slides - PDOS - MIT
slides - PDOS - MIT
slides - PDOS - MIT
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Pitfall 1: complex feature sets• Feature vs. vulnerability checklist• The more expressive a bytecode is, the wider range ofattack vectors there could beFeature setArithmetic operationsLoops (backward jumps)Function callsExternal calls to the hostRegister file or scratch memoryPotential attack vectorsDiv-by-zero, integer overflowInfinite loops, DoSInfinite recursion, stack overflowArbitrary code executionInformation leak• Advices• Do not over-design• Example: bitcoin disabled many unused opcodes