium on Security and Privacy. This project is a collaboration with Arizona State University.

As part of an international collaboration with researchers from the University of California Santa Barbara, Arizona State University, the University of Milan (Italy), CentraleSupélec and INRIA (France), we are focusing on an automated approach to assess the security of boot firmware images, such as those present in most modern intel platforms through the Unified Extended Firmware Interface (UEFI). Boot firmware has been the target of numerous attacks, giving the attacker control over the entire system while being undetected. Ensuring the boot firmware is tamper-free is therefore a critical step when deploying updates, or before integrating third-party components as part of the development stage. Our approach, entitled "Boot Keeper," leverages state-of-the-art binary program analysis techniques in order to verify a set of key security properties on such firmware images.