In a world of buggy software, pre-emptive security hardening can be introduced in compilers or through binary rewriters. Binary-level defenses promise to comprehensively defend all code that will actually run, but are much harder to implement. This talk describes our new binary rewriting framework, Egalito, which is very flexible and designed for creating defenses. We call Egalito a binary recompiler: it disassembles binaries fully and completely into a novel two-level intermediate representation, and exposes a modular pass-based architecture to developers. Egalito performs modest binary optimization and the binaries it generates run consistently faster than the inputs---we observe performance speedups even when some simple defenses are applied! Egalito is cross-architecture with full support for x86_64 and ARM64, and partial support for RISC-V. We present six defenses based on Egalito, including retpolines, instruction permutation, and software emulation of upcoming control-flow integrity; we also provide a reimplementation of our earlier work Shuffler (OSDI ’16), which performs continuous code randomization. Like Shuffler, Egalito is able to analyze, transform, and defend itself in a self-hosted environment, which is a capability unique to binary-level defenses. Egalito is currently under submission, but it will be made available to other researchers interested in binary hardening, and we welcome collaboration.

David Williams-King is a fifth-year PhD student at Columbia University in New York City. He was raised in a solar-powered home in a remote area of Canada. David once received an award at an ACM Turing Award ceremony, and is the “best teaching assistant” that Bjarne Stroustrup has ever had for a C++ course. Today, David travels as much as possible and regularly writes code via speech recognition