Skip to main content
SpringerLink
Log in

Mismorphism: The Heart of the Weird Machine

  • Conference paper
  • First Online:
Security Protocols XXVII (Security Protocols 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12287))

Included in the following conference series:

Abstract

Mismorphisms—instances where predicates take on different truth values across different interpretations of reality (notably, different actors’ perceptions of reality and the actual reality)—are the source of weird instructions. These weird instructions are tiny code snippets or gadgets that present the exploit programmer with unintended computational capabilities. Collectively, they constitute the weird machine upon which the exploit program runs. That is, a protocol or parser vulnerability is evidence of a weird machine, which, in turn, is evidence of an underlying mismorphism. This paper seeks to address vulnerabilities at the mismorphism layer.

The work presented here connects to our prior work in language-theoretic security (LangSec). LangSec provides a methodology for eliminating weird machines: By limiting the expressiveness of the input language, separating and constraining the parser code from the execution code, and ensuring only valid input makes its way to the execution code, entire classes of vulnerabilities can be avoided. Here, we go a layer deeper with our investigation of the mismorphisms responsible for weird machines.

In this paper, we re-introduce LangSec and mismorphisms, and we develop a logical representation of mismorphisms that complements our previous semiotic-triad-based representation. Additionally, we develop a preliminary set of classes for expressing LangSec mismorphisms, and we use this mismorphism-based scheme to classify a corpus of LangSec vulnerabilities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We only give a brief primer of LangSec in this paper. For those who are interested in learning more we recommend consulting the LangSec website  [7].

  2. 2.

    For the reader interested in learning more about weird machines: Dullien  [10] provides a formal definition for understanding weird machines and shows that it is feasible to build software that is resilient to memory corruption. Bratus and Shubina  [9] also present exploit programming as a problem of code reuse, discuss how the adversary uses code presented by the weird machine to carry out the exploit, and describe colliding actors’ abstractions of how the code works.

  3. 3.

    We do not specify a specific ternary logic system for evaluating predicates in this paper.

  4. 4.

    Note that for \(k = 2\), if we confine ourselves to predicates that take on only T or F values, the relation \(\underset{\text {interp.}}{=}\) is an equivalence relation in the mathematical sense, as one might expect, i.e., it obeys reflexivity, commutativity, and transitivity.

References

  1. CVE-2009-3555 The Mozilla Network Security Services (NSS) fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. Available from Vulners. https://vulners.com/exploitdb/EDB-ID:26703

  2. CVE-2013-2028 Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow. Available from Rapid 7. https://www.rapid7.com/db/modules/exploit/linux/http/nginx_chunked_size

  3. CVE-2013-2729 Adobe Reader X 10.1.4.38 - BMP/RLE heap corruption. Available from Vulners. https://vulners.com/exploitdb/EDB-ID:26703

  4. CVE-2015-1427 The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. Available from Vulners. https://vulners.com/cve/CVE-2015-1427

  5. OpenBSD’s IPv6 mbufs remote kernel buffer overflow. Available from Vulners. https://vulners.com/cert/VU:986425

  6. Aho, A., Ullman, J.: Foundations of Computer Science: C Edition, Chapter 14, July 1994. http://infolab.stanford.edu/~ullman/focs.html

  7. Bratus, S.: LANGSEC: Language-theoretic Security: “The View from the Tower of Babel”. http://langsec.org

  8. Bratus, S., Locasto, M., Patterson, M., Sassaman, L., Shubina, A.: Exploit programming: from buffer overflows to “Weird Machines” and theory of computation. Login USENIX Mag. 36(6), 13–21 (2011)

    Google Scholar 

  9. Bratus, S., Shubina, A.: Exploitation as code reuse: on the need of formalization. IT-Inf. Technol. 59(2), 93–100 (2017). https://doi.org/10.1515/itit-2016-0038

    Article  Google Scholar 

  10. Dullien, T.F.: Weird machines, exploitability, and provable unexploitability. IEEE Trans. Emerg. Top. Comput. (2017). https://doi.org/10.1109/TETC.2017.2785299

    Article  Google Scholar 

  11. Durumeric, Z., et al.: The Matter of Heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, pp. 475–488. ACM (2014). https://doi.org/10.1145/2663716.2663755

  12. Ethereum: Pythonic Smart Contract Language for the EVM. https://github.com/ethereum/vyper

  13. Fitting, M.: Kleene’s three valued logics and their children. Fundam. Inf. 20(1–3), 113–131 (1994). http://dl.acm.org/citation.cfm?id=183529.183533

  14. Freeman, J.: Exploit ( & Fix) Android “Master Key”. http://www.saurik.com/id/17

  15. Hermerschmidt, L.: McHammerCoder: a binary capable parser and unparser generator, https://github.com/McHammerCoder/McHammerCoder

  16. Kleene, S.C.: Introduction to metamathematics (1954)

    Google Scholar 

  17. Mary, C.: Shellshock attack on linux systems-bash. Int. Res. J. Eng. Technol. 2(8), 1322–1325 (2015)

    Google Scholar 

  18. Momot, F., Bratus, S., Hallberg, S.M., Patterson, M.L.: The seven turrets of babel: a taxonomy of LangSec errors and how to expunge them. In: 2016 IEEE Cybersecurity Development (SecDev), pp. 45–52, November 2016. https://doi.org/10.1109/SecDev.2016.019

  19. Ogden, C.K., Richards, I.A.: The Meaning of Meaning: A Study of the Influence of Language upon Thought and of the Science of Symbolism. Harcourt Brace and Company, San Diego (1927)

    Google Scholar 

  20. Patterson, M.: Parser combinators for binary formats, in C. https://github.com/UpstandingHackers/hammer

  21. Pieczul, O., Foley, S.N.: The evolution of a security control. In: Anderson, J., Matyáš, V., Christianson, B., Stajano, F. (eds.) Security Protocols 2016. LNCS, vol. 10368, pp. 67–84. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-62033-6_9

    Chapter  Google Scholar 

  22. Poll, E.: LangSec revisited: input security flaws of the second kind. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 329–334. IEEE (2018). https://doi.org/10.1109/SPW.2018.00051

  23. Rezvina, S.: Rails’ Remote Code Execution Vulnerability Explained. https://codeclimate.com/blog/rails-remote-code-execution-vulnerability-explained

  24. Shapiro, R., Bratus, S., Smith, S.W.: “Weird Machines” in ELF: a spotlight on the underappreciated metadata. In: Proceedings of the 7th USENIX Conference on Offensive Technologies. WOOT 2013, USENIX Association, Berkeley, CA, USA (2013). http://dl.acm.org/citation.cfm?id=2534748.2534763

  25. Smith, S.W., Koppel, R., Blythe, J., Kothari, V.: Mismorphism: a semiotic model of computer security circumvention. In: Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, p. 25. ACM (2015)

    Google Scholar 

  26. Spagnuolo, M.: Abusing JSONP with rosetta flash. https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/

  27. Torpey, K.: The DAO disaster illustrates differing philosophies in bitcoin and ethereum. https://www.coingecko.com/buzz/dao-disaster-differing-philosophies-bitcoin-ethereum

Download references

Acknowledgement

This material is based upon work supported by the United States Air Force and DARPA under Contract No. FA8750-16-C-0179 and Department of Energy under Award Number DE-OE0000780.

Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Air Force, DARPA, United States Government or any agency thereof.

Author information

Authors and Affiliations

  1. Dartmouth College, Hanover, NH, USA

    Prashant Anantharaman, Vijay Kothari, J. Peter Brady, Ira Ray Jenkins, Sameed Ali, Michael C. Millian, Sergey Bratus & Sean W. Smith

  2. Information Sciences Institute, University of Southern California, Los Angeles, CA, USA

    Jim Blythe

  3. Sociology Department, University of Pennsylvania, Philadelphia, PA, USA

    Ross Koppel

Authors
  1. Prashant Anantharaman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vijay Kothari
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. J. Peter Brady
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ira Ray Jenkins
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sameed Ali
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Michael C. Millian
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Ross Koppel
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Jim Blythe
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Sergey Bratus
    View author publications

    You can also search for this author in PubMed Google Scholar

  10. Sean W. Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Prashant Anantharaman .

Editor information

Editors and Affiliations

  1. Memorial University, St. John's, NL, Canada

    Jonathan Anderson

  2. Computer Laboratory, University of Cambridge, Cambridge, UK

    Frank Stajano

  3. University of Hertfordshire, Hatfield, UK

    Bruce Christianson

  4. Masaryk University, Brno, Czech Republic

    Vashek Matyáš

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Anantharaman, P. et al. (2020). Mismorphism: The Heart of the Weird Machine. In: Anderson, J., Stajano, F., Christianson, B., Matyáš, V. (eds) Security Protocols XXVII. Security Protocols 2019. Lecture Notes in Computer Science(), vol 12287. Springer, Cham. https://doi.org/10.1007/978-3-030-57043-9_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-57043-9_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-57042-2

  • Online ISBN: 978-3-030-57043-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation