Chris Porter

Matthew Kenely, Dylan Seychell, Carl James Debono et al.

News outlets' competition for attention in news interfaces has highlighted the need for demographically-aware saliency prediction models. Despite recent advancements in saliency detection applied to user interfaces (UI), existing datasets are limited in size and demographic representation. We present a deep learning framework that enhances the SaRa (Saliency Ranking) model with DeepGaze IIE, improving Salient Object Ranking (SOR) performance by 10.7%. Our framework optimizes three key components: saliency map generation, grid segment scoring, and map normalization. Through a two-fold experiment using eye-tracking (30 participants) and mouse-tracking (375 participants aged 13--70), we analyze attention patterns across demographic groups. Statistical analysis reveals significant age-based variations (p < 0.05, {ε^2} = 0.042), with older users (36--70) engaging more with textual content and younger users (13--35) interacting more with images. Mouse-tracking data closely approximates eye-tracking behavior (sAUC = 0.86) and identifies UI elements that immediately stand out, validating its use in large-scale studies. We conclude that saliency studies should prioritize gathering data from a larger, demographically representative sample and report exact demographic distributions.

Chris Porter, Sharjeel Khan, Santosh Pande

Modern code reuse attacks are taking full advantage of bloated software. Attackers piece together short sequences of instructions in otherwise benign code to carry out malicious actions. Eliminating these reusable code snippets, known as gadgets, has become one of the prime concerns of attack surface reduction. The aim is to break these chains of gadgets, thereby making such code reuse attacks impossible or substantially less common. Previous work on attack surface reduction has typically tried to eliminate such attacks by subsetting the application, e.g. via user-specified inputs, configurations, or features, or by focusing on third-party libraries to achieve high gadget reductions with minimal interference to the application. In this work we present a general, whole-program attack surface reduction technique called OCA that significantly reduces gadgets and has minor performance degradation. OCA requires no user inputs and leaves all features intact. OCA identifies specific program points and through analysis determines key function sets to enable/disable at runtime. The runtime system, thus, controls the set of enabled functions during execution, thereby significantly reducing the set of active gadgets an attacker can use, and by extension, cutting down the set of active gadget chains dramatically. On SPEC CPU 2017, our framework achieves 73.2% total gadget reduction with only 4% average slowdown. On 10 GNU coreutils applications, it achieves 87.2% reduction. On the nginx server it achieves 80.3% reduction with 2% slowdown. We also provide a gadget chain-breaking study across all applications, and show that our framework breaks the shell-spawning chain in all cases.

Girish Mururu, Chris Porter, Prithayan Barua et al.

Modern software systems heavily use C/C++ based libraries. Because of the weak memory model of C/C++, libraries may suffer from vulnerabilities which can expose the applications to potential attacks. For example, a very large number of return oriented programming gadgets exist in glibc that allow stitching together semantically valid but malicious Turing-complete programs. In spite of significant advances in attack detection and mitigation, full defense is unrealistic against an ever-growing set of possibilities for generating such malicious programs. In this work, we create a defense mechanism by debloating libraries to reduce the dynamic functions linked so that the possibilities of constructing malicious programs diminishes significantly. The key idea is to locate each library call site within an application, and in each case to load only the set of library functions that will be used at that call site. This approach of demand-driven loading relies on an input-aware oracle that predicts a near-exact set of library functions needed at a given call site during the execution. The predicted functions are loaded just in time, and the complete call chain (of function bodies) inside the library is purged after returning from the library call back into the application. We present a decision-tree based predictor, which acts as an oracle, and an optimized runtime system, which works directly with library binaries like GNU libc and libstdc++. We show that on average, the proposed scheme cuts the exposed code surface of libraries by 97.2%, reduces ROP gadgets present in linked libraries by 97.9%, achieves a prediction accuracy in most cases of at least 97%, and adds a small runtime overhead of 18% on all libraries (16% for glibc, 2% for others) across all benchmarks of SPEC 2006, suggesting this scheme is practical.