Evolutionary Security CS 610: Advanced Security Gabriel Daleson.

Slides:



Advertisements
Similar presentations
Dynamic Memory Management
Advertisements

1 CS 201 Compiler Construction Machine Code Generation.
Dynamic Typing COS 441 Princeton University Fall 2004.
Memory Management Tom Roeder CS fa. Motivation Recall unmanaged code eg C: { double* A = malloc(sizeof(double)*M*N); for(int i = 0; i < M*N; i++)
CS 1114: Data Structures – memory allocation Prof. Graeme Bailey (notes modified from Noah Snavely, Spring 2009)
Python Programming Chapter 1: The way of the program Saad Bani Mohammad Department of Computer Science Al al-Bayt University 1 st 2011/2012.
CS 536 Spring Intermediate Code. Local Optimizations. Lecture 22.
4/23/09Prof. Hilfinger CS 164 Lecture 261 IL for Arrays & Local Optimizations Lecture 26 (Adapted from notes by R. Bodik and G. Necula)
Memory Management 1 CS502 Spring 2006 Memory Management CS-502 Spring 2006.
Intermediate Code. Local Optimizations
Improving Code Generation Honors Compilers April 16 th 2002.
Prof. Fateman CS164 Lecture 211 Local Optimizations Lecture 21.
CS 104 Introduction to Computer Science and Graphics Problems Software and Programming Language (2) Programming Languages 09/26/2008 Yang Song (Prepared.
CODING Research Data Management. Research Data Management Coding When writing software or analytical code it is important that others and your future.
3-1 3 Compilers and interpreters  Compilers and other translators  Interpreters  Tombstone diagrams  Real vs virtual machines  Interpretive compilers.
1.3 Executing Programs. How is Computer Code Transformed into an Executable? Interpreters Compilers Hybrid systems.
CS 415: Programming Languages Chapter 1 Aaron Bloomfield Fall 2005.
Abstraction IS 101Y/CMSC 101 Computational Thinking and Design Tuesday, September 17, 2013 Carolyn Seaman University of Maryland, Baltimore County.
High level & Low level language High level programming languages are more structured, are closer to spoken language and are more intuitive than low level.
JIT in webkit. What’s JIT See time_compilation for more info. time_compilation.
1 “Operating System Protection Through Program Evolution” Dr. Frederick B. Cohen “…one of the major reasons attacks succeed is because of the static nature.
Programming Languages: History & Traditional Concepts CSC 2001.
Cosc 2150: Computer Organization
Carnegie Mellon Selected Topics in Automated Diversity Stephanie Forrest University of New Mexico Mike Reiter Dawn Song Carnegie Mellon University.
Chapter 12 Recursion, Complexity, and Searching and Sorting
Compiler course 1. Introduction. Outline Scope of the course Disciplines involved in it Abstract view for a compiler Front-end and back-end tasks Modules.
Abstraction IS 101Y/CMSC 101 Computational Thinking and Design Tuesday, September 17, 2013 Marie desJardins University of Maryland, Baltimore County.
IT253: Computer Organization Lecture 3: Memory and Bit Operations Tonga Institute of Higher Education.
Introduction and Features of Java. What is java? Developed by Sun Microsystems (James Gosling) A general-purpose object-oriented language Based on C/C++
Security - Why Bother? Your projects in this class are not likely to be used for some critical infrastructure or real-world sensitive data. Why should.
Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.
Views Lesson 7.
1.  10% Assignments/ class participation  10% Pop Quizzes  05% Attendance  25% Mid Term  50% Final Term 2.
CS 2130 Lecture 5 Storage Classes Scope. C Programming C is not just another programming language C was designed for systems programming like writing.
Prolog Program Style (ch. 8) Many style issues are applicable to any program in any language. Many style issues are applicable to any program in any language.
CS162 Week 5 Kyle Dewey. Overview Announcements Reactive Imperative Programming Parallelism Software transactional memory.
1 Compiler Construction (CS-636) Muhammad Bilal Bashir UIIT, Rawalpindi.
CSCI1600: Embedded and Real Time Software Lecture 33: Worst Case Execution Time Steven Reiss, Fall 2015.
Operating Systems Lesson 5. Plan Memory Management ◦ Memory segments types ◦ Processes & Memory ◦ Virtual Memory ◦ Virtual Memory Management ◦ Swap File.
Georgia Institute of Technology Speed part 4 Barb Ericson Georgia Institute of Technology May 2006.
Thread basics. A computer process Every time a program is executed a process is created It is managed via a data structure that keeps all things memory.
Operating System Protection Through Program Evolution Fred Cohen Computers and Security 1992.
Code Generation CPSC 388 Ellen Walker Hiram College.
Compiler Construction CPCS302 Dr. Manal Abdulaziz.
1 Asstt. Prof Navjot Kaur Computer Dept PRESENTED BY.
INF3110 Group 2 EXAM 2013 SOLUTIONS AND HINTS. But first, an example of compile-time and run-time type checking Imagine we have the following code. What.
CS 404Ahmed Ezzat 1 CS 404 Introduction to Compiler Design Lecture 10 Ahmed Ezzat.
OCR A Level F453: The function and purpose of translators Translators a. describe the need for, and use of, translators to convert source code.
Programming 2 Intro to Java Machine code Assembly languages Fortran Basic Pascal Scheme CC++ Java LISP Smalltalk Smalltalk-80.
Compilers and Security
Efficient Software-Based Fault Isolation
Component 1.6.
Interpreted languages Jakub Yaghob
AP Java Unit 3 Strings & Arrays.
Introduction to programming
May 17th – Comparison Sorts
Compiler Construction (CS-636)
Operating System Protection Through Program Evolution
Demand Paging Reference Reference on UNIX memory management
Compiler Construction
Demand Paging Reference Reference on UNIX memory management
CSCI1600: Embedded and Real Time Software
Objective of This Course
Tonga Institute of Higher Education IT 141: Information Systems
Optimization 薛智文 (textbook ch# 9) 薛智文 96 Spring.
Compiler Construction
Tonga Institute of Higher Education IT 141: Information Systems
COMP755 Advanced Operating Systems
CSCI1600: Embedded and Real Time Software
Embedded System Development Lecture 12 4/4/2007
Presentation transcript:

Evolutionary Security CS 610: Advanced Security Gabriel Daleson

Economic Perspective Time space, and secrets are scarce Complexity of assembly code is (roughly) of quadratic order, so… Attackers have an economy of scale defenders do not

“The Ultimate Attack” Important first step: kidnap sysadmin (and anyone else who might try to stop you, particularly those with root access) and keep locked up in cellar. At this point, target computer is just a finite state machine. Finite state machines can be analyzed and modified at will. (Physical access)

“The Ultimate Defense” “You only have to outrun the halfling” idea Make the attack too hard. Note economic perspective! Security through obscurity

Automating it The bad guys write viruses – automatic attackers… so defenders write automatic obfuscators. This is evolutionary defense.

Geometric Concerns The set of all I/O-preserving transformations on a single program is a group. composing two I/O-preserving transformations gives you an I/O- preserving transformation (do one, then the other) doing nothing preserves I/O

Geometric Concerns (cont.) Removing an I/O-preserving transformation preserves I/O Composition of I/O-preserving transformations is associative So, generators?

Generating Transformations – 1. Instruction Reordering Given a sequence of instructions, shuffle them. Works well on linear programs. Requires analysis of everything that jumps to reordered program (COME FROM) For real-world programs, *lots* of analysis required to maintain functionality.

Generating Transformations – 2. Variable Substitution Instead of using a nice clean symbol table, move variables around in memory. Attackers (and you) can’t call it index any more, it’s now 0xDEADBEEF. Now instead of jump analysis, it’s memory analysis – can only be performed at runtime, unless you’re a big fan of heap corruption.

Generating Transformations – 3. Jump Insertion/Deletion Easy – throw in lots of spurious GOTO/jmp instructions. Finally, an attack we can do without analysis! …but your computer will end up slower than an abacus. (Jumps take a long time!) We already do delete jumps – it’s called optimization

Generating Transformations – 4. Call Insertion/Deletion Just like jump insertion/deletion, but with function calls Sure, it does help obfuscate …and, in addition to making your computer slow, it now also chews through stack space.

Generating Transformations – 5. Garbage Insertion Throw in trash instructions. You can do it, and it only slows your computer down a little. Very possible! Many instruction sets have equivalent instructions or equivalent codings for instructions that can be substituted with no effect on I/O.

Generating Transformations – 6. Simulation Write an interpreter for a different coding scheme, and translate your instructions back and forth. Labor intensive – someone has to put the interpreter together. Slow, too. (Java?)

Generating Transformations – 7. Build & Execute Instead of making your code interpret, make it write some code itself and compile that. We do this already, in some sense – JIT compiling? Not that slow So where are you going to get the compiler?

Generating Transformations – 8. Redundant Instructions Test things multiple times. Good idea! You’ve heard it before. Read/write/use checking – never do anything with data unless you’ve looked at it! Some slowdown, but makes up for it in fixing bugs.

Other Generating Transformations Anti-debugger mutations - these will depend on which debugger you’re anti. Program interleaving; just like reordering, but doing it with multiple programs.

Algebraic Considerations This is not a minimal set of generators; you put calls together from jumps. Even if it is minimal, is it free? What sort of structure does this group have if it’s not free?

“Evolutionary” Sort of a misnomer, in a biological sense. Randomness? Selection? Reproduction?

But does it work? At least in the small case given, yes. Hard to get a real world test – gobs of compile and run-time program analysis required

Human Aspects “Ultimate Attack” requires sysadmins to do nothing. This is evolutionary, if the defender is doing the evolution… …then again, all security is evolutionary in that paradigm.

Problems Is this an economy of scale for the defender? this trades speed (almost all of it) for security The Gödel, Escher, Bach aspect – attack the evolver Humans don’t write code this way

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.