Abstract: Systems and methods of defending against stack-based cybersecurity attacks that exploit vulnerabilities in buffer overflows. The embodiments disclosed herein propose hijacking program flow in a program binary by insert call checking CFI code before calling a target. Examples of a target can be a function within the program binary, a register, or a memory location. If the call target is a valid call target (e.g., included in a global list of addresses), normal program flow resumes and the program flow is transferred to the target. On the contrary, if the call target is not a valid call target (e.g., not included in a global list of addresses), the program binary is deliberately crashed.

Abstract: Systems and methods of cyber hardening software by modifying one or more assembly source files. In some embodiments, the disclosed SME tool transparently and seamlessly integrates into the build process of the assembly source files being modified. For example, upon integration of the disclosed SME tool into the application's development environment, the modifications in the final executable are transparent to the developer and can support other cyber hardening techniques. The SME tool includes a preprocessing tool for identifying attributes (e.g., functions) associated with the assembly source file. The SME tool also includes a transformation tool for making modifications of the assembly source file. In some embodiments, the transformations correspond to applying one or more transformations to the attributes associated with the assembly source file.

Abstract: Systems and methods of modifying a program binary by injecting code into a function of a program binary that tokenizes the return address of the function. The tokenization of the return address improves the robustness of the program binary against cyberattacks. For example, an attacker's attempt to hijack program flow before a function return will fail since any return address modified by the adversary will be tokenized (e.g., using a binary operation such as an XOR) resulting in an unusable address that will cause the system to crash. One advantage of the improved CFI consumes less average overhead and does not require all of the complications of the conventional CFI systems. In some embodiments, the tokenization includes applying a binary operation on a randomly-generated token and the return address. The token can be generated at transform time, load time, or run time.

Abstract: Systems and methods of cyber hardening software by modifying one or more assembly source files. In some embodiments, the disclosed SME tool transparently and seamlessly integrates into the build process of the assembly source files being modified. For example, upon integration of the disclosed SME tool into the application's development environment, the modifications in the final executable are transparent to the developer and can support other cyber hardening techniques. The SME tool includes a preprocessing tool for identifying attributes (e.g., functions) associated with the assembly source file. The SME tool also includes a transformation tool for making modifications of the assembly source file. In some embodiments, the transformations correspond to applying one or more transformations to the attributes associated with the assembly source file.

Abstract: Systems and methods of cyber hardening software by modifying one or more assembly source files. In some embodiments, the SME tool transparently and seamlessly integrates into the build process of the assembly source files being modified. For example, upon integration of the disclosed SME tool into the application's development environment, the modifications in the final executable are transparent to the developer and can support other cyber hardening techniques. In some embodiments, the integration of the SME tool into a build can be automated. Simplifying integration, through automated means, can be beneficial for widespread adoption of SME tools in cyberhardening software applications. Automated SME build integrations, e.g., removing manual methods and techniques, can help eliminate human errors and result in faster SME integrations, in comparison to manual integrations of a SME tool.

Abstract: Systems and methods of cyber hardening software by modifying one or more assembly source files. In some embodiments, the disclosed SME tool transparently and seamlessly integrates into the build process of the assembly source files being modified. For example, upon integration of the disclosed SME tool into the application's development environment, the modifications in the final executable are transparent to the developer and can support other cyber hardening techniques. The SME tool includes a preprocessing tool for identifying attributes (e.g., functions) associated with the assembly source file. The SME tool also includes a transformation tool for making modifications of the assembly source file. In some embodiments, the transformations correspond to applying one or more transformations to the attributes associated with the assembly source file.

Abstract: An automated and processor agnostic method is described for modifying one or more executable binary files to insert one or more new software segments to modify the execution of the one or more executable binary files in at least certain circumstances. The modification takes into account the target microprocessor architecture of the one or more executable binary files which can be in the ELF format. In one embodiment, the new software segments are configured to add at least monitoring capabilities to monitor control flow integrity during execution of the one or more executable binary files.

Abstract: Systems and methods of modifying a program binary by injecting code into a function of a program binary that tokenizes the return address of the function. The tokenization of the return address improves the robustness of the program binary against cyberattacks. For example, an attacker's attempt to hijack program flow before a function return will fail since any return address modified by the adversary will be tokenized (e.g., using a binary operation such as an XOR) resulting in an unusable address that will cause the system to crash. One advantage of the improved CFI consumes less average overhead and does not require all of the complications of the conventional CFI systems. In some embodiments, the tokenization includes applying a binary operation on a randomly-generated token and the return address. The token can be generated at transform time, load time, or run time.

Abstract: Systems and methods of defending against stack-based cybersecurity attacks that exploit vulnerabilities in buffer overflows. The embodiments disclosed herein propose hijacking program flow in a program binary by insert call checking CFI code before calling a target. Examples of a target can be a function within the program binary, a register, or a memory location. If the call target is a valid call target (e.g., included in a global list of addresses), normal program flow resumes and the program flow is transferred to the target. On the contrary, if the call target is not a valid call target (e.g., not included in a global list of addresses), the program binary is deliberately crashed.

Abstract: An automated and processor agnostic method is described for modifying one or more executable binary files to insert one or more new software segments to modify the execution of the one or more executable binary files in at least certain circumstances. The modification takes into account the target microprocessor architecture of the one or more executable binary files which can be in the ELF format. In one embodiment, the new software segments are configured to add at least monitoring capabilities to monitor control flow integrity during execution of the one or more executable binary files.