Retrofitting Security in COTS Software With Binary Rewriting
The authors present a practical tool for inserting security features against low-level software attacks into third-party, proprietary or otherwise binary-only software. They are motivated by the inability of software users to select and use low-overhead protection schemes when source code is unavailable to them, by the lack of information as to what (if any) security mechanisms software producers have used in their toolchains, and the high overhead and inaccuracy of solutions that treat software as a black box. The approach is based on SecondWrite, an advanced binary rewriter that operates without need for debugging information or other assist. Using SecondWrite, the authors insert a variety of defenses into program binaries.