Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (7): 50-57.doi: 10.11896/jsjkx.240700026

• Computer Software • Previous Articles     Next Articles

Dynamic Library Debloating Enhanced System Call Restriction of Programs

ZHANG Linmao1,2, SUN Cong1, RAO Xue1   

  1. 1 School of Cyber Engineering, Xidian University, Xi'an 710071, China
    2 Huawei Technologies Co.,Ltd., Xi'an 710100, China
  • Received:2024-07-04 Revised:2024-10-15 Published:2025-07-17
  • About author:ZHANG Linmao,born in 1998,master.His main research interest is software security.
    SUN Cong,born in 1982,Ph.D,professor,is a member of CCF(No.28286M).His main research interests include software security,program analysis,and high-confidence software.
  • Supported by:
    National Natural Science Foundation of China(62272366) and Key Research and Development Program of Shaanxi(2023-YBGY-371).

PDF (PC)

24

Abstract: The development and execution of applications rely extensively on dynamic libraries.Dynamic libraries have the cha-racteristics of commonly used by multiple programs,thus contain a number of library functions that are far more than the functions required by the specific application.The application uses only a few library functions.However,the library is completely loaded at run time.Loading redundant library code makes a broader attack surface towards the program.The application-specific debloating of the dynamic library helps reduce the attack surface.Meanwhile,state-of-the-art system-call restriction frameworks have yet to consider the extra restriction space of the system calls brought by dynamic library debloating.These frameworks can not realize the strict restriction on the system calls of the specific application.This paper proposes a dynamic-library-debloating enhanced system-call restriction framework based on intermediate representation. Binary debloating of applications is used to reduce the impact of redundant code on dynamic library debloating and system call restrictions.An improved pointer analysis has been implemented on the intermediate representation of the dynamic library,which obtains the application-specific library function call graph. Then,the redundant library functions are trimmed to generate the debloated dynamic library.On the intermediate representation of the dynamic library,the system calls corresponding to the preserved functions are extracted to determine the allowed set of system calls.Based on the allowed system-call set, a binary rewriting is developed on the debloated binary application to filter out system calls outside the allowed system-call set. The experimental results demonstrate that the proposed framework has higher debloating degrees of library functions and more strict system-call restriction ability than the state-of-the-art framework,and the pointer analysis has higher accuracy than SVF.In typical applications,the proposed approach can reduce the attack surface of code-reuse attacks and avoid typical known vulnerabilities.

Key words: Program library, Program debloating, Pointer analysis, System call, Program analysis

CLC Number: 

  • TP309
[1]FLYNN C.PyPI Stats[EB/OL].[2024-07-01].https://pypistats.org/packages/all.
[2]Packagist statistics[EB/OL].(2012-04-13)[2024-07-01].https://packagist.org/statistics.
[3]QUACH A,ERINFOLAMI R,DEMICCO D,et al.A Multi-OS Cross-Layer Study of Bloating in User Programs,Kernel and Managed Execution Environments[C]//Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation.ACM,2017:65-70.
[4]AGADAKOS I,DEMARINIS N,JIN D,et al.Large-Scale Debloating of Binary Shared Libraries[J].Digital Threats:Research and Practice,2020,1(4):1-28.
[5]AGADAKOS I,JIN D,WILLIAMS-KING D,et al.Nibbler:Debloating Binary Shared Libraries[C]//Proceedings of the 35th Annual Computer Security Applications Conference.ACM,2019:70-83.
[6]ZHANG H,REN M,LEI Y,et al.One Size Does Not Fit All:Security Hardening of MIPS Embedded Systems via Static Binary Debloating for Shared Libraries[C]//Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems.ACM,2022:255-270.
[7]QIAN C,HU H,ALHARTHI M,et al.RAZOR:A Framework for Post-Deployment Software Debloating[C]//Proceedings of the 28th USENIX Security Symposium.USENIX Association,2019:1733-1750.
[8]DING D,SUN C,ZHENG T.Robust Binary Program Debloating[J].Computer Science,2024,51(10):208-217.
[9]GHAVAMNIA S,PALIT T,BENAMEUR A,et al.Confine:Automated System Call Policy Generation for Container Attack Surface Reduction[C]//Proceedings of the 23rd International Symposium on Research in Attacks,Intrusions and Defenses.USENIX Association,2020:443-458.
[10]GHAVAMNIA S,PALIT T,MISHRA S,et al.Temporal System Call Specialization for Attack Surface Reduction[C]//Proceedings of the 29th USENIX Security Symposium.USENIX Association,2020:1749-1766.
[11]DEMARINIS N,WILLIAMS-KING K,JIN D,et al.Sysfilter:Automated System Call Filtering for Commodity Software[C]//Proceedings of the 23rd International Symposium on Research in Attacks,Intrusions and Defenses.USENIX Association,2020:459-474.
[12]Seccomp BPF(SECure COMPuting with filters)[EB/OL].[2024-07-01].https://www.kernel.org/doc/html/v4.16/userspace-api/seccomp_filter.html.
[13]QUACH A,PRAKASH A,YAN L.Debloating Softwarethrough Piece-Wise Compilation and Loading[C]//Proceedings of the 27th USENIXSecurity Symposium.USENIX Association,2018:869-886.
[14]PORTER C,MURURU G,BARUA P,et al.Blankit Library Debloating:Getting What You Want instead of Cutting What You don't[C]//Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation.ACM,2020:164-180.
[15]WILLIAMS-KING D,KOBAYASHI H,WILLIAMS-KING K,et al.Egalito:Layout-Agnostic Binary Recompilation[C]//Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems.ACM,2020:133-147.
[16]SHOSHITAISHVILI Y,WANG R,SALLS C,et al.Sok:(State of) the Art of War:Offensive Techniques in Binary Analysis[C]//Proceedings of 2016 IEEE symposium on security and privacy.IEEE,2016:138-157.
[17]RAJAGOPALAN V L,KLEFTOGIORGOS K,GOKTAS E,et al.SysPart:Automated Temporal System Call Filtering for Binaries[C]//Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security.ACM,2023:1979-1993.
[18]GAIDIS A J,ATLIDAKIS V,KEMERLIS V P.SysXCHG:Refining Privilege with Adaptive System Call Filters[C]//Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security.ACM,2023:1964-1978.
[19]SUI Y L,XUE J L.SVF:Interprocedural Static Value-Flow Analysis in LLVM[C]//Proceedings of the 25th International Conference on Compiler Construction.ACM,2016:265-266.
[20]SUI Y,YE D,XUE J.Detecting Memory Leaks Statically with Full-Sparse Value-Flow Analysis[J].IEEE Transaction on Software Engineering,2014,40(2):107-122.
[21]LU K,HU H.Where Does It Go?:Refining Indirect-Call Targets with Multi-Layer Type Analysis[C]//Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security.ACM,2019:1867-1881.
[22]Seccomp Tools[EB/OL].[2024-07-01].https://github.com/david942j/seccomp-tools.
[23]pwntools-CTF toolkit[EB/OL].[2024-07-01].https://github.com/Gallopsled/pwntools.
[24]Musl Libc[EB/OL].[2024-07-01].https://www.musl-libc.org.
[25]SHACHAM H.The Geometry of Innocent Flesh on the Bone:Return-into-Libc without Function Calls(on the X86)[C]//Proceedings of the 2007 ACM Conference on Computer and Communications Security.ACM,2007:552-561.
[26]SIDIKE PA-ERHATIJIANG,MA J,SUN C.Fine-Grained Control Flow Integrity Method on Binaries[J].Computer Science,2019,46(S2):417-420.
[1] FAN Yi, HU Tao, YI Peng. Host Anomaly Detection Framework Based on Multifaceted Information Fusion of SemanticFeatures for System Calls [J]. Computer Science, 2024, 51(7): 380-388.
[2] DING Duo, SUN Cong, ZHENG Tao. Robust Binary Program Debloating [J]. Computer Science, 2024, 51(10): 208-217.
[3] FAN Yi, HU Tao, YI Peng. System Call Host Intrusion Detection Technology Based on Generative Adversarial Network [J]. Computer Science, 2024, 51(10): 408-415.
[4] JIN Tiancheng, DOU Liang, ZHANG Wei, XIAO Chunyun, LIU Feng, ZHOU Aimin. OJ Exercise Recommendation Model Based on Deep Reinforcement Learning and Program Analysis [J]. Computer Science, 2023, 50(8): 58-67.
[5] SHUAI Dongxin, GE Lili, XIE Jinyan, ZHANG Yingzhou, XUE Yuchuan, YANG Jiayi, MI Jie, LU Yue. Survey of Interprocedural Flow-sensitive Pointer Analysis Technology [J]. Computer Science, 2023, 50(12): 1-13.
[6] JIANG Cheng-man, HUA Bao-jian, FAN Qi-liang, ZHU Hong-jun, XU Bo, PAN Zhi-zhong. Empirical Security Study of Native Code in Python Virtual Machines [J]. Computer Science, 2022, 49(6A): 474-479.
[7] WEI Hui, CHEN Ze-mao, ZHANG Li-qiang. Anomaly Detection Framework of System Call Trace Based on Sequence and Frequency Patterns [J]. Computer Science, 2022, 49(6): 350-355.
[8] LI Hao, ZHONG Sheng, KANG Yan, LI Tao, ZHANG Ya-chuan, BU Rong-jing. API Recommendation Model with Fusion Domain Knowledge [J]. Computer Science, 2020, 47(11A): 544-548.
[9] YIN Zhong-xu, ZHANG Lian-cheng. SQL Injection Intrusion Avoidance Scheme Based on Automatic Insertion of Dataflow-relevant Filters [J]. Computer Science, 2019, 46(1): 201-205.
[10] DONG Jia-xing and XU Chang. Efficient Clone Detection Technique for Functionally Similar Programs [J]. Computer Science, 2017, 44(4): 12-15.
[11] LIU Yan-na, CHEN Li and TANG Sheng-lin. Error Checking Tool for DAG-based Task Parallel Programs [J]. Computer Science, 2017, 44(3): 38-41.
[12] ZHANG Chi, HUANG Zhiqiu and DING Zewen. Research on Static Analysis Formalism Supporting Abstract Interpretation [J]. Computer Science, 2017, 44(12): 126-130.
[13] ZHANG Yang, ZHANG Dong-wen and QIU Jing. Automated Refactoring Framework for Java Locks [J]. Computer Science, 2015, 42(11): 84-89.
[14] ZHANG Hai-bo, AN Hong, HE Song-tao, SUN Tao, WANG Tao, PENG Yi and CHENG Yi-chao. Program Phase Analysis and Phase Detection Techniques [J]. Computer Science, 2015, 42(1): 71-74.
[15] HUANG Cong-hui,CHEN Jing,GONG Shui-qing and CHEN Ming-hua. Research of Method for Virtualizing 64-bit Windows Application Binary Interface [J]. Computer Science, 2014, 41(1): 39-42.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.