How'd Security Benefit Reverse Engineers? — The Implication of Intel CET on Function Identification
As CPU vendors introduce various hardware-assisted security features, modern compilers have started to produce binaries containing security-related instructions. Interestingly, such instructions tend to alter the shape of resulting binaries, which can potentially affect the effectiveness of binary analysis. This paper presents the first systematic study on the implication of the Intel CET (Control-flow Enforcement Technology) instructions on function identification. Our study finds that CET-relevant instructions provide useful, although limited, hints for function entries. Therefore, we devise a novel function identification algorithm that utilizes the usage patterns of CET instructions, and demonstrate a tool named FunSeeker that implements the idea. Our evaluation shows that FunSeeker significantly outperforms current state-of-the-art function identification tools in terms of both correctness and speed.
- Publisher
- IEEE/IFIP
- Issue Date
- 2022-06-27
- Language
- English
- Citation
The 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022, pp.559 - 566
- ISSN
- 1530-0889
- Appears in Collection
- CS-Conference Papers(학술회의논문)
- Files in This Item
- There are no files associated with this item.
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 4 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.