Confidence - (28-29.05 2013 Krakow)
Język: polski | english

Sergey Bratus

Sergey Bratus is a Research Assistant Professor of Computer Science at Dartmouth College. He tries to help fellow academics to understand the value and relevance of hacker research. It is his ambition to collect and classify all kinds of weird machines; he is also a member of the conspiracy to eliminate large classes of bugs.

Temat prezentacji 1: Any Input Is a Program: Weird Machines in ABI and architecture metadata

Prelegenci: Sergey Bratus, Julian Bangert, Rebecca “bx” Shapiro

Język prezentacji: Angielski

Complex enough input to a complex enough system can have effects indistinguishable from a native program for that system. A sufficiently complex input format may become “byte code” for a kind of a virtual machine within the software that handles it; in many classic exploit programming techniques, data is the program that runs on the code. We will show two examples of this that aren’t exploits as such, but show Turing-complete programming by kinds of data that are hardly ever given a second glance: (1) ELF binary format headers with nothing but well-formed relocation and dynamic symbol entries (executed by the runtime linker-loader), and (2) x86 memory and interrupt descriptor tables (executed by the CPU page fault handling and context switching logic, without any instructions being successfully dispatched).

If these data formats can hide a Turing-complete computation, what about all others more complex “feature-rich” ones? What makes a format lend itself to being an equivalent of an instruction set? Can looking for “weird machines” help design trustworthy systems? Join us for the talk and discussion of this weird research direction!

Temat prezentacji 2: ELF Eccentricities

Prelegenci: Sergey Bratus, Julian Bangert

Język prezentacji: Angielski

.Bx has demonstrated how to build a Turing machine out of well-formed relocations and symbols of the ELF binary format. Other aspects of the format can be just as twisted. From a language-theoretic standpoint, the ELF format is very context-sensitive: much metadata is stored redundantly and interesting things can happen when metadata is inconsistent. Furthermore, we believe these dependencies are one of the reasons ELF binary manipulation tools are so hard get right and will present a work-in-progress framework in the style of ERESI’s elfsh that takes care of metadata-consistency for modified binaries and parsing inconsistencies for untrusted binaries.