'Weird Machine' Patterns

You do not understand how your program really works until it has been exploited. We believe that computer scientists and software engineers should regard the activity of modern exploitation as an applied discipline that studies both the actual computational properties and the practical computational limits of a target platform or system. Exploit developers study the computational properties of software that are not studied elsewhere, and they apply unique engineering techniques to the challenging engineering problem of dynamically patching and controlling a running system. These techniques leverage software and hardware composition mechanisms in unexpected ways to achieve such control. Although unexpected, such composition is not arbitrary, and it forms the basis of a coherent engineering workflow. This chapter contains a top-level overview of these approaches and their historical development.

[1]  Vitaly Shmatikov,et al.  Abusing File Processing in Malware Detectors for Fun and Profit , 2012, 2012 IEEE Symposium on Security and Privacy.

[2]  Hovav Shacham,et al.  Return-Oriented Programming: Systems, Languages, and Applications , 2012, TSEC.

[3]  Dawn Xiaodong Song,et al.  Automatic protocol reverse-engineering: Message format extraction and field semantics inference , 2013, Comput. Networks.

[4]  Sergey Bratus,et al.  Exploit Programming: From Buffer Overflows to "Weird Machines" and Theory of Computation , 2011, login Usenix Mag..

[5]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[6]  Sergey Bratus,et al.  The Page-Fault Weird Machine: Lessons in Instruction-less Computation , 2013, WOOT.

[7]  Sergey Bratus,et al.  Exploiting the Hard-Working DWARF: Trojan and Exploit Techniques with No Native Executable Code , 2011, WOOT.

[8]  Sergey Bratus,et al.  Security Applications of Formal Language Theory , 2013, IEEE Systems Journal.

[9]  Úlfar Erlingsson,et al.  Let's parse to prevent pwnage invited position paper , 2012 .

[10]  Hovav Shacham,et al.  The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) , 2007, CCS '07.

[11]  Sergey Bratus,et al.  "Weird Machines" in ELF: A Spotlight on the Underappreciated Metadata , 2013, WOOT.

[12]  Daniel Bilar,et al.  On callgraphs and generative mechanisms , 2007, Journal in Computer Virology.

[13]  Andreas Zeller,et al.  Fuzzing with Code Fragments , 2012, USENIX Security Symposium.