Metadata
- Source
- File: Exploit programming by Bratus et al (2011).pdf
- Zotero: View Item
- Type: Book Section
- Title: Exploit programming: from buffer overflows to “weird machines” and theory of computation,
- Author: Bratus, Sergey; Locasto, Michael E.; Patterson, Meredith L.; Sassaman, Len; Shubina, Anna;
- Publisher: USENIX Association,
- Volume: 36,
- Year: 2011
Abstract
In memory of Len Sassaman, who articulated many of the following observations, connecting the mundane and the deeply theoretical aspects of hacking.
Tags and Collections
- Keywords: 05 Finished; Binary Exploitation; Weird Machine
Comments
Annotations
Annotations(5/20/2024, 11:17:59 PM)
“Exploits came to be understood and written as programs for these “weird machines” and served as constructive proofs that a computation considered impossible could actually be performed by the targeted environment .” (Bratus et al., 2011, p. 13)
“Altogether, they make up a “weird machine” inside the target on which the craftedinput program executes .” (Bratus et al., 2011, p. 15)
“What unites the printf’s handling of the format string argument and an implementation of malloc? The “weird instruction” primitives they supply to exploits .” (Bratus et al., 2011, p. 16)
“The challenge of practical security research is to reliably predict, expose, and demonstrate such fallacies for common, everyday computing systems—that is, to develop a methodology for answering or at least exploring the above fundamental questions for these systems .” (Bratus et al., 2011, p. 17)
“The article then demonstrates the attack as a program for that machine” (Bratus et al., 2011, p. 18)
“examination of exploit structure and construction shows that they are results akin to mathematical proofs” (Bratus et al., 2011, p. 18)
“This suggests that studying the target’s computational behavior on all possible inputs as a language-theoretic phenomenon is the way forward for designing trustworthy systems” (Bratus et al., 2011, p. 20)
“algorithmically checking the computational equivalence of parsers” (Bratus et al., 2011, p. 20)