2019 Symposium Posters

Posters > 2019

Ancile: Attack Surface Reduction Through Application Specialization


Primary Investigator:
Mathias Payer

Project Members
Nathan Burow
Control-Flow Hijacking (CFH), and in particular code-reuse attacks, remain the most common attack vector against C/C++ programs. I present Ancile which implements the required functionality analysis, achieves significantly smaller subset of functions by specializing the code. This makes security critical functions more difficult for attackers to reach, substantially raising the bar for CFH attacks. I believe that automatically specializing code for particular usage scenario is a promising new technique for software security, and one that can achieve greater security than static analysis without requiring extra system resources.