SaBRe is a modular selective binary rewriter. It is able to rewrite system calls, vDSO and named functions. We currently support two architectures: x86_64 and RISC-V.
Binary rewriting is a technique that consists in disassembling a program to modify its instructions, with many applications in software reliability and security. However, existing solutions suffer from well-known shortcomings in terms of soundness and performance.
We present SaBRe, a novel load-time system for selective binary rewriting. SaBRe rewrites specific constructs—particularly system calls and function prologues—when the program is loaded into memory, and intercepts them using a modular architecture that allows third-party plugins to be loaded into \sabre using a simple and flexible API. We also discuss the theoretical underpinnings of disassembling and rewriting, including conditions for coverage, accuracy, and correctness; and how they affect SaBRe.
We developed two backends for SaBRe—one for x86_64 and one for RISC-V—which were in turn used to implement three plugins: a fast system call tracer, a multi-version executor and a fault injector. Our evaluation shows that SaBRe imposes little performance overhead, between 0.2% and 4.3% on average.
Watch a video presentation to see the main idea behind our project.