Abstract
Mismorphisms—instances where predicates take on different truth values across different interpretations of reality (notably, different actors’ perceptions of reality and the actual reality)—are the source of weird instructions. These weird instructions are tiny code snippets or gadgets that present the exploit programmer with unintended computational capabilities. Collectively, they constitute the weird machine upon which the exploit program runs. That is, a protocol or parser vulnerability is evidence of a weird machine, which, in turn, is evidence of an underlying mismorphism. This paper seeks to address vulnerabilities at the mismorphism layer.
The work presented here connects to our prior work in language-theoretic security (LangSec). LangSec provides a methodology for eliminating weird machines: By limiting the expressiveness of the input language, separating and constraining the parser code from the execution code, and ensuring only valid input makes its way to the execution code, entire classes of vulnerabilities can be avoided. Here, we go a layer deeper with our investigation of the mismorphisms responsible for weird machines.
In this paper, we re-introduce LangSec and mismorphisms, and we develop a logical representation of mismorphisms that complements our previous semiotic-triad-based representation. Additionally, we develop a preliminary set of classes for expressing LangSec mismorphisms, and we use this mismorphism-based scheme to classify a corpus of LangSec vulnerabilities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We only give a brief primer of LangSec in this paper. For those who are interested in learning more we recommend consulting the LangSec website [7].
- 2.
For the reader interested in learning more about weird machines: Dullien [10] provides a formal definition for understanding weird machines and shows that it is feasible to build software that is resilient to memory corruption. Bratus and Shubina [9] also present exploit programming as a problem of code reuse, discuss how the adversary uses code presented by the weird machine to carry out the exploit, and describe colliding actors’ abstractions of how the code works.
- 3.
We do not specify a specific ternary logic system for evaluating predicates in this paper.
- 4.
Note that for \(k = 2\), if we confine ourselves to predicates that take on only T or F values, the relation \(\underset{\text {interp.}}{=}\) is an equivalence relation in the mathematical sense, as one might expect, i.e., it obeys reflexivity, commutativity, and transitivity.
References
CVE-2009-3555 The Mozilla Network Security Services (NSS) fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. Available from Vulners. https://vulners.com/exploitdb/EDB-ID:26703
CVE-2013-2028 Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow. Available from Rapid 7. https://www.rapid7.com/db/modules/exploit/linux/http/nginx_chunked_size
CVE-2013-2729 Adobe Reader X 10.1.4.38 - BMP/RLE heap corruption. Available from Vulners. https://vulners.com/exploitdb/EDB-ID:26703
CVE-2015-1427 The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. Available from Vulners. https://vulners.com/cve/CVE-2015-1427
OpenBSD’s IPv6 mbufs remote kernel buffer overflow. Available from Vulners. https://vulners.com/cert/VU:986425
Aho, A., Ullman, J.: Foundations of Computer Science: C Edition, Chapter 14, July 1994. http://infolab.stanford.edu/~ullman/focs.html
Bratus, S.: LANGSEC: Language-theoretic Security: “The View from the Tower of Babel”. http://langsec.org
Bratus, S., Locasto, M., Patterson, M., Sassaman, L., Shubina, A.: Exploit programming: from buffer overflows to “Weird Machines” and theory of computation. Login USENIX Mag. 36(6), 13–21 (2011)
Bratus, S., Shubina, A.: Exploitation as code reuse: on the need of formalization. IT-Inf. Technol. 59(2), 93–100 (2017). https://doi.org/10.1515/itit-2016-0038
Dullien, T.F.: Weird machines, exploitability, and provable unexploitability. IEEE Trans. Emerg. Top. Comput. (2017). https://doi.org/10.1109/TETC.2017.2785299
Durumeric, Z., et al.: The Matter of Heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, pp. 475–488. ACM (2014). https://doi.org/10.1145/2663716.2663755
Ethereum: Pythonic Smart Contract Language for the EVM. https://github.com/ethereum/vyper
Fitting, M.: Kleene’s three valued logics and their children. Fundam. Inf. 20(1–3), 113–131 (1994). http://dl.acm.org/citation.cfm?id=183529.183533
Freeman, J.: Exploit ( & Fix) Android “Master Key”. http://www.saurik.com/id/17
Hermerschmidt, L.: McHammerCoder: a binary capable parser and unparser generator, https://github.com/McHammerCoder/McHammerCoder
Kleene, S.C.: Introduction to metamathematics (1954)
Mary, C.: Shellshock attack on linux systems-bash. Int. Res. J. Eng. Technol. 2(8), 1322–1325 (2015)
Momot, F., Bratus, S., Hallberg, S.M., Patterson, M.L.: The seven turrets of babel: a taxonomy of LangSec errors and how to expunge them. In: 2016 IEEE Cybersecurity Development (SecDev), pp. 45–52, November 2016. https://doi.org/10.1109/SecDev.2016.019
Ogden, C.K., Richards, I.A.: The Meaning of Meaning: A Study of the Influence of Language upon Thought and of the Science of Symbolism. Harcourt Brace and Company, San Diego (1927)
Patterson, M.: Parser combinators for binary formats, in C. https://github.com/UpstandingHackers/hammer
Pieczul, O., Foley, S.N.: The evolution of a security control. In: Anderson, J., Matyáš, V., Christianson, B., Stajano, F. (eds.) Security Protocols 2016. LNCS, vol. 10368, pp. 67–84. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-62033-6_9
Poll, E.: LangSec revisited: input security flaws of the second kind. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 329–334. IEEE (2018). https://doi.org/10.1109/SPW.2018.00051
Rezvina, S.: Rails’ Remote Code Execution Vulnerability Explained. https://codeclimate.com/blog/rails-remote-code-execution-vulnerability-explained
Shapiro, R., Bratus, S., Smith, S.W.: “Weird Machines” in ELF: a spotlight on the underappreciated metadata. In: Proceedings of the 7th USENIX Conference on Offensive Technologies. WOOT 2013, USENIX Association, Berkeley, CA, USA (2013). http://dl.acm.org/citation.cfm?id=2534748.2534763
Smith, S.W., Koppel, R., Blythe, J., Kothari, V.: Mismorphism: a semiotic model of computer security circumvention. In: Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, p. 25. ACM (2015)
Spagnuolo, M.: Abusing JSONP with rosetta flash. https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
Torpey, K.: The DAO disaster illustrates differing philosophies in bitcoin and ethereum. https://www.coingecko.com/buzz/dao-disaster-differing-philosophies-bitcoin-ethereum
Acknowledgement
This material is based upon work supported by the United States Air Force and DARPA under Contract No. FA8750-16-C-0179 and Department of Energy under Award Number DE-OE0000780.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Air Force, DARPA, United States Government or any agency thereof.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Anantharaman, P. et al. (2020). Mismorphism: The Heart of the Weird Machine. In: Anderson, J., Stajano, F., Christianson, B., Matyáš, V. (eds) Security Protocols XXVII. Security Protocols 2019. Lecture Notes in Computer Science(), vol 12287. Springer, Cham. https://doi.org/10.1007/978-3-030-57043-9_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-57043-9_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57042-2
Online ISBN: 978-3-030-57043-9
eBook Packages: Computer ScienceComputer Science (R0)