The existence of pre-patch windows allows adversaries to exploit vulnerabilities before they are patched. Prior work has proposed to harden programs with security workarounds to enable users to mitigate vulnerabilities before a patch is available. However, it requires access to the source code of the programs. We propose RVM, an approach to automatically hardening binary code with security workarounds. RVM statically analyzes binary code of programs to identify error-handling code in the programs, in order to synthesize security workarounds. We designed and implemented a prototype of RVM for Windows and Linux binaries. We evaluate the coverage and performance of RVM on binaries of popular Windows and Linux applications containing real-world vulnerabilities.
-
Source CodeThe source code of RVM is available at gitlab.
-
Publicationand G. Tan. Rapidly Mitigating Vulnerabilities with Security Workarounds. To appear in the proceedings of the 2nd NDSS Workshop on Binary Analysis Research (BAR). February 2019.