Description
Vulnerability remediation is a critical but traditionally time-consuming and reactive process, often requiring significant effort to address flaws while ensuring system stability. Effective remediation goes beyond identifying vulnerabilities—it ensures they are fixed with precision, maintaining the system’s intended functionality while eliminating risks. To transform this paradigm, our approach focuses on delivering efficient, high-assurance solutions for fixing vulnerabilities. High-assurance, low-cost binary patching enables rapid and reliable fixes for legacy systems without requiring source code or recompilation, while automated binary hardening proactively strengthens software against potential exploits. Advanced techniques like source code patch transfer facilitate applying proven fixes across similar programs, enhancing efficiency and consistency. Verification processes, whether for source or binary patches, ensure that vulnerabilities are resolved without introducing new issues, preserving correct behaviors and system stability. Finally, low-overhead dynamic protections can automatically close entire classes of vulnerabilities without any effort. By streamlining and automating remediation workflows, we aim to shift vulnerability fixing from a reactive burden to a proactive and scalable solution, protecting critical systems from evolving threats.
Solutions
- CodeHawk: Analysis and Patching Platform
Projects
Recent Blog Posts and News
- Mitigating Supply Chain Attacks Through Fine-Grained Privilege Enforcement
- Aarno Labs at Black Hat 2024 – Showcasing the CodeHawk Binary Patcher
Papers
- SARAN: A System for Android Application Interposition. Aarno Labs Technical Report, 2021
- Using Proof-of-Work to Mitigate Spoofing-Based Denial of Service Attacks. CoNEXT-SW, 2021
- Multifocal Relational Analysis for Assured Micropatching: Final Report. Aarno Labs Technical Report, 2024
- BinWrap: Hybrid Protection Against Native Node.js Add-ons. Asia CCS, 2023
- Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction. CCS, 2021
- Mir: Automated Quantifiable Privilege Reduction Against Dynamic Library Compromise in JavaScript. arXiv, 2021
- Sansa: Final Report. Aarno Labs Technical Report, 2017