Devil is Virtual: Reversing Virtual Inheritance in C++ Binaries

Complexities that arise from implementation of object-oriented concepts in C++ such as virtual dispatch and dynamic type casting have attracted the attention of attackers and defenders alike. Binary-level defenses are dependent on full and precise recovery of class inheritance tree of a given program. While current solutions focus on recovering single and multiple inheritances from the binary, they are oblivious to virtual inheritance. Conventional wisdom among binary-level defenses is that virtual inheritance is uncommon and/or support for single and multiple inheritances provides implicit support for virtual inheritance. In this paper, we show neither to be true. Specifically, (1) we present an efficient technique to detect virtual inheritance in C++ binaries and show through a study that virtual inheritance can be found in non-negligible number (more than 10\% on Linux and 12.5\% on Windows) of real-world C++ programs including Mysql and libstdc++. (2) we show that failure to handle virtual inheritance introduces both false positives and false negatives in the hierarchy tree. These false positves and negatives either introduce attack surface when the hierarchy recovered is used to enforce CFI policies, or make the hierarchy difficult to understand when it is needed for program understanding (e.g., during decompilation). (3) We present a solution to recover virtual inheritance from COTS binaries. We recover a maximum of 95\% and 95.5\% (GCC -O0) and a minimum of 77.5\% and 73.8\% (Clang -O2) of virtual and intermediate bases respectively in the virtual inheritance tree.Comment: Accepted at CCS20. This is a technical report versio

From Formal Semantics to Verified Slicing : A Modular Framework with Applications in Language Based Security

This book presents a modular framework for slicing in the proof assistant Isabelle/HOL which is based on abstract control flow graphs. Building on such abstract structures renders the correctness results language-independent. To prove that they hold for a specific language, it remains to instantiate the framework with this language, which requires a formal semantics of this language in Isabelle/HOL. We show that formal semantics even for sophisticated high-level languages are realizable

The programming language jigsaw: mixins, modularity and multiple in heritance

technical reportThis dissertation provides a framework for modularity in programming languages. In this framework known as Jigsaw, inheritance is understood to be an essential linguistic mechanism for module manipulation. In Jigsaw, the roles of classes in existing languages are "unbundled," by providing a suite of operators independently controlling such effects as combination, modification encapsulation name resolution and sharing all on the single notion of module. All module operators are forms of inheritance Thus, inheritance is not in conflict with modularity in this system but is indeed its foundation This allows a previously unobtainable spectrum of features to be combined in a cohesive manner including multiple inheritance mixins, encapsulation and strong typing. Jigsaw has a rigorous semantics based upon a denotational model of inheritance Jigsaw provides a notion of modularity independent of a particular computational paradigm Jigsaw can therefore be applied to a wide variety of languages especially special purpose languages where the effort of designing specific mechanisms for modularity is difficult to justify but which could still benefit from such mechanisms. The framework is used to derive an extension of Modula-3 that supports the new operations An efficient implementation strategy is developed for this extension The performance of this scheme is on a par with the methods employed by the highest performance object oriented language processors currently available

Does OO sync with the way we think?

Given that corrective-maintenance costs already dominate the software life cycle and look set to increase significantly, reliability in the form of reducing such costs should be the most important software improvement goal. Yet the results are not promising when we review recent corrective-maintenance data for big systems in general and for OO in particular-possibly because of mismatches between the OO paradigm and how we think

On the essence and initiality of conflicts

Understanding conflicts between transformations and rules is an important topic in algebraic graph transformation. A conflict occurs when two transformations are not parallel independent, that is, when after applying one of them the other can no longer occur. We contribute to this research thread by proposing a new characterization of the root causes of conflicts, called “conflict essences”. By exploiting a recently proposed characterization of parallel independence we easily show that the conflict essence of two transformations is empty iff they are parallel independent. Furthermore we show that conflict essences are smaller than the “conflict reasons” previously proposed, and that they uniquely determine the so-called “initial conflicts”. All results hold in categories of Set-valued functors, which include the categories of graphs and typed graphs, and several of them hold in the more general adhesive categories

Advanced data structures for the interpretation of image and cartographic data in geo-based information systems

A growing need to usse geographic information systems (GIS) to improve the flexibility and overall performance of very large, heterogeneous data bases was examined. The Vaster structure and the Topological Grid structure were compared to test whether such hybrid structures represent an improvement in performance. The use of artificial intelligence in a geographic/earth sciences data base context is being explored. The architecture of the Knowledge Based GIS (KBGIS) has a dual object/spatial data base and a three tier hierarchial search subsystem. Quadtree Spatial Spectra (QTSS) are derived, based on the quadtree data structure, to generate and represent spatial distribution information for large volumes of spatial data