Skip to content

arg3t/machete

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

207 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Machete

Machete is a research prototype for temporal software debloating. It profiles an unmodified Linux binary, learns which code pages are needed in each execution phase, and enforces a phase-specific memory view in user space.

The goal is simple: keep less executable code available at any moment, so code-reuse attacks have fewer gadgets to work with.

Machete was developed as part of the MSc thesis Machete: Thwarting Code-Reuse Attacks Through Temporal Permission Tightening in User Space, also available from the TU Delft repository. It is built on the system-call interposition substrate from K23 by Voulimeneas et al..

What it does

Machete has three moving parts:

  1. Profiler — records page-granularity memory-access traces from target executions.
  2. Policy learner — turns traces into a compact finite-state phase model using a modified Blue-Fringe / EDSM learner.
  3. Runtime enforcer — runs the target with per-phase page permissions and execute-only memory over shared physical memory.

Unlike static debloating, Machete is temporal: initialization, steady-state work, and later phases can expose different executable pages.

Repository layout

machete/                 Main Machete launcher binary
k23/                     Baseline launcher used by the substrate
lib/machete-*            Machete runtime, bootstrap, and shared types
lib/k23-*                Interposition substrate crates
lib/procmaps             /proc/<pid>/maps parser
lib/smol_bitmap          Small bitmap/set utility crate
parser/                  Trace browser, policy learner, simulator, sweep tools
tools/sandbox-viz        React visualizer for sandbox graphs

Main components

machete/

Command-line launcher for running a program under Machete. It builds the runtime configuration, injects the Machete loader, and starts the target process.

Example shape:

cd machete
cargo run --release -- --online --out ./logs -- /path/to/program arg1 arg2

For enforcement with a learned policy:

cargo run --release -- --sandbox sandbox.json -- /path/to/program arg1 arg2

lib/machete-interp/

In-process runtime library. It handles phase transitions, page permission changes, signal/system-call paths, synchronization, and runtime bookkeeping.

lib/machete-bootstrap/

Bootstrap library loaded into the target process. It initializes the sandbox environment and prepares process state for enforcement.

lib/machete-common/

Shared configuration, messages, queues, runtime types, and transition data structures used by the launcher, bootstrap, parser, and runtime.

parser/

Analysis tooling for logs and policies:

  • interactive shell and GUI for browsing execution logs;
  • sandbox simulation against recorded traces;
  • Graphviz export for policies;
  • modified Blue-Fringe / EDSM learner;
  • parameter sweeps for tuning the security/performance tradeoff.

Useful command families are exposed as parser subcommands such as shell, gui, simulate, sandbox-dot, edsm, and sweep.

tools/sandbox-viz/

React visualizer for sandbox/policy graphs.

Status

This is research code. It is useful for reproducing ideas, studying the implementation, and experimenting with temporal permission tightening. It is not packaged as a production-ready sandbox.

License

MIT. See LICENSE.

About

Prototype for temporal software debloating: Machete profiles unmodified Linux binaries, learns phase-specific code-page policies, and enforces tighter executable memory views in user space to reduce code-reuse attack surface.

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Contributors