Publication Type
Conference Proceeding Article
Publication Date
5-2021
Abstract
Matching indirect function callees and callers using function signatures recovered from binary executables (number of arguments and argument types) has been proposed to construct a more fine-grained control-flow graph (CFG) to help control-flow integrity (CFI) enforcement. However, various compiler optimizations may violate calling conventions and result in unmatched function signatures. In this paper, we present eight scenarios in which compiler optimizations impact function signature recovery, and report experimental results with 1,344 real-world applications of various optimization levels. Most interestingly, our experiments show that compiler optimizations have both positive and negative impacts on function signature recovery, e.g., its elimination of redundant instructions at callers makes counting of the number of arguments more accurate, while it hurts argument type matching as the compiler chooses the most efficient (but potentially different) types at callees and callers. To better deal with these compiler optimizations, we propose a set of improved policies and report our more accurate CFG models constructed from the 1,344 applications. We additionally compare our results recovered from binary executables with those extracted from program source and reveal scenarios where compiler optimization makes the task of accurate function signature recovery undecidable.
Discipline
Information Security
Research Areas
Cybersecurity
Publication
Proceedings of the 42nd IEEE Symposium on Security and Privacy (S&P 2021), 24-27 May
First Page
36
Last Page
52
ISBN
978-172818934-5
Publisher
Institute of Electrical and Electronics Engineers Inc
City or Country
New Jersey, United States
Citation
LIN, Yan and GAO, Debin.
When function signature recovery meets compiler optimization. (2021). Proceedings of the 42nd IEEE Symposium on Security and Privacy (S&P 2021), 24-27 May. 36-52.
Available at: https://ink.library.smu.edu.sg/sis_research/6568
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1109/SP40001.2021.00006