stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
f4eb64fefcd7d2353b42aed44cb732780e861ea4
git.stella-ops.org/docs/features/checked/attestor/binary-fingerprinting.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.8 KiB
Raw Blame History

Binary Fingerprinting (TLSH + Instruction Hashing)

Module

Attestor

Status

VERIFIED

Description

Binary fingerprinting infrastructure with two methods: Simplified TLSH (locality-sensitive hashing) and Instruction Hash (normalized instruction sequence hashing). Both are proof-of-concept implementations noted as needing production-grade library integration. BinaryFingerprintEvidenceGenerator creates attestable proof segments from binary vulnerability findings.

Implementation Details

  • Evidence Generator: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Generators/BinaryFingerprintEvidenceGenerator.cs (with .Helpers) -- attestation layer for binary fingerprint evidence. Creates BinaryFingerprintEvidencePredicate payloads from fingerprint analysis results.
  • Fingerprint Evidence Predicate: __Libraries/StellaOps.Attestor.ProofChain/Predicates/BinaryFingerprintEvidencePredicate.cs -- wraps fingerprint data (TLSH hash, instruction hash) as attestable predicate.
  • Binary Identity: BinaryIdentityInfo.cs -- captures binary metadata (path, SHA-256 hash, format, architecture).
  • Micro-Witness Integration: MicroWitnessBinaryRef.cs -- references specific binary in micro-witness evidence. MicroWitnessFunctionEvidence.cs -- function-level fingerprint evidence.
  • Note: The actual TLSH and instruction hashing algorithms live in src/BinaryIndex/ (the binary analysis module). The Attestor module provides the attestation wrapper and proof-chain integration.
  • Content Addressing: Fingerprint evidence is stored with content-addressed IDs via ContentAddressedIdGenerator.
  • Tests: __Tests/StellaOps.Attestor.ProofChain.Tests/BinaryMicroWitnessPredicateTests.cs

E2E Test Plan

  • Generate a BinaryFingerprintEvidencePredicate from TLSH hash results and verify the predicate contains the locality-sensitive hash
  • Generate a predicate from instruction hash results and verify the normalized instruction sequence hash is captured
  • Verify BinaryIdentityInfo correctly captures binary format (ELF/PE/Mach-O) and architecture
  • Create micro-witness evidence linking a fingerprint to a specific function via MicroWitnessFunctionEvidence and verify the reference chain
  • Verify content-addressed IDs are generated deterministically for identical fingerprint evidence
  • Wrap fingerprint evidence in a DSSE-signed attestation and verify the signed envelope contains the correct predicate type
  • Generate fingerprint evidence for two versions of the same binary and verify the TLSH hashes differ but remain within expected similarity range

Verification

Check Result
Tier 0 - Source Verification PASS
Tier 1 - Build + Code Review PASS
Tier 2 - Behavioral Verification PASS
Verified Date 2026-02-13
Run ID run-001