Enregistré dans:
Détails bibliographiques
Auteurs principaux: Zhao, Brian, Yang, Yiwei, Zheng, Yusheng, Quinn, Andi
Format: Preprint
Publié: 2025
Sujets:
Accès en ligne:https://arxiv.org/abs/2506.09426
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
_version_ 1866916790554066944
author Zhao, Brian
Yang, Yiwei
Zheng, Yusheng
Quinn, Andi
author_facet Zhao, Brian
Yang, Yiwei
Zheng, Yusheng
Quinn, Andi
contents Rewriting x86_64 binaries-whether for security hardening, dynamic instrumentation, or performance profiling is notoriously difficult due to variable-length instructions, interleaved code and data, and indirect jumps to arbitrary byte offsets. Existing solutions (e.g., "superset disassembly") ensure soundness but incur significant overhead and produce large rewritten binaries, especially for on-the-fly instrumentation. This paper addresses these challenges by introducing the Time Variance Authority (TVA), which leverages Intel's Control-Flow Enforcement Technology (CET). By recognizing endbr64 as the only valid indirect jump target, TVA prunes spurious disassembly paths while preserving soundness and emulates CET constraints on processors lacking native CET support, effectively mitigating ROP/JOP exploits without new hardware. We implement TVA by modernizing the Multiverse rewriter for 64-bit Linux. Our evaluation on SPEC CPU2017 and real-world applications shows that TVA-guided rewriting achieves up to 1.3x faster instrumentation time. These results underscore TVA's feasibility as a high-performance, uprobes-free alternative for robust x86_64 binary analysis and rewriting.
format Preprint
id arxiv_https___arxiv_org_abs_2506_09426
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Exploiting Control-flow Enforcement Technology for Sound and Precise Static Binary Disassembly
Zhao, Brian
Yang, Yiwei
Zheng, Yusheng
Quinn, Andi
Hardware Architecture
Rewriting x86_64 binaries-whether for security hardening, dynamic instrumentation, or performance profiling is notoriously difficult due to variable-length instructions, interleaved code and data, and indirect jumps to arbitrary byte offsets. Existing solutions (e.g., "superset disassembly") ensure soundness but incur significant overhead and produce large rewritten binaries, especially for on-the-fly instrumentation. This paper addresses these challenges by introducing the Time Variance Authority (TVA), which leverages Intel's Control-Flow Enforcement Technology (CET). By recognizing endbr64 as the only valid indirect jump target, TVA prunes spurious disassembly paths while preserving soundness and emulates CET constraints on processors lacking native CET support, effectively mitigating ROP/JOP exploits without new hardware. We implement TVA by modernizing the Multiverse rewriter for 64-bit Linux. Our evaluation on SPEC CPU2017 and real-world applications shows that TVA-guided rewriting achieves up to 1.3x faster instrumentation time. These results underscore TVA's feasibility as a high-performance, uprobes-free alternative for robust x86_64 binary analysis and rewriting.
title Exploiting Control-flow Enforcement Technology for Sound and Precise Static Binary Disassembly
topic Hardware Architecture
url https://arxiv.org/abs/2506.09426