ReSIL: Revivifying function signature inference using deep learning with domain-specific knowledge
Function signature recovery is important for binary analysis and security enhancement, such as bug finding and control-flow integrity enforcement. However, binary executables typically have crucial information vital for function signature recovery stripped off during compilation. To make things wors...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2022
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/7355 https://ink.library.smu.edu.sg/context/sis_research/article/8358/viewcontent/codaspy_22.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-8358 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-83582022-10-06T02:29:10Z ReSIL: Revivifying function signature inference using deep learning with domain-specific knowledge LIN, Yan GAO, Debin LO, David Function signature recovery is important for binary analysis and security enhancement, such as bug finding and control-flow integrity enforcement. However, binary executables typically have crucial information vital for function signature recovery stripped off during compilation. To make things worse, recent studies show that many compiler optimization strategies further complicate the recovery of function signatures with intended violations to function calling conventions.In this paper, we first perform a systematic study to quantify the extent to which compiler optimizations (negatively) impact the accuracy of existing deep learning techniques for function signature recovery. Our experiments show that a state-of-the-art deep learning technique has its accuracy dropped from 98.7% to 87.7% when training and testing optimized binaries. We further identify specific weaknesses in existing approaches and propose an enhanced deep learning approach named \sysname (\underlineRe vivifying Function \underlineS ignature \underlineI nference using Deep \underlineL earning) to incorporate compiler-optimization-specific domain knowledge into the learning process. Our experimental results show that \sysname significantly improves the accuracy and F1 score in inferring function signatures, e.g., with accuracy in inferring the number of arguments for callees compiled with optimization flag O1 from 84.8% to 92.67%. We also demonstrate security implications of \sysname in Control-Flow Integrity enforcement in stopping potential Counterfeit Object-Oriented Programming (COOP) attacks. 2022-04-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7355 info:doi/10.1145/3508398.3511502 https://ink.library.smu.edu.sg/context/sis_research/article/8358/viewcontent/codaspy_22.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Function Signature Recurrent Neural Network Compiler Optimization Information Security OS and Networks |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Function Signature Recurrent Neural Network Compiler Optimization Information Security OS and Networks |
| spellingShingle |
Function Signature Recurrent Neural Network Compiler Optimization Information Security OS and Networks LIN, Yan GAO, Debin LO, David ReSIL: Revivifying function signature inference using deep learning with domain-specific knowledge |
| description |
Function signature recovery is important for binary analysis and security enhancement, such as bug finding and control-flow integrity enforcement. However, binary executables typically have crucial information vital for function signature recovery stripped off during compilation. To make things worse, recent studies show that many compiler optimization strategies further complicate the recovery of function signatures with intended violations to function calling conventions.In this paper, we first perform a systematic study to quantify the extent to which compiler optimizations (negatively) impact the accuracy of existing deep learning techniques for function signature recovery. Our experiments show that a state-of-the-art deep learning technique has its accuracy dropped from 98.7% to 87.7% when training and testing optimized binaries. We further identify specific weaknesses in existing approaches and propose an enhanced deep learning approach named \sysname (\underlineRe vivifying Function \underlineS ignature \underlineI nference using Deep \underlineL earning) to incorporate compiler-optimization-specific domain knowledge into the learning process. Our experimental results show that \sysname significantly improves the accuracy and F1 score in inferring function signatures, e.g., with accuracy in inferring the number of arguments for callees compiled with optimization flag O1 from 84.8% to 92.67%. We also demonstrate security implications of \sysname in Control-Flow Integrity enforcement in stopping potential Counterfeit Object-Oriented Programming (COOP) attacks. |
| format |
text |
| author |
LIN, Yan GAO, Debin LO, David |
| author_facet |
LIN, Yan GAO, Debin LO, David |
| author_sort |
LIN, Yan |
| title |
ReSIL: Revivifying function signature inference using deep learning with domain-specific knowledge |
| title_short |
ReSIL: Revivifying function signature inference using deep learning with domain-specific knowledge |
| title_full |
ReSIL: Revivifying function signature inference using deep learning with domain-specific knowledge |
| title_fullStr |
ReSIL: Revivifying function signature inference using deep learning with domain-specific knowledge |
| title_full_unstemmed |
ReSIL: Revivifying function signature inference using deep learning with domain-specific knowledge |
| title_sort |
resil: revivifying function signature inference using deep learning with domain-specific knowledge |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2022 |
| url |
https://ink.library.smu.edu.sg/sis_research/7355 https://ink.library.smu.edu.sg/context/sis_research/article/8358/viewcontent/codaspy_22.pdf |
| _version_ |
1770576318374608896 |