slides - PDOS - MIT

More documents

Recommendations

Info

Pitfall 1: complex feature sets• Feature vs. vulnerability checklist• The more expressive a bytecode is, the wider range ofattack vectors there could beFeature setArithmetic operationsLoops (backward jumps)Function callsExternal calls to the hostRegister file or scratch memoryPotential attack vectorsDiv-by-zero, integer overflowInfinite loops, DoSInfinite recursion, stack overflowArbitrary code executionInformation leak• Advices• Do not over-design• Example: bitcoin disabled many unused opcodes
Pitfall 2: resource consumption
Page 1 and 2:
Security Bugs inEmbedded Interprete
Page 3 and 4:
Embedded interpretersHost systemByt
Page 5 and 6:
Embedded interpretersHost systemByt
Page 7 and 8:
Prevalence of embedded interpreters
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Our contributions• Studies of 10
Page 17 and 18:
A packet filtering example• Monit
Page 19 and 20:
A packet filtering example• Monit
Page 21 and 22:
A packet filtering example• Straw
Page 23 and 24:
A packet filtering example• Straw
Page 25 and 26:
Solution: Berkeley Packet Filter (B
Page 27 and 28:
Solution: Berkeley Packet Filter (B
Page 29 and 30: Solution: Berkeley Packet Filter (B
Page 39 and 40: Security of embedded interpreters
Page 45 and 46: INET DIAG infinite loop vulnerabili
Page 51: INET DIAG infinite loop vulnerabili
Page 56 and 57: ClamAV signed division vulnerabilit
Page 64 and 65: FreeType arbitrary code executionJa
Page 66 and 67: FreeType arbitrary code executionpu
Page 74 and 75: Security guidelines
Page 76 and 77: Security guidelines• A better sol
Page 78 and 79: Pitfall 1: complex feature sets•
Page 82 and 83: Pitfall 2: resource consumption•
Page 84 and 85: Pitfall 3: calls to the host system
Page 86 and 87: Research Opportunities
Page 88 and 89: Research Opportunities• Testing e
Page 90 and 91: Research Opportunities• Testing e
Page 92 and 93: References• BPF: S. McCanne and V
Page 94: Q & ASecurity Bugs inEmbedded Inter
show all

slides - PDOS - MIT

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?