The page-fault weird machine: Lessons in instruction-less computation

7th USENIX Workshop on Offensive Technologies, WOOT 2013

Volumn , Issue , 2013, Pages

  Bangert, Julian ^a   Bratus, Sergey ^a   Shapiro, Rebecca ^a   Smith, Sean W ^a  

^a NONE

Author keywords

[No Author keywords available]

Indexed keywords

MEMORY ARCHITECTURE;

EXECUTION ENVIRONMENTS; EXECUTION MODEL; HARD-WIRED; INTERRUPT HANDLING; TURING-COMPLETE;

COMPUTATION THEORY;

EID: 85084162701     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (28)

1. Architectures Software Developer Manuals. Intel Corporation, 2013.
2. anonymous author. Once upon a free(). Phrack 57:9. http://phrack.org/issues.html?issue=57&id=9.
3. Sergey Bratus. What Hacker Research Taught Me. In RSS, 2009. http://www.cs.dartmouth.edu/~sergey/hc/rss-hacker-research.pdf.
4. Sergey Bratus, Michael E Locasto, Meredith L Patterson, Len Sassaman, and Anna Shubina. Exploit Programming: From Buffer Overflows to Weird Machines and Theory of Computation. USENIX; login, pages 13–21, 2011.
5. Thomas Dullien. Exploitation and State Machines: Programming the Weird Machine, Revisited. In Infiltrate, April 2011. http://www.immunityinc.com/infiltrate/2011/presentations/Fundamentals_of_exploitation_revisited.pdf.
6. Thomas Dullien, Tim Kornau, and Ralf-Philipp Weinmann. A Framework for Automated Architecture-Independent Gadget Search. In Proceedings of the 4th USENIX Conference on Offensive Technologies, WOOT’10, pages 1–, Berkeley, CA, USA, 2010. USENIX Association.
7. William F. Gilreath and Phillip A. Laplante. Computer Architecture: A Minimalist Approach, chapter 6, page 41. Kluwer Academic Publishers, Nor-well, MA, USA, 2003.
8. Mario Heiderich. The innerHTML Apocalypse - How mXSS attacks change everything we believed we knew so far. In SysCan conference, 2013.
9. Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, and Jörg Schwenk. Script-less Attacks: Stealing the Pie without Touching the Sill. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 760–771. ACM, 2012.
10. jp. Advanced Doug Lea’s malloc Exploits. Phrack 61:6. http://phrack.org/issues.html?issue=61&id=6.
11. MaXX. Vudo malloc Tricks. Phrack 57:8. http://phrack.org/issues.html?issue=57&id=8.
12. ~hame/ilc07-final.pdf.
13. Greg Morrisett, Gang Tan, Joseph Tassarotti, Jean-Baptiste Tristan, and Edward Gan. RockSalt: Better, Faster, Atronger SFI for the x86. In PLDI, pages 395–404, 2012.
14. Nergal. The Advanced return-into-lib(c) Exploits: PaX Case Study. Phrack Magazine, 58(4), Dec 2001.
15. James Oakley and Sergey Bratus. Exploiting the Ward-working DWARF: Trojan and Exploit Techniques with no Native Executable Code. In Proceedings of the 5th USENIX conference on Offensive technologies, WOOT’11, pages 11–11, Berkeley, CA, USA, 2011. USENIX Association.
16. Roberto Paleari, Lorenzo Martignoni, Giampaolo Fresi Roglia, and Danilo Bruschi. A Fistful of Red Pills: How to Automatically Generate Procedures to Detect CPU Emulators. In Proceedings of the 3rd USENIX conference on Offensive technologies, pages 2–2. USENIX Association, 2009.
17. PaX Team, http://pax.grsecurity.net/docs/pageexec.old.txt. PAGEEXEC, 2003.
18. PaxTeam, http://pax.grsecurity.net/docs/pageexec.old.txt. PAGEEXEC implementation, 2000.
19. Rebecca Shapiro. Programming Weird Machines with ELF Metadata. In DEFCON 20, 2012.
20. Gerardo Richarte. Re: Future of Buffer Overflows. Bugtraq, October 2000. http://seclists.org/bugtraq/2000/Nov/32.
21. Gerardo Richarte. About Exploits Writing. Technical report, Core Security Technologies, http://corelabs.coresecurity.com/index.php?module=Wiki&action=attachment&type=researcher&page=Gerardo_Richarte&file=publication%2FAbout_Exploits_Writing%2F2002.gera.About_Exploits_Writing.pdf, 2002. [Title as indicated.].
22. Ryan Roemer, Erik Buchanan, Hovav Shacham, and Stefan Savage. Return-Oriented Programming: Systems, Languages, and Applications, 2009.
23. Len Sassaman, Meredith L. Patterson, Sergey Bratus, and Michael E. Locasto. Towards a Theory of Computer Insecurity: a Formal Language-Theoretic Approach. IEEE Systems Journal, special issue Security and Privacy in Complex Systems, 2011.
24. Hovav Shacham. The Geometry of Innocent Flesh on the Bone: return-into-libc without Function Calls. In ACM Conference on Computer and Communications Security, pages 552–561, 2007.
25. Skape. LOCREATE: an Anagram for Relocate. Uninformed, 6, 2007. http://uninformed.org/?v=6&a=3&t=pdf.
26. Sherri Sparks and Jamie Butler. ShadowWalker: Raising the Bar for Rootkit detection. In DEFCON 13, 2005.
27. Joe Stewart. OllyBone: Semi-Automatic Unpacking on IA-32. In DEFCON 14, 2006.
28. Yan Wang and Veronica Gaspes. A Library for Processing Ad hoc Data in Haskell: Embedding a Data Description Language. In Implementation and Application of Functional Languages, number 5836 in Lecture Notes in Computer Science, page 16, 2011.