FEAST 2020

Workshop Program


  • Friday, November 13, 2020
    Virtual workshop via Gather (more info to follow)

  • 10:00am – 10:10am Welcome

  • 10:10am – 11:00am Keynote 1

    Session/Discussion Lead: TBD TBD)

  • Keynote: Information Flow: A Unified Basis for Vulnerability Mitigation, Malware Defense and Attack Scenario Reconstruction

    Dr. R. Sekar (Stony Brook University)

    • Abstract:

      Access control and information flow are the two building blocks in the design of secure software. Of the two, access control seems ubiquitous, being widely used in operating systems, databases, firewalls, servers, web applications, and so on. The successes of information flow seem less obvious, and its benefits and potential underappreciated. Yet, when it comes to defending against malicious code, access control based defenses have proved susceptible to evasion, or they end up being so restrictive as to interfere with legitimate use. In this talk, I will argue that defenses based on information flow can be more discerning, as they utilize not only the operations performed but also their context, e.g., whether malicious actors could be exerting control over these operation or their key arguments. I will then describe successful applications of information flow to defend against every stage of a cyber attack campaign, including: (a) exploit mitigation for a wide range of software vulnerabilities, (b) malware containment across diverse OSes, including Linux, BSD, and Windows XP through Windows 10, and (c) attack campaign reconstruction, where we achieve a five to six orders of magnitude data reduction by applying our techniques.


  • 11:00am – 11:20am Break & Discussion

  • 11:20am – 12:10pm Session 1—Binary Manipulation & Disassembly

    Session/Discussion Lead: TBD (TBD)

  • Binary Quilting to Generate Patched Executables without Compilation

    Anthony Saieva (Columbia University); Gail Kaiser (Columbia University);

    • Abstract:

      When applying patches, or dealing with legacy software, users are often reluctant to change the production executables for fear of unwanted side effects. This results in many active systems running vulnerable or buggy code even though the problems have already been identified and resolved by developers. Furthermore when dealing with old or proprietary software, users can't view or compile source code so any attempts to change the application after distribution requires binary level manipulation. We present a new technique we call binary quilting that allows users to apply the minimum required patch such that production software can be patched preserving existing core semantics without fear of unwanted side effects introduced either by the build process or by additional code changes. Unlike hot patching binary quilting is a one time procedure that creates an entirely new reusable binary. Our case studies show the efficacy of this technique on real software in real patching scenarios.


  • On the Generation of Disassembly Ground Truth and the Evaluation of Disassemblers

    Kaiyuan Li (Carnegie Mellon University); Maverick Woo (Carnegie Mellon University); Limin Jia (Carnegie Mellon University);

    • Abstract:

      When a software transformation or software security task needs to analyze or operate on a given program binary, the first step is often disassembly. Since many modern disassemblers have become highly accurate on many binaries, we believe reliable disassembler benchmarking requires standardizing (i) the set of binaries used and (ii) the disassembly ground truth about these binaries. This work proposes a first version of our work-in-progress disassembly benchmark suite, which comprises 879 binaries from diverse projects compiled with multiple compilers and optimization settings. We start by presenting a novel disassembly ground truth generator that relies on “listing files”, with broad support of clang, gcc, icc, and msvc. Then we use our benchmark suite and our custom evaluation system to evaluate 4 prominent open-source disassemblers. Our entire system and all generated data are maintained openly on GitHub to encourage community adoption.


  • 12:10pm – 1:00pm Keynote 2

    Session/Discussion Lead: TBD (TBD)

  • Keynote: Evolution of Cyber-Security Research in an Industrial Setting

    Dr. A. Loginov (GrammaTech)


    The software that increasingly undergirds our daily lives, national infrastructure, and defense systems continues to grow in size and complexity, incorporating far-reaching networks of open-source components and third-party dependencies. The task of analyzing and protecting these bloated and sprawling software systems is qualitatively more difficult than it was just a decade ago. We are also faced with a growing need to protect against cyber threats that continue to increase in frequency and sophistication.

    The primary goal of industrial research in our field is to develop and transition promising solutions to cyber-security problems into real-world settings. This process is a race against the growing complexity of the software that we seek to protect. Winning this race requires novel solutions to the challenges of scalability, precision, and the dearth of human cyber-security expertise.

    In recent years, we found ourselves revisiting old solutions to program representation, vulnerability detection, and reverse engineering. Such rethinking is most successful when it isolates limiting factors and addresses them by shifting into domains in which powerful new computational resources and techniques provide order-of-magnitude increases in computational and developer productivity.

    In this talk, I will start by reviewing some of the relevant technology trends and then give examples of reinvented solutions, enabled by new paradigms and computational resources.


  • 1:00pm – 2:00pm Lunch Break & Discussion

  • 2:00pm – 2:50pm Session 2—Concurrency & Exception Handling

    Session/Discussion Lead: TBD (TBD)

  • Hunting Garbage Collection Related Concurrency Bugs Through Critical Condition Restoration

    Hanhan Zhou (George Washington University); Tian Lan (George Washington University); Guru Venkataramani (George Washington University);

    • Abstract:

      With the increasing popularity of multicore processors and multi-thread languages/frameworks, race conditions -- which are non-deterministic by nature -- are becoming a main root cause for concurrency bugs. It opens doors to malicious attacks such as remote code execution and denial of service attacks, potentially putting millions of users in danger. Yet, such non-deterministic racing conditions are often difficult to identify or reproduce in standard program testing. In this paper, we focus on the Garbage-Collection (GC) feature, which is known to be a frequent victim of concurrency bugs in many software systems. We develop a new approach to facilitate the testing of GC-related bugs through critical condition restoration. In particular, we propose a risk-score mechanism to quantify the risk of GC-related bugs in target functions and leverage the score to select appropriate testing parameters and garbage generation strategy, with a higher chance of producing the critical condition. Our experimental results show that the proposed approach could significantly improve the probability of finding GC-related bugs (from 0 in condition-oblivious testing to 14.8 bugs identified in our experiment) while incurring only around 26% execution overhead.


  • On the Impact of Exception Handling Compatibility on Binary Instrumentation

    Soumyakant Priyadarshan (Stony Brook University); Huan Nguyen (Stony Brook University); R. Sekar (Stony Brook University);

    • Abstract:

      Static binary instrumentation tools have been facing deployability concerns. One of the major cause of concern is compatibility with C++ exception handling and stack tracing. Although contemporary works identify this as an engineering challenge, there has been no strudy to fully understand the impact of exception handling compatibility on the instrumentation process. To support exception handling compilers generate additional metadata. This metadata can serve as a rich source of information regarding code layout and can simplify various aspects of instrumentation process. In this paper, we show that by exploiting the exception handling metadata, it is possible to achieve 0 false positive in function identification. This paper also evaluates the security implications of this metadata. Attackers can exploit this metadata to gain leverage against code randomization based security hardening techniques.


  • 2:50pm – 3:40pm Keynote 3

    Session/Discussion Lead: TBD (TBD)

  • Keynote: TBD

    Ryan Craven (ONR)

    Abstract: TBD


  • 3:40pm – 4:00pm Break & Discussion

  • 4:00pm – 4:50pm Session 3—Feature Isolation & Exploitation

    Session/Discussion Lead: TBD (TBD)

  • Automatic Feature Isolation in Network Protocol Software Implementations

    Ze Zhang (University of Michigan); Qingzhao Zhang (University of Michigan); Brandon Nguyen (University of Michigan); Sanjay Sri Vallabh Singapuram (University of Michigan); Z. Morley Mao (University of Michigan); Scott Mahlke (University of Michigan/Nvidia Research);

    • Abstract:

      Common vulnerabilities and exposures (CVE) usually exploit design or implementation flaws of specific features in widely used network protocols, causing serious security and safety threats on full-scale devices and systems. Feature isolation as a general protocol customization practice is shown to be highly promising to reduce attack surfaces in these protocols. In this ongoing work, we propose a systematic approach to achieve automatic feature isolation using various program analysis based techniques. Specifically, we present two methods targeting different feature granularity to automatically identify and remove unnecessary features in a software protocol implementation. In addition, we develop a semantic reconstruction mechanism to enforce user-specified feature access control policies. Preliminary case studies confirm that our proposed techniques can be effectively applied on real-world protocol vulnerabilities.


  • Remote Control of iOS Devices via Accessibility Features

    Nikola Lukic (University of Southern California); Saghar Talebipour (University of Southern California); Nenad Medvidovic (University of Southern California);

    • Abstract:

      This paper presents an approach for remotely accessing and controlling mobile apps by leveraging a mobile platform's publicly exported accessibility features. This approach is implemented in a technique and accompanying tool called . While is designed to be platform-independent, our current implementation has focused on iOS, the significantly more challenging of the two dominant mobile platforms, for which access to apps' source code is generally not possible. We show that places no restrictions on apps it can ``plug into'' and control, is able to handle a variety of scenarios, and imposes a negligible performance overhead.


  • 4:50pm – 5:00pm Discussion and Closing Remarks