Core War Virtual Machines, Viruses, and Defense Against the Dark - - PowerPoint PPT Presentation

▶

Jan 24, 2024 496 likes •870 views

Core War Virtual Machines, Viruses, and Defense Against the Dark Arts Philip W. L. Fong pwlfong@cs.uregina.ca Department of Computer Science University of Regina Regina, Saskatchewan, Canada S4S 0A2 Overview 1. Core War The Game 2.

SLIDE 1

Core War

Virtual Machines, Viruses, and Defense Against the Dark Arts

Philip W. L. Fong

pwlfong@cs.uregina.ca

Department of Computer Science University of Regina Regina, Saskatchewan, Canada S4S 0A2

SLIDE 2

Overview

1. Core War – The Game
2. Malicious Code
3. Java Virtual Machine
4. My research

Core War – p.1/34

SLIDE 3

Core War

Author: A. K. Dewdney (1984) Objective:

Players launch virus programs that attempt to terminate each other.

The Core:

Virtual machine architecture on which viruses execute.

Redcode:

Assembly language for programming viruses

MARS (Memory Array Redcode Simulator):

Software simulator for the virtual machine.

Core War – p.2/34

SLIDE 4

The Core

A memory array of 8000 cells. Every cell holds an integer representing either an instruction or random data.

. . . . . 7998

7999
Array is circular: address 8000 = address 0

Core War – p.3/34

SLIDE 5

The Rules

Competing viruses are loaded at random locations. Viruses are executed in turns, one instruction at a time. The first program to execute an illegal instruction loses. Goal: Overwrite opponent with illegal instructions.

Core War – p.4/34

SLIDE 6

Redcode

Example:

MOV 2 -1

Meaning:

pcode

source destination MOV 2

Move the content 2 cells ahead to the location 1 cell behind.

Core War – p.5/34

SLIDE 7

Redcode

Effect:

. . . . . . 1373

1374

MOV 2

1375

1376

DAT 99 . . . . . .

Core War – p.6/34

SLIDE 8

Redcode

Effect:

. . . . . . 1373 DAT 99 1374 MOV 2

1375

1376

DAT 99 . . . . . .

Core War – p.7/34

SLIDE 9

Self-Destruct

Here is a short Redcode program that self-destructs: . . .

→

MOV #0 1 Immediate addressing

. .

Core War – p.8/34

SLIDE 10

Self-Destruct

Here is a short Redcode program that self-destructs: . . .

→

MOV #0 1 Move number 0. DAT . . .

Core War – p.9/34

SLIDE 11

Self-Destruct

Here is a short Redcode program that self-destructs: . . . MOV #0 1

→

DAT Illegal instruction! . . .

Core War – p.10/34

SLIDE 12

Self-Destruct

Here is a short Redcode program that self-destructs: . . . MOV #0 1

→

DAT Execution terminated! . . .

Core War – p.11/34

SLIDE 13

Imp

A self-replicating program: . . .

→

MOV 1

. .

Core War – p.12/34

SLIDE 14

Imp

A self-replicating program: . . .

→

MOV 1 Copy itself to next address MOV 1

. .

Core War – p.13/34

SLIDE 15

Imp

A self-replicating program: . . . MOV 1

→

MOV 1

. .

Core War – p.14/34

SLIDE 16

Imp

A self-replicating program: . . . MOV 1

→

MOV 1 Copy again. MOV 1

. .

Core War – p.15/34

SLIDE 17

Imp

A self-replicating program: . . . MOV 1 MOV 1

→

MOV 1 Copy . . .

. .

Core War – p.16/34

SLIDE 18

Imp

A self-replicating program: . . . MOV 1 MOV 1 MOV 1

→

MOV 1 Copy . . . . . .

Core War – p.17/34

SLIDE 19

Imp

A self-replicating program: . . . MOV 1 MOV 1 MOV 1 MOV 1

→

. . . Sweeping through the core. Overwriting opponent with itself, thereby forcing a tie.

Core War – p.18/34

SLIDE 20

Dwarf

A bombing program: DAT

Counter.

→

1 ADD #5

2 MOV #0 @-2 3 JMP

Core War – p.19/34

SLIDE 21

Dwarf

A bombing program: DAT 4 Counter.

→

1 ADD #5

Increment counter by 5. 2 MOV #0 @-2 3 JMP

Core War – p.20/34

SLIDE 22

Dwarf

A bombing program: DAT 4 Counter. 1 ADD #5

Increment counter by 5.

→

2 MOV #0 @-2 Bomb address 4. 3 JMP

Core War – p.21/34

SLIDE 23

Dwarf

A bombing program: DAT 4 Counter. 1 ADD #5

Increment counter by 5. 2 MOV #0 @-2 Bomb address 4.

→

3 JMP

Loop.

Core War – p.22/34

SLIDE 24

Dwarf

A bombing program: DAT 9 Counter. 1 ADD #5

Increment counter by 5.

→

2 MOV #0 @-2 Bomb address 9. 3 JMP

Loop.

Core War – p.23/34

SLIDE 25

Dwarf

A bombing program: DAT 14 Counter. 1 ADD #5

Increment counter by 5.

→

2 MOV #0 @-2 Bomb address 14. 3 JMP

Loop.

Core War – p.24/34

SLIDE 26

Dwarf

A bombing program: DAT 14 Counter. 1 ADD #5

Increment counter by 5.

→

2 MOV #0 @-2 Bomb address 14. 3 JMP

Loop. Systematically bombing: 4, 9, 14, 19, 24, 29, . . . . Effectively terminating opponent.

Core War – p.25/34

SLIDE 27

MARS

A MARS is a simulator for the Core virtual machine. Most popular one is pMARS (portable MARS). Freely available from the internet.

Core War – p.26/34

SLIDE 28

Malicious Code

Easy Cases:

What if applications run wild like Redcode programs? Multiprogramming Operating Systems (e.g., UNIX, WinXP) How do you know the programs you download from the internet behave in a benign way? Virus scanners

Core War – p.27/34

SLIDE 29

Malicious Code

Hard Cases:

Mobile code: embedding programs in transactions! Plug-ins: what if your left hand does not trust your right hand? One promising solution approach . . .

Core War – p.28/34

SLIDE 30

Language-based Security

Use a safe language for software distribution. Then use programming language technologies to enforce security. Example: Java Virtual Machine (JVM)

Core War – p.29/34

SLIDE 31

Protection Mechanisms in JVM

Virtual machine Bytecode runs in a sandbox. Just like a MARS. Strongly typed Writing to arbitrary address is forbidden. Sorry, Dwarfs not welcome. Constrained control-flow Bytecode never runs wild. Sorry, Imps not welcome.

Core War – p.30/34

SLIDE 32

Protection Mechanisms in JVM

Safe dynamic linking No type spoofing. No impersonation (or identity crisis) allowed. Security manager Complete mediation. No unauthorized access.

Core War – p.31/34

SLIDE 33

What I do for a living

Language-based security research Pluggable Verification Modules Aegis VM (http://aegisvm.sourceforge.net) Type system for access control Mathematical theory of security policies

Core War – p.32/34

SLIDE 34

Where to go from here . . .

http://www.cs.uregina.ca/˜pwlfong/Projects/AnnualComputerCamps

Core War – p.33/34

SLIDE 35

Thank You

Core War – p.34/34