Henny Sipma, Ricardo Baratto, Ben Karel, Michael Gordon (Aarno Labs)

When source code is unavailable, patching security vulnerabilities in binaries requires scarce reverse engineering expertise and specialized tooling. We present Dilipa, a binary micropatching system that enables users to specify patches as edits to lifted C code. Dilipa operates on an AST-based intermediate representation enriched with provenance metadata linking high-level constructs to underlying binary instructions, registers, and memory locations. A frontend compares the original and edited ASTs to extract minimal patch descriptions, and a backend applies them to the binary via direct instruction replacement or trampolines. By focusing on micropatches, small and localized modifications, our approach keeps binary changes minimal and enables post-patch validation through relational binary analysis, providing evidence that no unintended semantic changes have been introduced. We demonstrate Dilipa on three case studies involving real embedded systems, including input validation, buffer overflow, and race condition bugs.

View More Papers

VR ProfiLens: User Profiling Risks in Consumer Virtual Reality...

Ismat Jarin (University of California, Irvine), Olivia Figueira (University of California, Irvine), Yu Duan (University of California, Irvine), Tu Le (The University of Alabama), Athina Markopoulou (University of California, Irvine)

Read More

Porting NASA's core Flight System to the Formally Verified...

Juliana Furgala (MIT Lincoln Laboratory), Samuel Jero (MIT Lincoln Laboratory), Andrea Lin (MIT Lincoln Laboratory), Rick Skowyra (MIT Lincoln Laboratory)

Read More

A Temporal Paradox in Software Vulnerability Prioritization: Why Do...

Osama Al Haddad (Macquarie University, Sydney, Australia), Muhammad Ikram (Macquarie University, Sydney, Australia), Young Choon Lee (Macquarie University, Sydney, Australia), Muhammad Ejaz Ahmed (Data61 CSIRO, Sydney, Australia)

Read More