Constraint-based Diversification of JOP Gadgets

Modern software deployment process produces software that is uniform, and hence vulnerable to large-scale code-reuse attacks, such as Jump-Oriented Programming (JOP) attacks. Compiler-based diversification improves the resilience and security of software systems by automatically generating different assembly code versions of a given program. Existing techniques are efficient but do not have a precise control over the quality, such as the code size or speed, of the generated code variants. This paper introduces Diversity by Construction (DivCon), a constraint-based compiler approach to software diversification. Unlike previous approaches, DivCon allows users to control and adjust the conflicting goals of diversity and code quality. A key enabler is the use of Large Neighborhood Search (LNS) to generate highly diverse assembly code efficiently. For larger problems, we propose a combination of LNS with a structural decomposition of the problem. To further improve the diversification efficiency of DivCon against JOP attacks, we propose an application-specific distance measure tailored to the characteristics of JOP attacks. We evaluate DivCon with 20 functions from a popular benchmark suite for embedded systems. These experiments show that DivCon's combination of LNS and our application-specific distance measure generates binary programs that are highly resilient against JOP attacks (they share between 0.15% to 8% of JOP gadgets) with an optimality gap of 10%. Our results confirm that there is a trade-off between the quality of each assembly code version and the diversity of the entire pool of versions. In particular, the experiments show that DivCon is able to generate binary programs that share a very small number of gadgets, while delivering near-optimal code. For constraint programming researchers and practitioners, this paper demonstrates that LNS is a valuable technique for finding diverse solutions. For security researchers and software engineers, DivCon extends the scope of compiler-based diversification to performance-critical and resource-constrained applications.

Verified Lustre Normalization with Node Subsampling

Dataflow languages allow the specification of reactive systems by mutually recursive stream equations, functions, and boolean activation conditions called clocks. Lustre and Scade are dataflow languages for programming embedded systems. Dataflow programs are compiled by a succession of passes. This article focuses on the normalization pass which rewrites programs into the simpler form required for code generation. Vélus is a compiler from a normalized form of Lustre to CompCert’s Clight language. Its specification in the Coq interactive theorem prover includes an end-to-end correctness proof that the values prescribed by the dataflow semantics of source programs are produced by executions of generated assembly code. We describe how to extend Vélus with a normalization pass and to allow subsampled node inputs and outputs. We propose semantic definitions for the unrestricted language, divide normalization into three steps to facilitate proofs, adapt the clock type system to handle richer node definitions, and extend the end-to-end correctness theorem to incorporate the new features. The proofs require reasoning about the relation between static clock annotations and the presence and absence of values in the dynamic semantics. The generalization of node inputs requires adding a compiler pass to ensure the initialization of variables passed in function calls.

A Vulnerability Detection System Based on Fusion of Assembly Code and Source Code

Software vulnerabilities are one of the important reasons for network intrusion. It is vital to detect and fix vulnerabilities in a timely manner. Existing vulnerability detection methods usually rely on single code models, which may miss some vulnerabilities. This paper implements a vulnerability detection system by combining source code and assembly code models. First, code slices are extracted from the source code and assembly code. Second, these slices are aligned by the proposed code alignment algorithm. Third, aligned code slices are converted into vector and input into a hyper fusion-based deep learning model. Experiments are carried out to verify the system. The results show that the system presents a stable and convergent detection performance.

An evolutionary process without variation and selection

Natural selection successfully explains how organisms accumulate adaptive change despite that traits acquired over a lifetime are eliminated at the end of each generation. However, in some domains that exhibit cumulative, adaptive change—e.g. cultural evolution, and earliest life—acquired traits are retained; these domains do not face the problem that Darwin’s theory was designed to solve. Lack of transmission of acquired traits occurs when germ cells are protected from environmental change, due to a self-assembly code used in two distinct ways: (i) actively interpreted during development to generate a soma, and (ii) passively copied without interpretation during reproduction to generate germ cells. Early life and cultural evolution appear not to involve a self-assembly code used in these two ways. We suggest that cumulative, adaptive change in these domains is due to a lower-fidelity evolutionary process, and model it using reflexively autocatalytic and foodset-generated networks. We refer to this more primitive evolutionary process as self–other reorganization (SOR) because it involves internal self-organizing and self-maintaining processes within entities, as well as interaction between entities. SOR encompasses learning but in general operates across groups. We discuss the relationship between SOR and Lamarckism, and illustrate a special case of SOR without variation.

A method for decompilation of AMD GCN kernels to OpenCL

Introduction: Decompilers are useful tools for software analysis and support in the absence of source code. They are available for many hardware architectures and programming languages. However, none of the existing decompilers support modern AMD GPU architectures such as AMD GCN and RDNA. Purpose: We aim at developing the first assembly decompiler tool for a modern AMD GPU architecture that generates code in the OpenCL language, which is widely used for programming GPGPUs. Results: We developed the algorithms for the following operations: preprocessing assembly code, searching data accesses, extracting systemvalues, decompiling arithmetic operations and recovering data types. We also developed templates for decompilation of branching operations. Practical relevance: We implemented the presented algorithms in Python as a tool called OpenCLDecompiler, which supports a large subset of AMD GCN instructions. This tool automatically converts disassembled GPGPU code into the equivalent OpenCL code, which reduces the effort required to analyze assembly code.

Developing an LLVM-based compiler for stack based TF16 processor architecture

Development for stack-based architectures is usually done using legacy low level languages or assembly code, so there exists a problem of a high level programming language support for such architectures. In this paper we describe the development process of an LLVM/Clang-based C compiler for stack-based TF16 processor architecture. LLVM was used due to adaptation possibilities of its components for new architectures, such as disassembler, linker and debugger. Two compiler versions were developed. The first version generated code without using stack capabilities of TF16, treating it instead as a register-based architecture. This version was relatively easy to develop and it provided us a comparison point for the second one. In the second version we have implemented a platform independent stack scheduling algorithm that allowed us to generate code that makes use of the stack capabilities of the CPU. When comparing the two versions, a version that utilized stack capabilities generated code that was on average 35.7% faster and 50.8% smaller than the original version. The developed stack scheduling algorithm also allows to support other stack based architectures in LLVM toolchain.

Implementation of a parallel high-order WENO-type Euler equation solver using a CUDA PTX paradigm

ABSTRACT This study proposes the optimization of a low-level assembly code to reconstruct the flux for a splitting flux Harten–Lax–van Leer (SHLL) scheme on high-end graphic processing units. The proposed solver is implemented using the weighted essentially non-oscillatory reconstruction method to simulate compressible gas flows that are derived using an unsteady Euler equation. Instructions in the low-level assembly code, i.e. parallel thread execution and instruction set architecture in compute unified device architecture (CUDA), are used to optimize the CUDA kernel for the flux reconstruction method. The flux reconstruction method is a fifth-order one that is used to process the high-resolution intercell flux for achieving a highly localized scheme, such as the high-order implementation of SHLL scheme. Many benchmarking test cases including shock-tube and four-shock problems are demonstrated and compared. The results show that the reconstruction method is computationally very intensive and can achieve excellent performance up to 5183 GFLOP/s, ∼66% of peak performance of NVIDIA V100, using the low-level CUDA assembly code. The computational efficiency is twice the value as compared with the previous studies. The CUDA assembly code reduces 26.7% calculation and increases 37.5% bandwidth. The results show that the optimal kernel reaches up to 990 GB/s for the bandwidth. The overall efficiency of bandwidth and computation performance achieves 127% of the predicted performance based on the HBM2-memory roofline model estimated by Empirical Roofline Tool.

Evolution Without Variation and Selection

A central tenet of evolutionary theory is that it requires variation upon which selection can act. We describe a means of attaining cumulative, adaptive, open-ended change that requires neither variation nor selective exclusion, and that can occur in the absence of generations (i.e., no explicit birth or death). This second evolutionary process occurs through the assimilation, restructuring, and extrusion of products into the environment by identical, interacting Reflexively Autocatalytic and Food set-generated (RAF) networks. We refer to this more primitive process evolutionary process as Self–Other Reorganisation because it involves internal self-organising and self-maintaining processes within entities, as well as interaction between entities. Since there is no self-assembly code, it is more haphazard than natural selection, and there is no discarding of acquired traits (a signature characteristic of natural selection). In the extreme, it can work with just one entity but it differs from learning because it can operate in groups of entities, and produce adaptive change across generations. We suggest that this more primitive process is operative during the initial stage of an evolutionary process, and that it is responsible for both the origin and early evolution of both organic life, and human culture. In cultural evolution, this ‘evolution without variation’ process can increase homogeneity amongst members of a group and thereby foster group identity and cohesion.

Instruction2vec: Efficient Preprocessor of Assembly Code to Detect Software Weakness with CNN

Potential software weakness, which can lead to exploitable security vulnerabilities, continues to pose a risk to computer systems. According to Common Vulnerability and Exposures, 14,714 vulnerabilities were reported in 2017, more than twice the number reported in 2016. Automated vulnerability detection was recommended to efficiently detect vulnerabilities. Among detection techniques, static binary analysis detects software weakness based on existing patterns. In addition, it is based on existing patterns or rules, making it difficult to add and patch new rules whenever an unknown vulnerability is encountered. To overcome this limitation, we propose a new method—Instruction2vec—an improved static binary analysis technique using machine. Our framework consists of two steps: (1) it models assembly code efficiently using Instruction2vec, based on Word2vec; and (2) it learns the features of software weakness code using the feature extraction of Text-CNN without creating patterns or rules and detects new software weakness. We compared the preprocessing performance of three frameworks—Instruction2vec, Word2vec, and Binary2img—to assess the efficiency of Instruction2vec. We used the Juliet Test Suite, particularly the part related to Common Weakness Enumeration(CWE)-121, for training and Securely Taking On New Executable Software of Uncertain Provenance (STONESOUP) for testing. Experimental results show that the proposed scheme can detect software vulnerabilities with an accuracy of 91% of the assembly code.