Not so fast: understanding and mitigating negative impacts of compiler optimizations on code reuse gadget sets

Despite extensive testing and correctness certification of their functional semantics, a number of compiler optimizations have been shown to violate security guarantees implemented in source code. While prior work has shed light on how such optimizations may introduce semantic security weaknesses into programs, there remains a significant knowledge gap concerning the impacts of compiler optimizations on non-semantic properties with security implications. In particular, little is currently known about how code generation and optimization decisions made by the compiler affect the availability and utility of reusable code segments called gadgets required for implementing code reuse attack methods such as return-oriented programming. In this paper, we bridge this gap through a study of the impacts of compiler optimization on code reuse gadget sets. We analyze and compare 1,187 variants of 20 different benchmark programs built with two production compilers (GCC and Clang) to determine how their optimization behaviors affect the code reuse gadget sets present in program variants with respect to both quantitative and qualitative metrics. Our study exposes an important and unexpected problem; compiler optimizations introduce new gadgets at a high rate and produce code containing gadget sets that are generally more useful to an attacker than those in unoptimized code. Using differential binary analysis, we identify several undesirable behaviors at the root of this phenomenon. In turn, we propose and evaluate several strategies to mitigate these behaviors. In particular, we show that post-production binary recompilation can effectively mitigate these behaviors with negligible performance impacts, resulting in optimized code with significantly smaller and less useful gadget sets.

Download Full-text

“We Sleep with One Eye Open”: Exploring the Experiences of Churches in Rivers State, Nigeria

Journal of Asian and African Studies ◽

10.1177/0021909619865582 ◽

2019 ◽

Vol 54 (8) ◽

pp. 1262-1279 ◽

Cited By ~ 3

Author(s):

George C Nche ◽

Chikodi Wachukwu ◽

Chinyere T Nwaoga ◽

Ekene M Mokwenye ◽

Prince Agwu ◽

...

Keyword(s):

Older People ◽

Church Leaders ◽

The State ◽

High Rate ◽

Narrative Approach ◽

Armed Robbery ◽

The Face ◽

The Government ◽

Negative Impacts ◽

Rivers State

In instances of insecurity in many societies, churches “also” suffer. Yet there is a dearth of literature exploring the experiences of churches in connection with situations of insecurity. This study, therefore, explored the experiences of churches in the face of the high rate of insecurity in Rivers State, Nigeria. Information was elicited from 16 church leaders of different denominations in different communities in Rivers State. Using a descriptive narrative approach, the study found that churches’ experiences in some communities in the state are reflections of helplessness and despair due to the incidences of cultism, kidnapping, armed robbery, etc. Many churches in some of the embattled communities have been deserted or left with a few older people. This has had negative impacts on evangelism and the churches’ economy, with the clergy at the receiving end. The implications of findings for the government and churches are discussed.

Download Full-text

Semantic-Based Representation Binary Clone Detection for Cross-Architectures in the Internet of Things

Applied Sciences ◽

10.3390/app9163283 ◽

2019 ◽

Vol 9 (16) ◽

pp. 3283 ◽

Cited By ~ 3

Author(s):

Zhenhao Luo ◽

Baosheng Wang ◽

Yong Tang ◽

Wei Xie

Keyword(s):

Internet Of Things ◽

Language Processing ◽

Semantic Representation ◽

Compiler Optimization ◽

Symbolic Execution ◽

Detection Methods ◽

Intermediate Representation ◽

Clone Detection ◽

Code Reuse ◽

Representation Model

Code reuse is widespread in software development as well as internet of things (IoT) devices. However, code reuse introduces many problems, e.g., software plagiarism and known vulnerabilities. Solving these problems requires extensive manual reverse analysis. Fortunately, binary clone detection can help analysts mitigate manual work by matching reusable code and known parts. However, many binary clone detection methods are not robust to various compiler optimization options and different architectures. While some clone detection methods can be applied across different architectures, they rely on manual features based on human prior knowledge to generate feature vectors for assembly functions and fail to consider the internal associations between features from a semantic perspective. To address this problem, we propose and implement a prototype GeneDiff, a semantic-based representation binary clone detection approach for cross-architectures. GeneDiff utilizes a representation model based on natural language processing (NLP) to generate high-dimensional numeric vectors for each function based on the Valgrind intermediate representation (VEX) representation. This is the first work that translates assembly instructions into an intermediate representation and uses a semantic representation model to implement clone detection for cross-architectures. GeneDiff is robust to various compiler optimization options and different architectures. Compared to approaches using symbolic execution, GeneDiff is significantly more efficient and accurate. The area under the curve (AUC) of the receiver operating characteristic (ROC) of GeneDiff reaches 92.35%, which is considerably higher than the approaches that use symbolic execution. Extensive experiments indicate that GeneDiff can detect similarity with high accuracy even when the code has been compiled with different optimization options and targeted to different architectures. We also use real-world IoT firmware across different architectures as targets, therein proving the practicality of GeneDiff in being able to detect known vulnerabilities.

Download Full-text

Decentralized peri-urban wastewater treatment technologies assessment integrating sustainability indicators

Water Science & Technology ◽

10.2166/wst.2015.209 ◽

2015 ◽

Vol 72 (2) ◽

pp. 214-222 ◽

Cited By ~ 7

Author(s):

Karel Mena-Ulecia ◽

Heykel Hernández Hernández

Keyword(s):

Environmental Economic ◽

Urban Communities ◽

Sustainability Assessment ◽

Domestic Wastewater ◽

High Rate ◽

Septic Tank ◽

Sustainable Performance ◽

Treatment Technologies ◽

Negative Impacts ◽

Selection Of

Selection of treatment technologies without considering the environmental, economic and social factors associated with each geographical context risks the occurrence of negative impacts that were not properly foreseen, working against the sustainable performance of the technology. The principal aim of this study was to evaluate 12 technologies for decentralized treatment of domestic wastewater applicable to peri-urban communities using sustainability approaches and, at the same time, continuing a discussion about how to address a more integrated assessment of overall sustainability. For this, a set of 13 indicators that embody the environmental, economic and social approach for the overall sustainability assessment were used by means of a target plot diagram as a tool for integrating indicators that represent a holistic analysis of the technologies. The obtained results put forward different degrees of sustainability, which led to the selection of: septic tank + land infiltration; up-flow anaerobic reactor + high rate trickling filter and septic tank + anaerobic filter as the most sustainable and attractive technologies to be applied in peri-urban communities, according to the employed indicators.

Download Full-text

Optimized code generation for programmable digital signal processors

IEEE International Conference on Acoustics Speech and Signal Processing ◽

10.1109/icassp.1993.319155 ◽

1993 ◽

Cited By ~ 1

Author(s):

K.H. Yu ◽

Y.H. Hu

Keyword(s):

Code Generation ◽

Digital Signal ◽

Digital Signal Processors ◽

Optimized Code ◽

Signal Processors

Download Full-text

Managing Bitter Pit in ‘Honeycrisp’ Apples Grown in the Mid-Atlantic United States with Foliar-applied Calcium Chloride and Some Alternatives

HortTechnology ◽

10.21273/horttech.25.3.385 ◽

2015 ◽

Vol 25 (3) ◽

pp. 385-391 ◽

Cited By ~ 8

Author(s):

Alan R. Biggs ◽

Gregory M. Peck

Keyword(s):

United States ◽

Calcium Chloride ◽

Future Study ◽

High Rate ◽

Chloride Salt ◽

Physiological Disorder ◽

Total Percentage ◽

Bitter Pit ◽

Honeycrisp Apples ◽

Negative Impacts

Three separate experiments were conducted to test standard calcium chloride salt (CaCl2) rates and several new formulations of calcium (Ca) for amelioration of bitter pit, a Ca-related physiological disorder that affects fruit of many apple (Malus ×domestica) cultivars, including the popular cultivar Honeycrisp. Even small amounts of bitter pit damage make apples unmarketable. We evaluated various formulations of Ca to compare their effectiveness in controlling bitter pit, including proprietary Ca products (InCa™, Sysstem-Cal™, Vigor-Cal™, XD10, and XD505) with and without antitranspirant. Calcium chloride is the most common Ca product used to reduce bitter pit incidence, but it has negative impacts, such as phytotoxicity and corrosiveness. Of the products that were tested in 2011, XD10 at the high rate and XD505 are candidates for future study. In 2012, both the CaCl2 and XD10 treatments had lower bitter pit severity than the nontreated control, but only the CaCl2 treatments had a lower total percentage of fruit with bitter pit compared with the control. The antitranspirant reduced bitter pit incidence in one of three treatments. Full season Ca treatments and higher rates (up to 23.5 lb/acre per season of elemental Ca) are needed to significantly reduce bitter pit incidence in ‘Honeycrisp’ apples in the mid-Atlantic United States.

Download Full-text