This repository contains the source code and evaluation datasets of our proposed Data and Pointer Prioritization (DPP)
framework utilizing rule-based heuristics to identify sensitive
memory objects automatically from an application and protect only those sensitive data utilizing existing countermeasures. This work has been accepted in The 32nd USENIX Security Symposium (USENIX Security'23
). The title of the paper is Not All Data are Created Equal: Data and Pointer Prioritization for Scalable Protection Against Data-Oriented Attacks.
To install prerequisite, run the following command:
./prerequisites.sh
Download the code:
git clone https://github.com/salmanyam/DPP.git
This repo contains submodules and needs to be initiated:
cd DPP
git submodule update --init --recursive --progress
To install a CMake version 3.13.4 or higher, run the install_cmake.sh
script. The script will install the CMake version 3.27.
./install_cmake.sh
To build the dpp-llvm
source code along with SVF
, run the build.sh
script:
./build.sh
This script will do in-source compilation of SVF
and build LLVM binaries (clang
, opt
, llvm-ar
, lld
, etc) are under
dpp-llvm/build/bin
.
Each of our rules is implemented as an Analysis pass located in llvm/lib/DPP
. Please note that the rule number in the repository is slightly different than the rule number in our paper. The rule number mapping between this repo to our paper is given below for convenience.
Source code Paper
----------- -----
DPPRule1.cpp Taint analysis
DPPRule2.cpp Rule 1
DPPRule3.cpp Rule 2
DPPRule4.cpp -
DPPRule5.cpp Rule 3
DPPRule6.cpp Rule 4
DPPRule7.cpp Rule 5
DPPRule8.cpp Rule 6
DPPRule9.cpp Rule 7
To run the prioritization, please use the following command. It is recommended to start with a simple program (dpp-data/example/example.c
) to understand the result. The LLVM bitcode is also provided to the example directory (dpp-data/example/example.opt
).
LLVM_DIR=${PWD}/dpp-llvm/build/bin
${LLVM_DIR}/opt -S -passes="print-dpp-global" --dpp-rule="all" -disable-output < ${PWD}/dpp-data/example/example.opt
The command will provide the following output for the example
program by applying all
our rules.
Note: please note that the optimization level is set to zero for the example. Our prioritization works better when no optimization-level is used. However, this can cause some duplicate objects in the
IR
file of the same high-level language object.
#################### SUMMARY: 4 data objects #########################
AddrVFGNode ID: 17 AddrPE: [34<--35]
%9 = call noalias i8* @malloc(i64 %8) #6, !dbg !25 { ln: 8 cl: 25 fl: example.c } 4 10
--------------------------------------------------------------
AddrVFGNode ID: 15 AddrPE: [22<--23]
%4 = alloca i8*, align 8 { ln: 8 fl: example.c } 2 10
--------------------------------------------------------------
AddrVFGNode ID: 11 AddrPE: [6<--7]
@stdin = external dso_local global %struct._IO_FILE*, align 8 { Glob } 1 1
--------------------------------------------------------------
AddrVFGNode ID: 14 AddrPE: [20<--21]
%3 = alloca [10 x i8], align 1 { ln: 6 fl: example.c } 1 0
--------------------------------------------------------------
TOP-K = 4, Actual = 0
12(5) 12(5) 10(2) 0(0) - 0(0) 10(3) 0(0) 11(2) 10(1) 11(4)
To run a single rule, modify the --dpp-rule
field in the command. For example, if want to run Rule 7
(i.e., Rule 9
in the source code), use the following command:
LLVM_DIR=${PWD}/dpp-llvm/build/bin
${LLVM_DIR}/opt -S -passes="print-dpp-global" --dpp-rule="rule9" -disable-output < ${PWD}/dpp-data/example/example.opt
The command will give the following output:
AddrVFGNode ID: 17 AddrPE: [34<--35]
%9 = call noalias i8* @malloc(i64 %8) #6, !dbg !25 { ln: 8 cl: 25 fl: example.c }
--------------------------------------------------------------
rule9:: 12(5) 10(1)
Not All Data are Created Equal: Data and Pointer Prioritization for Scalable Protection Against Data-Oriented Attacks
@inproceedings {291078,
author = {Salman Ahmed and Hans Liljestrand and Hani Jamjoom and Matthew Hicks and N. Asokan and Danfeng (Daphne) Yao},
title = {Not All Data are Created Equal: Data and Pointer Prioritization for Scalable Protection Against {Data-Oriented} Attacks},
booktitle = {32nd USENIX Security Symposium (USENIX Security 23)},
year = {2023},
isbn = {978-1-939133-37-3},
address = {Anaheim, CA},
pages = {1433--1450},
url = {https://www.usenix.org/conference/usenixsecurity23/presentation/ahmed-salman},
publisher = {USENIX Association},
month = aug,
}