Demo: Dynamic Neutralization of Data Leakages

Abstract

The security of hardware-software systems is at risk from a wide range of attack vectors that appear at various stages during the execution of machine code. The existing approaches for repairing software defects have numerous restrictions with respect to their applicability and functionality and to the range of vulnerabilities that can be identified and eliminated. We propose an approach for removing software errors in program code that is based on just-in-time compilation in a virtual execution environment. The virtual environment uses static, dynamic, and hybrid analyses of the intermediate representation of vulnerable code and re-compiles such code to be safe. The language of code annotations allows us to manage static and dynamic analyses and code transformations. We can change the level of analysis and the amount of time spent on such analyses by dynamically adapting the precision.