Confidence - (28-29.05 2013 Krakow)
Język: polski | english

Rebecca “bx” Shapiro

Bio:
Rebecca “bx” Shapiro is a graduate student at a small college in Northern Appalachia. She enjoys tinkering with systems in undocumented manners to find hidden sources of computation. She hopes to continue this work to find more specimens for Sergey Bratus’s weird machine zoo.

Temat prezentacji: Any Input Is a Program: Weird Machines in ABI and architecture metadata

Prelegenci: Rebecca “bx” Shapiro, Julian Bangert, Sergey Bratus

Język prezentacji: Angielski

Skrót:
Complex enough input to a complex enough system can have effects indistinguishable from a native program for that system. A sufficiently complex input format may become “byte code” for a kind of a virtual machine within the software that handles it; in many classic exploit programming techniques, data is the program that runs on the code. We will show two examples of this that aren’t exploits as such, but show Turing-complete programming by kinds of data that are hardly ever given a second glance: (1) ELF binary format headers with nothing but well-formed relocation and dynamic symbol entries (executed by the runtime linker-loader), and (2) x86 memory and interrupt descriptor tables (executed by the CPU page fault handling and context switching logic, without any instructions being successfully dispatched).

If these data formats can hide a Turing-complete computation, what about all others more complex “feature-rich” ones? What makes a format lend itself to being an equivalent of an instruction set? Can looking for “weird machines” help design trustworthy systems? Join us for the talk and discussion of this weird research direction!