SYSTEM AND METHOD FOR RETROFITTING APPLICATION CODE

摘要

Disclosed is a system and method for retrofitting defensive technology that transforms potentially dangerous computer programs into safe programs. The present disclosure involves applying software rewriting and/or randomization algorithms to monitored application launches and/or API calls. The present disclosure provides systems and methods for understanding and manipulating how untrusted software will behave upon execution, thereby thwarting any chance the untrusted software could launch and/or institute a weaponized malicious software attack. The present disclosure can apply a light-weight binary rewriting and in-lining system to tame and secure untrusted binary programs. The disclosed systems and methods can also implement binary stirring by imbuing native code of software with the ability to self-randomize its instruction addresses each time it is launched.

主权项

1. A method comprising:
(a) receiving, at a computing device, a request to launch a program; (b) identifying, via the computing device, binary code associated with the requested program; (c) rewriting, via the computing device, the binary code, (i) said rewriting comprising disassembling the binary code to identify a set of known targets within the code, (ii) said rewriting further comprising applying a policy to the binary code to restrict actions of the code upon execution of the program; (d) verifying, via the computing device, the rewritten binary code, said verification comprises certifying said rewritten binary is compliant with said policy; (e) launching, via the computing device, said program based upon said rewritten binary, said launching comprising execution of said program at a load-time; and (f) rearranging, via the computing device, the binary code of the program, (i) said rearranging occurring at said load-time, (ii) said rearranging comprising stirring the binary code by randomly organizing an internal layout of the binary code in response to said launching.