Conclusions and Future Work

We have presented a buffer overflow defense mechanism using static binary translation based on the RAD [1] model. To the best of our knowledge, this is the first work reported in the open literature that applies static binary translation technology to a concrete application security problem. While a robust binary rewriting infrastructure, such as tools like Etch [7], does exist, published papers on these systems have never documented in detail, the design and implementation issues involved, the solutions adopted to address them and their effectiveness in a quantitative manner. Our contribution lies, not in inventing new approaches to static binary translation but in being the first study to implement state-of-the-art techniques into a working system and evaluate their effectiveness on commercial-grade Windows applications. We believe that this paper exhaustively covers most binary translation issues in substantial depth and detail and presents a comprehensive set of experimental results to demonstrate the efficacy of the design decisions we have made. Finally, the resulting binary-rewriting RAD system achieves qualified success as an important tool to protect legacy applications whose source code is not available against buffer overflow attacks, and thus significantly broadens the applicability of buffer overflow defense mechanisms developed in the research literature. Although, it may not achieve the stated goal of providing the same level of protection as its compiler-based counterpart, in a few cases, it is primarily due to a fundamental deficiency, one that none of the known works in the binary translation literature have done better with, as far as we can tell. Currently, we are exploring more robust and foolproof fall-back mechanisms to deal with scenarios of incorrect disassembly and lack of sufficient space for 'in place' translation. As an immediate next step, we intend to experiment our binary translation engine with Dynamically Linked Libraries (DLLs), since a major chunk of Windows services are implemented as DLLs. Finally, we aim to apply the lessons from exploring static binary translation techniques to build copy- and tamper-resistant software.