•  

Any Input Is a Program: Weird Machines in ABI and architecture metadata

A session at CONFidence 2013

  • Julian Bangret
  • Sergey Bratus
  • Rebecca Shapiro

Wednesday 29th May, 2013

12:00pm to 12:50pm (WMT)

Complex enough input to a complex enough system can have effects indistinguishable from a native program for that system. A sufficiently complex input format may become “byte code” for a kind of a virtual machine within the software that handles it; in many classic exploit programming techniques, data is the program that runs on the code. We will show two examples of this that aren’t exploits as such, but show Turing-complete programming by kinds of data that are hardly ever given a second glance: (1) ELF binary format headers with nothing but well-formed relocation and dynamic symbol entries (executed by the runtime linker-loader), and (2) x86 memory and interrupt descriptor tables (executed by the CPU page fault handling and context switching logic, without any instructions being successfully dispatched).

If these data formats can hide a Turing-complete computation, what about all others more complex “feature-rich” ones? What makes a format lend itself to being an equivalent of an instruction set? Can looking for “weird machines” help design trustworthy systems? Join us for the talk and discussion of this weird research direction!

About the speakers

This person is speaking at this event.
Julian Bangret
This person is speaking at this event.
Sergey Bratus
This person is speaking at this event.
Rebecca Shapiro

Sign in to add slides, notes or videos to this session

CONFidence 2013

Poland Poland, Krakow

28th29th May 2013

Tell your friends!

When

Time 12:00pm12:50pm WMT

Date Wed 29th May 2013

Short URL

lanyrd.com/schqhb

Official session page

2013.confidence.org.pl/…enda

View the schedule

Share

See something wrong?

Report an issue with this session