self-modifying code (SMC) allows programs to alter their own instructions, optimizing performance and functionality on x86 processors. Despite its benefits, SMC introduces unique microarchitectural behaviors that can ...
详细信息
ISBN:
(纸本)9798400710797
self-modifying code (SMC) allows programs to alter their own instructions, optimizing performance and functionality on x86 processors. Despite its benefits, SMC introduces unique microarchitectural behaviors that can be exploited for malicious purposes. In this paper, we explore the security implications of SMC by examining how specific x86 instructions affecting instruction cache lines lead to measurable timing discrepancies between cache hits and misses. These discrepancies facilitate refined cache attacks, making them less noisy and more effective. We introduce novel attack techniques that leverage these timing variations to enhance existing methods such as Prime+Probe and Flush+Reload. Our advanced techniques allow adversaries to more precisely attack cryptographic keys and create covert channels akin to Spectre across various x86 platforms. Finally, we propose a dynamic detection methodology utilizing hardware performance counters to mitigate these enhanced threats.
Although self-modifying code has been shyed away from due to its complexity and discouragement due to safety issues, it nevertheless provides for a very unique obfuscation method and a different perspective on the rel...
详细信息
Although self-modifying code has been shyed away from due to its complexity and discouragement due to safety issues, it nevertheless provides for a very unique obfuscation method and a different perspective on the relationship between data and code. The generality of the von Neumann architecture is hardly realized by today's processor models. A code-only model is shown where every instruction merely modifies other instructions yet achieves the ability to compute and Turing machine operation is easily possible.
As the software industry develops rapidly, protecting software intellectual property from reverse attacker has become more and more important. The technical way is to make software hard to understand and will cost att...
详细信息
ISBN:
(纸本)9781509000760
As the software industry develops rapidly, protecting software intellectual property from reverse attacker has become more and more important. The technical way is to make software hard to understand and will cost attackers more time and energy to crack the software than they can take. self-modifying code is a code changing mechanism based on stored program architecture and has been widely used in software protection methods these years. This article introduces four different kinds of software protection methods using self-modifying code, and classifies the features of the implementation. The protection intensity and overheads are evaluated respectively. This article also compares the advantages and drawbacks of each method, and makes conclusions about the developing trends of software protection technologies.
As computational systems burgeon with advancing artificial intelligence (AI), the deterministic frameworks underlying them face novel challenges, especially when interfacing with self-modifying code. The Executioner P...
详细信息
As computational systems burgeon with advancing artificial intelligence (AI), the deterministic frameworks underlying them face novel challenges, especially when interfacing with self-modifying code. The Executioner Paradox, introduced herein, exemplifies such a challenge where a deterministic Executioner Machine (EM) grapples with self-aware and self-modifying code. This unveils a self-referential dilemma, highlighting a gap in current deterministic computational frameworks when faced with self-evolving code. In this article, the Executioner Paradox is proposed, highlighting the nuanced interactions between deterministic decision-making and self-aware code, and the ensuing challenges. This article advocates for a re-evaluation of existing deterministic frameworks, emphasizing the need for adaptive decision-making mechanisms in computational systems. By dissecting the Executioner Paradox, the aim is to foster a robust discussion on evolving deterministic frameworks to accommodate the dynamic nature of self-modifying code, thereby contributing a forward-looking lens to the discourse on computational systems amidst advancing AI.
Cyber threats are extremely frequent, and fuzz testing is an effective method to discover vulnerabilities. Regarding the optimization of fuzz testing cost, firstly, the cost distribution of each module during the fuzz...
详细信息
ISBN:
(纸本)9798350386783;9798350386776
Cyber threats are extremely frequent, and fuzz testing is an effective method to discover vulnerabilities. Regarding the optimization of fuzz testing cost, firstly, the cost distribution of each module during the fuzz testing process was studied. Then, based on the problems of damaged coverage information and excessive additional overhead in existing lightweight fuzz testing methods, a lightweight fuzz testing method based on stubs is proposed, which can be flexibly implemented while retaining fine-grained coverage information. The cancellation and recovery of stub points effectively reduces the execution overhead of fuzz testing. Finally, this method accepts the protocol program of the power system, effectively reducing the execution overhead of fuzz testing.
Many widely-deployed modern programming systems use just-in-time (JIT) compilers to improve performance. The size and complexity of JIT-based systems, combined with the dynamic nature of JIT-compiler optimizations, ma...
详细信息
ISBN:
(纸本)9781450383943
Many widely-deployed modern programming systems use just-in-time (JIT) compilers to improve performance. The size and complexity of JIT-based systems, combined with the dynamic nature of JIT-compiler optimizations, make it challenging to locate and fix JIT compiler bugs quickly. At the same time, JIT compiler bugs can result in exploitable security vulnerabilities, making rapid bug localization important. Existing work on automated bug localization focuses on static code, i.e., code that is not generated at runtime, and so cannot handle bugs in JIT compilers that generate incorrect code during optimization. This paper describes an approach to automated bug localization in JIT compilers, down to the level of distinct optimization phases, starting with a single initial Proof-of-Concept (PoC) input that demonstrates the bug. Experiments using a prototype implementation of our ideas on Google's V8 JavaScript interpreter and TurboFan JIT compiler demonstrates that it can successfully identify buggy optimization phases.
Dynamic code, i.e., code that is created or modified at runtime, is ubiquitous in today's world. The behavior of dynamic code can depend on the logic of the dynamic code generator in subtle and nonobvious ways, e....
详细信息
ISBN:
(纸本)9781450367684
Dynamic code, i.e., code that is created or modified at runtime, is ubiquitous in today's world. The behavior of dynamic code can depend on the logic of the dynamic code generator in subtle and nonobvious ways, e.g., JIT compiler bugs can lead to exploitable vulnerabilities in the resulting JIT-compiled code. Existing approaches to program analysis do not provide adequate support for reasoning about such behavioral relationships. This paper takes a first step in addressing this problem by describing a program representation and a new notion of dependency that allows us to reason about dependency and information flow relationships between the dynamic code generator and the generated dynamic code. Experimental results show that analyses based on these concepts are able to capture properties of dynamic code that cannot be identified using traditional program analyses.
Dynamic code, i.e., code that is created or modified at runtime, is ubiquitous in today's world. The behavior of dynamic code can depend on the logic of the dynamic code generator in subtle and non-obvious ways, e...
详细信息
ISBN:
(纸本)9781450367684
Dynamic code, i.e., code that is created or modified at runtime, is ubiquitous in today's world. The behavior of dynamic code can depend on the logic of the dynamic code generator in subtle and non-obvious ways, e.g., JIT compiler bugs can lead to exploitable vulnerabilities in the resulting JIT-compiled code. Existing approaches to program analysis do not provide adequate support for reasoning about such behavioral relationships. This paper takes a first step in addressing this problem by describing a program representation and a new notion of dependency that allows us to reason about dependency and information flow relationships between the dynamic code generator and the generated dynamic code. Experimental results show that analyses based on these concepts are able to capture properties of dynamic code that cannot be identified using traditional program analyses.
Intel SGX provides a secure enclave in which code and data are hidden from the outside world, including privileged code such as the OS or hypervisor. However, by default, enclave code prior to initialization can be di...
详细信息
ISBN:
(纸本)9781450356176
Intel SGX provides a secure enclave in which code and data are hidden from the outside world, including privileged code such as the OS or hypervisor. However, by default, enclave code prior to initialization can be disassembled and therefore no secrets can be embedded in the binary. This is a problem for developers wishing to protect code secrets. This paper introduces SGXELIDE, a nearly-transparent framework that enables enclave code confidentiality. The key idea is to treat program code as data and dynamically restore secrets after an enclave is initialized. SGXELIDE can be integrated into any enclave, providing a mechanism to securely decrypt or deliver the secret code with the assistance of a developer-controlled trusted remote party. We have implemented SGXELIDE atop a recently released version of the Linux SGX SDK, and our evaluation with a number of programs shows that SGXELIDE can be used to protect the code secrecy of practical applications with no overhead after enclave initialization.
self-modifying code is frequently used as an additional layer of complexity when obfuscating code. Although it does not provide a provable level of obfuscation, it is generally assumed to make attacks more expensive. ...
详细信息
self-modifying code is frequently used as an additional layer of complexity when obfuscating code. Although it does not provide a provable level of obfuscation, it is generally assumed to make attacks more expensive. This paper attempts to quantify the cost of attacking self-modified code by defining a taxonomy for it and systematically categorising an adversary's capabilities. A number of published methods and techniques for self-modifying code are then classified according to both the taxonomy and the model. (C)) 2011 Elsevier Ltd. All rights reserved.
暂无评论