slides - PDOS - MIT

More documents

Recommendations

Info

Pitfall 3: calls to the host system• Allowing calling external functions from thebytecode is a bad idea• Break interpreter / host isolation•• Examples: python’s pickle libraryEasily leads to arbitrary code execution
Pitfall 3: calls to the host system• Allowing calling external functions from thebytecode is a bad idea• Break interpreter / host isolation• Easily leads to arbitrary code execution• Examples: python’s pickle library• Advices• Need a clean and explicit interface• Ideally, all interaction with external world should belimit to input and output
Page 1 and 2:
Security Bugs inEmbedded Interprete
Page 3 and 4:
Embedded interpretersHost systemByt
Page 5 and 6:
Embedded interpretersHost systemByt
Page 7 and 8:
Prevalence of embedded interpreters
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Our contributions• Studies of 10
Page 17 and 18:
A packet filtering example• Monit
Page 19 and 20:
A packet filtering example• Monit
Page 21 and 22:
A packet filtering example• Straw
Page 23 and 24:
A packet filtering example• Straw
Page 25 and 26:
Solution: Berkeley Packet Filter (B
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34: Solution: Berkeley Packet Filter (B
Page 39 and 40: Security of embedded interpreters
Page 45 and 46: INET DIAG infinite loop vulnerabili
Page 51: INET DIAG infinite loop vulnerabili
Page 56 and 57: ClamAV signed division vulnerabilit
Page 64 and 65: FreeType arbitrary code executionJa
Page 66 and 67: FreeType arbitrary code executionpu
Page 74 and 75: Security guidelines
Page 76 and 77: Security guidelines• A better sol
Page 78 and 79: Pitfall 1: complex feature sets•
Page 80 and 81: Pitfall 1: complex feature sets•
Page 82 and 83: Pitfall 2: resource consumption•
Page 86 and 87: Research Opportunities
Page 88 and 89: Research Opportunities• Testing e
Page 90 and 91: Research Opportunities• Testing e
Page 92 and 93: References• BPF: S. McCanne and V
Page 94: Q & ASecurity Bugs inEmbedded Inter
show all

slides - PDOS - MIT

Create successful ePaper yourself

Delete template?

Save as template?