weird machines in program metadata
play

WEIRD MACHINES IN PROGRAM METADATA: ATTACKS AND DEFENSES NOVEMBER - PowerPoint PPT Presentation

Dec 12, 2022 •416 likes •566 views

ANNUAL INDUSTRY WORKSHOP NOVEMBER 6-7, 2013 WEIRD MACHINES IN PROGRAM METADATA: ATTACKS AND DEFENSES NOVEMBER 2013 REBECCA . bx SHAPIRO DARTMOUTH COLLEGE TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.ORG 1 UNIVERSITY

  1. ANNUAL INDUSTRY WORKSHOP NOVEMBER 6-7, 2013 WEIRD MACHINES IN PROGRAM METADATA: ATTACKS AND DEFENSES NOVEMBER 2013 REBECCA “. bx ” SHAPIRO DARTMOUTH COLLEGE TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.ORG 1 UNIVERSITY OF ILLINOIS | DARTMOUTH COLLEGE | UC DAVIS | WASHINGTON STATE UNIVERSITY FUNDING SUPPORT PROVIDED BY DOE-OE AND DHS S&T

  2. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G OUTLINE/CONTRIBUTIONS • Highlight metadata as a mostly undefended attack vector • Demonstrate metadata-driven computation environment – “Weird machine” – Runtime loader → machine – Program metadata → instructions • Discuss defenses 2

  3. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G TRADITIONAL VIEW OF EXECUTABLES 3

  4. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G OUR VIEW OF EXECUTABLES 4

  5. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G ELF AND METADATA IN THE POWER GRID • ELF – one way to package code and data – E xecutable and L inking F ormat – Binary metadata/file format of Linux/Unix • (Windows uses PE; OSX uses Mach-O) • ELF in the power grid – Embedded Linux Program code • Kernel binary • Kernel modules • Executable binaries • Shared libraries 5

  6. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G HOW TO LOAD/EXECUTE AN ELF 6 6

  7. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G HOW TO LOAD/EXECUTE AN ELF Weird machines lurk here 7 7

  8. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G ELF DYNAMIC RELOCATION METADATA • Intended behavior – Processed by RTLD (the runtime loader) – Instructs RTLD to write given value at given address • Unintended behavior – Can locate base address of randomized libraries – Can perform dynamic linking – Can perform arbitrary computation (WOOT 2013) 8

  9. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G TAMING THE RTLD WEIRD MACHINE • Case study: ping in inetutils v1.8 • Goal: insert backdoor that drops root shell – Without changing code • Facts about ping: – Widely used networking tool – Runs setuid as root – Drops privilege during execution • See 29C3 Talk – “ The Care and Feeding of Weird Machines Found in Executable Metadata” • Available in both ELF and Mach-O flavors 9

  10. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G TODAY’S DEFENSES ARE NOT SUFFICIENT • Input validation • Data execution protection (DEP) • Address space layout randomization (ASLR) • Code signing/integrity checking • Access control (RWX) • (where is the vulnerability?) Photoshopped by Kythera of Anevern 10

  11. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G OUR DEFENSE APPROACH #1: ELFBAC • A more generic weird machine defense • Build/enforce intra-process access control • Limit the chunks of addresses that chunks of running code can access – e.g.: libraries should not touch application’s sensitive data • Enforce module-level control flow integrity – e.g: data should be encrypted before sent over network • ELFbac: Using the Loader Format for Intent-level Semantics and Fine- grained Protection. Dartmouth Computer Science Technical Report TR2013-727 11

  12. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G OUR DEFENSE APPROACH #2: LANGSEC • Defending against parser-based weird machines • Input  data  “instructions” • Input should be designed as a formal language • Input structure should be well-defined • Should not require a Turing machine to validate/interpret input • Regular expressions can be reasoned about • Weird machines lurk in Turing-complete recognizers • Langsec.org (Bratus et al) 12

  13. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G DO YOU KNOW WHAT WEIRD MACHINES LURK IN YOUR DATA? 13 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Weird Machines on Little Robots Intro to binary exploitation on Android smartphones @f0rki

Weird Machines on Little Robots Intro to binary exploitation on Android smartphones @f0rki

Weird Machines on Little Robots Intro to binary exploitation on Android smartphones @f0rki 2013-06-06 Agenda Motivation ARM Primer Exploitation 101 Science, Bitches! Vulnerability classes Exploitation Defenses & Mitigation Techniques

899 views • 51 slides
Weird machines: a model for code-reuse attacks Sergey Bratus Rebecca Shapiro Anna Shubina

Weird machines: a model for code-reuse attacks Sergey Bratus Rebecca Shapiro Anna Shubina

Weird machines: a model for code-reuse attacks Sergey Bratus Rebecca Shapiro Anna Shubina Dartmouth T rust Lab Outline Code re-use: unexpected computation, programming models Containing computation: Coarse intent-based ABI-level

487 views • 27 slides
The Practice of Metadata The hows and whys of metadata at USGS U.S. Department of the

The Practice of Metadata The hows and whys of metadata at USGS U.S. Department of the

The Practice of Metadata The hows and whys of metadata at USGS U.S. Department of the Interior U.S. Geological Survey Presenter Viv Hutchison USGS Core Science Systems / Core Science Analytics and Synthesis (CSAS) Program Denver,

639 views • 44 slides
m e t a d a t a how much of a difference does metadata really make to your bottom line?

m e t a d a t a how much of a difference does metadata really make to your bottom line?

it might be the giant in the room, but it doesnt ha ve t o be scary l e t s t a l k a b o u t What is metadata? What differentiates great metadata from merely good? Do you really need to worry about it? As a publisher, m

253 views • 6 slides
From SDTM to displays, through ADaM & Analyses Results Metadata, a flight on board METADATA

From SDTM to displays, through ADaM & Analyses Results Metadata, a flight on board METADATA

From SDTM to displays, through ADaM & Analyses Results Metadata, a flight on board METADATA Airlines Omar SEFIANI - Stphane BOUGET, Boehringer Ingelheim DH13, PhUSE Barcelona 2016, October, 12 th Outline Background Metadata Driven

683 views • 19 slides
Metadata In ArcGIS 10.0 Jason Cupp Whats New In ArcGIS 10.0 New Metadata Editor for

Metadata In ArcGIS 10.0 Jason Cupp Whats New In ArcGIS 10.0 New Metadata Editor for

Esri International User Conference | San Diego, CA Technical Workshops | 2011-07-12 Metadata In ArcGIS 10.0 Jason Cupp Whats New In ArcGIS 10.0 New Metadata Editor for Multiple Standards New Tools and Workflows Metadata Editor

332 views • 22 slides
UNSD metadata template / SDMX Metadata Structure Definition Elena De Jess, UNSD Standardized

UNSD metadata template / SDMX Metadata Structure Definition Elena De Jess, UNSD Standardized

UNSD metadata template / SDMX Metadata Structure Definition Elena De Jess, UNSD Standardized metadata improves usability and comparability Metadata (and data) that follow specific standardized patterns: are easier for users to interpret

991 views • 19 slides
Float metadata on DAC GDAC CATHERINE SCHMECHTIG Tentative Conclusions (from M. Donnelly)

Float metadata on DAC GDAC CATHERINE SCHMECHTIG Tentative Conclusions (from M. Donnelly)

An extension of the Argo program to include biogeochemical observations Float metadata on DAC GDAC CATHERINE SCHMECHTIG Tentative Conclusions (from M. Donnelly) Inconsistency in encoding BGC metadata in the Argo data system Effects a

485 views • 16 slides
Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines: Virtual machine technology, often just called virtualization , makes one computer behave as several Running several operating systems simultaneously on

254 views • 10 slides
His istoric Preserv rvation Appreciating th the Weird Steven Hoffman, PhD. Coordinator,

His istoric Preserv rvation Appreciating th the Weird Steven Hoffman, PhD. Coordinator,

7/30/2019 His istoric Preserv rvation Appreciating th the Weird Steven Hoffman, PhD. Coordinator, Historic Preservation Program Southeast Missouri State University President, Missouri Main Street Connection 1 Historic ic Pres

467 views • 32 slides
Restructuring the NSA Metadata Program Seny Kamara Microsoft Research Thanks to: Timothy Edgar,

Restructuring the NSA Metadata Program Seny Kamara Microsoft Research Thanks to: Timothy Edgar,

Restructuring the NSA Metadata Program Seny Kamara Microsoft Research Thanks to: Timothy Edgar, Matt Green, Noah Kunin, Payman Mohassel, Kurt Rohloff, Chris Soghoian and Marcy Wheeler June 5 th , 2013 1 st Snowden document published Verizon

554 views • 43 slides
DUNE Data Model Meeting: Metadata Metadata Needs And Considerations Steven Timm The following

DUNE Data Model Meeting: Metadata Metadata Needs And Considerations Steven Timm The following

DUNE Data Model Meeting: Metadata Metadata Needs And Considerations Steven Timm The following are design concerns for whatever new metadata system is written or adopted. They are written from the point of view of data management operations and

166 views • 4 slides
Expanding Metadata Reuse with an Islandora Metadata Extraction Utility Serhiy Polyakov and

Expanding Metadata Reuse with an Islandora Metadata Extraction Utility Serhiy Polyakov and

Expanding Metadata Reuse with an Islandora Metadata Extraction Utility Serhiy Polyakov and William E. Moen University of North Texas International conference Open Repositories 2013 Charlottetown, Prince Edward Island, Canada Paper presented at

474 views • 25 slides
Why the British constitution is weird (and interesting)

Why the British constitution is weird (and interesting)

Why the British constitution is weird (and interesting) Dr Mark Ellio+ Reader in Public Law, University of Cambridge Fellow & Director of

426 views • 14 slides
Concurrent clinical condition - on presentation Important note: This is an archived metadata

Concurrent clinical condition - on presentation Important note: This is an archived metadata

Concurrent clinical condition - on presentation Important note: This is an archived metadata standard from the AIHW Knowledgebase. For current metadata standards and related information please access METeOR, the AIHW's Metadata Online Registry

180 views • 3 slides
The OAI2LOD Server Exposing OAI-PMH Metadata as Linked Data Motivation more than 1700

The OAI2LOD Server Exposing OAI-PMH Metadata as Linked Data Motivation more than 1700

The OAI2LOD Server Exposing OAI-PMH Metadata as Linked Data Motivation more than 1700 institutions worldwide expose metadata via the Open Archives Initiative Protocol for Metadata Harvesting (OAI-PMH) using open standards like URI, HTTP ,

224 views • 19 slides
Makefiles CS 2XA3 Term I, 2020/21 Outline Example Calling make Syntax How it works Macros

Makefiles CS 2XA3 Term I, 2020/21 Outline Example Calling make Syntax How it works Macros

Makefiles CS 2XA3 Term I, 2020/21 Outline Example Calling make Syntax How it works Macros Suffix rules Command line options Example Assume we have files main.c , test.c , and lo.asm Consider the makefile program: main.o test.o lo.o gcc

417 views • 19 slides
Santa Claus with Mobile with Mobile Santa Claus with Mobile Santa Claus Reindeer

Santa Claus with Mobile with Mobile Santa Claus with Mobile Santa Claus Reindeer

Santa Claus with Mobile with Mobile Santa Claus with Mobile Santa Claus Reindeer and Elves Reindeer and Elves Reindeer and Elves Peter Welch ( phw@kent.ac.uk ) Matt Pedersen ( matt@faculty.egr.unlv.edu ) CPA 2008 (09/07/2008)

1.27k views • 60 slides
Embedded Systems Programming ES Development Environment (Module 3) Yann-Hang Lee Arizona State

Embedded Systems Programming ES Development Environment (Module 3) Yann-Hang Lee Arizona State

Embedded Systems Programming ES Development Environment (Module 3) Yann-Hang Lee Arizona State University yhlee@asu.edu (480) 727-7507 Summer 2014 Real-time Systems Lab, Computer Science and Engineering, ASU Embedded System Development

403 views • 11 slides
The Usefulness of Sparsifiable Inputs: How to Avoid Subexponential iO Thomas Agrikola 1 Geoffroy

The Usefulness of Sparsifiable Inputs: How to Avoid Subexponential iO Thomas Agrikola 1 Geoffroy

The Usefulness of Sparsifiable Inputs: How to Avoid Subexponential iO Thomas Agrikola 1 Geoffroy Couteau 2 Dennis Hofheinz 3 1 Karlsruhe Institute of Technology (KIT), Germany 2 IRIF, Paris-Diderot University, CNRS, France 3 ETH Zurich, Switzerland

909 views • 47 slides
Person Re-identification Introduction and Future Trends Shengcai Liao Institute of Automation

Person Re-identification Introduction and Future Trends Shengcai Liao Institute of Automation

Person Re-identification Introduction and Future Trends Shengcai Liao Institute of Automation Chinese Academy of Sciences ICPR 2018 Tutorial Beijing CONTENT Introduction 01 02 Approach 03 Evaluation and Benchmark 04 Future

855 views • 37 slides
in Virtual Environments Representing People Representing People Whats in this lecture?

in Virtual Environments Representing People Representing People Whats in this lecture?

Will Steptoe 30 th November 2010 in Virtual Environments Representing People Representing People Whats in this lecture? Part 1 : Virtual Characters History, Agency, Control in Immersive and Non- History Agency Control in Immersive

1.01k views • 69 slides
AIs in Social Environments CS 278 | Stanford University | Michael Bernstein Announcements

AIs in Social Environments CS 278 | Stanford University | Michael Bernstein Announcements

AIs in Social Environments CS 278 | Stanford University | Michael Bernstein Announcements Project presentations on Wednesday What we care about Final projects due next Tuesday, June 11 Class evaluations now open, feedback welcome 2 Last time

735 views • 39 slides
Introduction to Natural Language Processing CMSC 470 Marine Carpuat Natural Language Processing

Introduction to Natural Language Processing CMSC 470 Marine Carpuat Natural Language Processing

Introduction to Natural Language Processing CMSC 470 Marine Carpuat Natural Language Processing (NLP) The engineering discipline of doing what people do with language, but using computers Computational Linguistics (CL) The science of

934 views • 28 slides

More recommend