Abstract: The present disclosure provides a method for analyzing exploitability of memory safety vulnerabilities in binary programs. The method includes identifying potential vulnerabilities within a binary program, performing a baseline analysis to detect potential Return-Oriented Programming (ROP) chains, applying a memory safety mitigation technology to the binary program, performing a protected analysis after applying the memory safety mitigation technology to detect potential ROP chains, comparing results of the baseline analysis and the protected analysis, and generating a report quantifying an impact of the memory safety mitigation technology on exploitability of the identified vulnerabilities. The method enables assessment of the effectiveness of memory safety mitigation techniques in reducing the risk of exploitation, providing valuable insights for improving software security throughout the development lifecycle.

Abstract: Systems and methods of cyber hardening software by modifying one or more assembly source files. In some embodiments, the disclosed SME tool transparently and seamlessly integrates into the build process of the assembly source files being modified. For example, upon integration of the disclosed SME tool into the application's development environment, the modifications in the final executable are transparent to the developer and can support other cyber hardening techniques. The SME tool includes a preprocessing tool for identifying attributes (e.g., functions) associated with the assembly source file. The SME tool also includes a transformation tool for making modifications of the assembly source file. In some embodiments, the transformations correspond to applying one or more transformations to the attributes associated with the assembly source file.

Abstract: Disclosed is a test engine intended to evaluate the correctness and measure the performance effects of a binary transformation technique. The disclosed system takes source code as input and compiler information/flags as input. The transformation-under-test is applied to the compiler, creating a transformed compiler. A random test case generator residing within the test engine for injecting illegal code structures to modify the project source code, build flags, or compiler's operating environment, thereby creating an unlimited number of input test cases for the compiler. The test engine compiles the source code utilizing both the raw and transformed compilers and compares the results. For example, the test engine renders a pass/fail judgement on the binary transformation based on a metric of near equivalence between the results of the raw compiler and transformed compiler. By using one or more bitmasks, the evaluation process factors in differences attributed to compiler run-time generated artifacts.

Abstract: Disclosed is a test engine intended to evaluate the correctness and measure the performance effects of a binary transformation technique. The disclosed system takes source code as input and compiler information/flags as input. The transformation-under-test is applied to the compiler, creating a transformed compiler. A random test case generator residing within the test engine for injecting illegal code structures to modify the project source code, build flags, or compiler's operating environment, thereby creating an unlimited number of input test cases for the compiler. The test engine compiles the source code utilizing both the raw and transformed compilers and compares the results. For example, the test engine renders a pass/fail judgement on the binary transformation based on a metric of near equivalence between the results of the raw compiler and transformed compiler. By using one or more bitmasks, the evaluation process factors in differences attributed to compiler run-time generated artifacts.

Abstract: Systems and methods of cyber hardening software by modifying one or more assembly source files. In some embodiments, the disclosed SME tool transparently and seamlessly integrates into the build process of the assembly source files being modified. For example, upon integration of the disclosed SME tool into the application's development environment, the modifications in the final executable are transparent to the developer and can support other cyber hardening techniques. The SME tool includes a preprocessing tool for identifying attributes (e.g., functions) associated with the assembly source file. The SME tool also includes a transformation tool for making modifications of the assembly source file. In some embodiments, the transformations correspond to applying one or more transformations to the attributes associated with the assembly source file.