Software distributors typically provide software in binary form to end users, yet many DevOps activities from performance profiling to security hardening are difficult to perform without access to source code. Furthermore, significant defenses such as the recent Spectre mitigations often require compiler-level changes. Even for open source systems, it takes time to rebuild projects from source and incorporate a modified compiler.
One simple way to transform a binary is to emulate or virtualize its execution environment. Existing tools (DynamoRIO, Pin, Valgrind) that perform such dynamic binary translation will be introduced. These tools work on nearly any binary and can be extremely useful, although they necessarily introduce some overhead. Other than virtualization, another popular technique is binary rewriting, which is useful for introducing small changes (especially patches), but requires quite a thorough understanding of the binary at hand.
The main part of the talk will introduce a new tool called Egalito, which works differently than existing tools. In the past, binary analysis has been seen as intractable: it quite easily reduces to the halting problem. However, modern binaries have substantial metadata embedded in them. In particular, most Linux distributions (Debian, Ubuntu, Fedora, openSUSE, Arch, etc.) have moved to position-independent executables by default. Egalito shows that such binaries can be completely and precisely analyzed, with all cross-references resolved; after which, user modifications can be introduced; after which, a new binary can be created with no constraints from the original binary. This process is called binary recompilation: it introduces no overhead from virtualization or trampoline jumps.
The goal is to allow Linux power users to transform any binary on their system at a moment's notice, and to improve performance or security. This talk will convince developers and users that binary transformation is a useful tool for any developer's toolbox.