• Home

  • Documents

  • NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created...
90
Cornelius Aschermann

NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

  • Upload
    others

  • View
    2

  • Download
    0

Embed Size (px)

Citation preview

Page 1: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Cornelius Aschermann

Page 2: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

AFL

0

...

1

...

0

...

1

...0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

Cornelius Aschermann

Page 3: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

AFL0

...

1

...

0

...

1

...0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

Cornelius Aschermann

Page 4: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

AFL0

...

1

...

0

...

1

...0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

Cornelius Aschermann

Page 5: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

AFL

0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

Cornelius Aschermann

Page 6: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

AFL0

...

1

...

0

...

1

...0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

Cornelius Aschermann

Page 7: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

AFL0

...

1

...

0

...

1

...0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

Cornelius Aschermann

Page 8: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

AFL0

...

1

...

0

...

1

...0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

Cornelius Aschermann

Page 9: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

AFL0

...

1

...

0

...

1

...0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

Cornelius Aschermann

Page 10: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

AFL0

...

1

...

0

...

1

...0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

Cornelius Aschermann

Page 11: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

AFL0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

Cornelius Aschermann

Page 12: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

AFL0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

Cornelius Aschermann

Page 13: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

AFL0

...

1

...

0

...

1

...0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

Cornelius Aschermann

Page 14: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

AFL0

...

1

...

0

...

1

...0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

Cornelius Aschermann

Page 15: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

AFL0

...

1

...

0

...

1

...0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

Cornelius Aschermann

Page 16: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

AFL0

...

1

...

0

...

1

...0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

Cornelius Aschermann

Page 17: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

AFL0

...

1

...

0

...

1

...0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

Cornelius Aschermann

Page 18: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

AFL0

...

1

...

0

...

1

...0

...

1

...

0

...

1

...

0

...

1

...

0

...

1

...

Cornelius Aschermann

Page 19: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

/* magic number */if( u64(input) == u64("MAGICHDR")) bug(1);

Unlikelyhash hash

easy

/* nested checksum */if( u64(input) == hash(input[8..len]) ) if( u64(input+8) == hash(input[16..len]) ) if( input[16] == ’R’ && input[17] == ’Q’) bug(2);

\x46\x01\0\0\0\0\0\0\xa3\0\0\0\0\0\0\0RQ

Cornelius Aschermann

Page 20: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

/* magic number */if( u64(input) == u64("MAGICHDR")) bug(1);

Unlikelyhash hash

easy

/* nested checksum */if( u64(input) == hash(input[8..len]) ) if( u64(input+8) == hash(input[16..len]) ) if( input[16] == ’R’ && input[17] == ’Q’) bug(2);

\x46\x01\0\0\0\0\0\0\xa3\0\0\0\0\0\0\0RQ

Cornelius Aschermann

Page 21: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

/* magic number */if( u64(input) == u64("MAGICHDR")) bug(1);

Unlikely

hash hasheasy

/* nested checksum */if( u64(input) == hash(input[8..len]) ) if( u64(input+8) == hash(input[16..len]) ) if( input[16] == ’R’ && input[17] == ’Q’) bug(2);

\x46\x01\0\0\0\0\0\0\xa3\0\0\0\0\0\0\0RQ

Cornelius Aschermann

Page 22: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

/* magic number */if( u64(input) == u64("MAGICHDR")) bug(1);

Unlikelyhash hash

easy

/* nested checksum */if( u64(input) == hash(input[8..len]) ) if( u64(input+8) == hash(input[16..len]) ) if( input[16] == ’R’ && input[17] == ’Q’) bug(2);

\x46\x01\0\0\0\0\0\0\xa3\0\0\0\0\0\0\0RQ

Cornelius Aschermann

Page 23: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

/* magic number */if( u64(input) == u64("MAGICHDR")) bug(1);

Unlikelyhash hash

easy

/* nested checksum */if( u64(input) == hash(input[8..len]) ) if( u64(input+8) == hash(input[16..len]) ) if( input[16] == ’R’ && input[17] == ’Q’) bug(2);

\x46\x01\0\0\0\0\0\0\xa3\0\0\0\0\0\0\0RQ

Cornelius Aschermann

Page 24: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

/* magic number */if( u64(input) == u64("MAGICHDR")) bug(1);

Unlikely

hash

hasheasy

/* nested checksum */if( u64(input) == hash(input[8..len]) ) if( u64(input+8) == hash(input[16..len]) ) if( input[16] == ’R’ && input[17] == ’Q’) bug(2);

\x46\x01\0\0\0\0\0\0\xa3\0\0\0\0\0\0\0RQ

Cornelius Aschermann

Page 25: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

/* magic number */if( u64(input) == u64("MAGICHDR")) bug(1);

Unlikelyhash

hash

easy

/* nested checksum */if( u64(input) == hash(input[8..len]) ) if( u64(input+8) == hash(input[16..len]) ) if( input[16] == ’R’ && input[17] == ’Q’) bug(2);

\x46\x01\0\0\0\0\0\0\xa3\0\0\0\0\0\0\0RQ

Cornelius Aschermann

Page 26: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

/* magic number */if( u64(input) == u64("MAGICHDR")) bug(1);

Unlikelyhash hash

easy

/* nested checksum */if( u64(input) == hash(input[8..len]) ) if( u64(input+8) == hash(input[16..len]) ) if( input[16] == ’R’ && input[17] == ’Q’) bug(2);

\x46\x01\0\0\0\0\0\0\xa3\0\0\0\0\0\0\0RQ

Cornelius Aschermann

Page 27: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

/* magic number */if( u64(input) == u64("MAGICHDR")) bug(1);

Unlikelyhash hash

easy

/* nested checksum */if( u64(input) == hash(input[8..len]) ) if( u64(input+8) == hash(input[16..len]) ) if( input[16] == ’R’ && input[17] == ’Q’) bug(2);

\x46\x01\0\0\0\0\0\0\xa3\0\0\0\0\0\0\0RQ

Cornelius Aschermann

Page 28: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

GoalsApproaches

Magic Numbers

Nested Hashes

Automatic

Binary Only

No Env. Model

Cornelius Aschermann

Page 29: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

GoalsApproaches

Magic Numbers

Nested Hashes

Automatic

Binary Only

No Env. Model

Cornelius Aschermann

Page 30: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

GoalsApproaches

Magic Numbers

Nested Hashes

Automatic

Binary Only

No Env. Model

Cornelius Aschermann

Page 31: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

GoalsApproaches

Magic Numbers

Nested Hashes

Automatic

Binary Only

No Env. Model

Cornelius Aschermann

Page 32: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

GoalsApproaches

Magic Numbers

Nested Hashes

Automatic

Binary Only

No Env. Model

Cornelius Aschermann

Page 33: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

GoalsApproaches

Magic Numbers

Nested Hashes

Automatic

Binary Only

No Env. Model

Cornelius Aschermann

Page 34: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Input-to-StateCorrespondence

VALUE

VALUE

Cornelius Aschermann

Page 35: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Input-to-StateCorrespondence

VALUE

VALUE

Cornelius Aschermann

Page 36: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Input-to-StateCorrespondence

VALUE

VALUE

Cornelius Aschermann

Page 37: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Cornelius Aschermann

Page 38: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

"ABCD"

Input: "SEEDVALUE"

Observe:

Replace(0x554c4156, 0x44434241)

Input: "SEEDABCDE"

Cornelius Aschermann

Page 39: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

"ABCD"

Input: "SEEDVALUE"

Observe:

Replace(0x554c4156, 0x44434241)

Input: "SEEDABCDE"

Cornelius Aschermann

Page 40: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

"ABCD"

Input: "SEEDVALUE"

Observe:

Replace(0x554c4156, 0x44434241)

Input: "SEEDABCDE"

Cornelius Aschermann

Page 41: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

"ABCD"

Input: "SEEDVALUE"

Observe:

Replace(0x554c4156, 0x44434241)

Input: "SEEDABCDE"

Cornelius Aschermann

Page 42: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

"ABCD"

Input: "SEEDVALUE"

Observe:

Replace(0x554c4156, 0x44434241)

Input: "SEEDABCDE"

Cornelius Aschermann

Page 43: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

"ABCD"

Input: "SEEDVALUE"

Observe:

Replace(0x554c4156, 0x44434241)

Input: "SEEDABCDE"

Cornelius Aschermann

Page 44: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

"ABCD"

Input: "SEEDVALUE"

Observe:

Replace(0x554c4156, 0x44434241)

Input: "SEEDABCDE"

Cornelius Aschermann

Page 45: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

"ABCD"

Input: "SEEDVALUE"

Observe:

Replace(0x554c4156, 0x44434241)

Input: "SEEDABCDE"

Cornelius Aschermann

Page 46: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

"ABCD"

Input: "SEEDVALUE"

Observe:

Replace(0x554c4156, 0x44434241)

Input: "SEEDABCDE"

Cornelius Aschermann

Page 47: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

"ABCD"

Input: "SEEDVALUE"

Observe:

Replace(0x554c4156, 0x44434241)

Input: "SEEDABCDE"

Cornelius Aschermann

Page 48: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Encodings?

atoiatoll

atol

sign-extendlittle-endian

big-endian

hex-decimal

base-64

hex

Replace(0x554c4156, 0x44434241)

Replace(enc(0x554c4156), enc(0x44434241))

x < y ?Replace(0x554c4156, 0x44434241)

Replace(0x554c4156, 0x44434241+1)Replace(0x554c4156, 0x44434241-1)

Slow?Executions:

Queue Entries:

?

Cornelius Aschermann

Page 49: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Encodings?atoi

atoll

atol

sign-extendlittle-endian

big-endian

hex-decimal

base-64

hex

Replace(0x554c4156, 0x44434241)

Replace(enc(0x554c4156), enc(0x44434241))

x < y ?Replace(0x554c4156, 0x44434241)

Replace(0x554c4156, 0x44434241+1)Replace(0x554c4156, 0x44434241-1)

Slow?Executions:

Queue Entries:

?

Cornelius Aschermann

Page 50: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Encodings?

atoiatoll

atol

sign-extendlittle-endian

big-endian

hex-decimal

base-64

hex

Replace(0x554c4156, 0x44434241)

Replace(enc(0x554c4156), enc(0x44434241))

x < y ?Replace(0x554c4156, 0x44434241)

Replace(0x554c4156, 0x44434241+1)Replace(0x554c4156, 0x44434241-1)

Slow?Executions:

Queue Entries:

?

Cornelius Aschermann

Page 51: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Encodings?atoi

atoll

atol

sign-extendlittle-endian

big-endian

hex-decimal

base-64

hex

Replace(0x554c4156, 0x44434241)

Replace(enc(0x554c4156), enc(0x44434241))

x < y ?

Replace(0x554c4156, 0x44434241)

Replace(0x554c4156, 0x44434241+1)Replace(0x554c4156, 0x44434241-1)

Slow?Executions:

Queue Entries:

?

Cornelius Aschermann

Page 52: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Encodings?atoi

atoll

atol

sign-extendlittle-endian

big-endian

hex-decimal

base-64

hex

Replace(0x554c4156, 0x44434241)

Replace(enc(0x554c4156), enc(0x44434241))

x < y ?Replace(0x554c4156, 0x44434241)

Replace(0x554c4156, 0x44434241+1)Replace(0x554c4156, 0x44434241-1)

Slow?Executions:

Queue Entries:

?

Cornelius Aschermann

Page 53: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Encodings?atoi

atoll

atol

sign-extendlittle-endian

big-endian

hex-decimal

base-64

hex

Replace(0x554c4156, 0x44434241)

Replace(enc(0x554c4156), enc(0x44434241))

x < y ?Replace(0x554c4156, 0x44434241)

Replace(0x554c4156, 0x44434241+1)Replace(0x554c4156, 0x44434241-1)

Slow?

Executions:

Queue Entries:

?

Cornelius Aschermann

Page 54: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Encodings?atoi

atoll

atol

sign-extendlittle-endian

big-endian

hex-decimal

base-64

hex

Replace(0x554c4156, 0x44434241)

Replace(enc(0x554c4156), enc(0x44434241))

x < y ?Replace(0x554c4156, 0x44434241)

Replace(0x554c4156, 0x44434241+1)Replace(0x554c4156, 0x44434241-1)

Slow?Executions:

Queue Entries:

?

Cornelius Aschermann

Page 55: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Encodings?atoi

atoll

atol

sign-extendlittle-endian

big-endian

hex-decimal

base-64

hex

Replace(0x554c4156, 0x44434241)

Replace(enc(0x554c4156), enc(0x44434241))

x < y ?Replace(0x554c4156, 0x44434241)

Replace(0x554c4156, 0x44434241+1)Replace(0x554c4156, 0x44434241-1)

Slow?Executions:

Queue Entries:

?

Cornelius Aschermann

Page 56: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Encodings?atoi

atoll

atol

sign-extendlittle-endian

big-endian

hex-decimal

base-64

hex

Replace(0x554c4156, 0x44434241)

Replace(enc(0x554c4156), enc(0x44434241))

x < y ?Replace(0x554c4156, 0x44434241)

Replace(0x554c4156, 0x44434241+1)Replace(0x554c4156, 0x44434241-1)

Slow?Executions:

Queue Entries:

?

Cornelius Aschermann

Page 57: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Encodings?atoi

atoll

atol

sign-extendlittle-endian

big-endian

hex-decimal

base-64

hex

Replace(0x554c4156, 0x44434241)

Replace(enc(0x554c4156), enc(0x44434241))

x < y ?Replace(0x554c4156, 0x44434241)

Replace(0x554c4156, 0x44434241+1)Replace(0x554c4156, 0x44434241-1)

Slow?Executions:

Queue Entries:

?

Cornelius Aschermann

Page 58: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Large Inputs?

af 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

(64 KB later)

Replace(0x0, 0x44)af 00 00 00

ff ff ff ff

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

Replace(0x0, 0x44)

af 00 00 00

b1 06 77 7a

45 ea 6c 3b

dd a6 3e b1

cc 2d 9d f0

ef 64 4d 45

32 04 54 08

c6 5e f3 e7

Replace(0xb1, 0x44)

Cornelius Aschermann

Page 59: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Large Inputs?

af 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

(64 KB later)

Replace(0x0, 0x44)af 00 00 00

ff ff ff ff

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

Replace(0x0, 0x44)

af 00 00 00

b1 06 77 7a

45 ea 6c 3b

dd a6 3e b1

cc 2d 9d f0

ef 64 4d 45

32 04 54 08

c6 5e f3 e7

Replace(0xb1, 0x44)

Cornelius Aschermann

Page 60: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Large Inputs?

af 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

(64 KB later)

Replace(0x0, 0x44)

af 00 00 00

ff ff ff ff

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

Replace(0x0, 0x44)

af 00 00 00

b1 06 77 7a

45 ea 6c 3b

dd a6 3e b1

cc 2d 9d f0

ef 64 4d 45

32 04 54 08

c6 5e f3 e7

Replace(0xb1, 0x44)

Cornelius Aschermann

Page 61: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Large Inputs?

af 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

(64 KB later)

Replace(0x0, 0x44)

af 00 00 00

ff ff ff ff

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

Replace(0x0, 0x44)

af 00 00 00

b1 06 77 7a

45 ea 6c 3b

dd a6 3e b1

cc 2d 9d f0

ef 64 4d 45

32 04 54 08

c6 5e f3 e7

Replace(0xb1, 0x44)

Cornelius Aschermann

Page 62: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Large Inputs?

af 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

(64 KB later)

Replace(0x0, 0x44)

af 00 00 00

ff ff ff ff

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

Replace(0x0, 0x44)

af 00 00 00

b1 06 77 7a

45 ea 6c 3b

dd a6 3e b1

cc 2d 9d f0

ef 64 4d 45

32 04 54 08

c6 5e f3 e7

Replace(0xb1, 0x44)

Cornelius Aschermann

Page 63: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Large Inputs?

af 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

(64 KB later)

Replace(0x0, 0x44)

af 00 00 00

ff ff ff ff

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

Replace(0x0, 0x44)

af 00 00 00

b1 06 77 7a

45 ea 6c 3b

dd a6 3e b1

cc 2d 9d f0

ef 64 4d 45

32 04 54 08

c6 5e f3 e7

Replace(0xb1, 0x44)

Cornelius Aschermann

Page 64: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Large Inputs?

af 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

(64 KB later)

Replace(0x0, 0x44)

af 00 00 00

ff ff ff ff

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

00 00 00 00

Replace(0x0, 0x44)

af 00 00 00

b1 06 77 7a

45 ea 6c 3b

dd a6 3e b1

cc 2d 9d f0

ef 64 4d 45

32 04 54 08

c6 5e f3 e7

Replace(0xb1, 0x44)

Cornelius Aschermann

Page 65: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

/* magic number */if( u64(input) == u64("MAGICHDR")) bug(1);

/* nested checksum */if( u64(input) == hash(input[8..len]) ) if( u64(input+8) == hash(input[16..len]) ) if( input[16] == ’R’ && input[17] == ’Q’) bug(2);

Cornelius Aschermann

Page 66: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

/* magic number */if( u64(input) == u64("MAGICHDR")) bug(1);

/* nested checksum */if( u64(input) == hash(input[8..len]) ) if( u64(input+8) == hash(input[16..len]) ) if( input[16] == ’R’ && input[17] == ’Q’) bug(2);

Cornelius Aschermann

Page 67: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

/* magic number */if( u64(input) == u64("MAGICHDR")) bug(1);

/* nested checksum */if( u64(input) == hash(input[8..len]) ) if( u64(input+8) == hash(input[16..len]) ) if( input[16] == ’R’ && input[17] == ’Q’) bug(2);

Cornelius Aschermann

Page 68: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Patch with

False Positives?

Fix new queue entries

OR ELSE remove patch

Nesting?

Topological Sort

Cornelius Aschermann

Page 69: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Patch with

False Positives?

Fix new queue entries

OR ELSE remove patch

Nesting?

Topological Sort

Cornelius Aschermann

Page 70: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Patch with

False Positives?

Fix new queue entries

OR ELSE remove patch

Nesting?

Topological Sort

Cornelius Aschermann

Page 71: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Patch with

False Positives?

Fix new queue entries

OR ELSE remove patch

Nesting?

Topological Sort

Cornelius Aschermann

Page 72: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Patch with

False Positives?

Fix new queue entries

OR ELSE remove patch

Nesting?

Topological Sort

Cornelius Aschermann

Page 73: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Patch with

False Positives?

Fix new queue entries

OR ELSE remove patch

Nesting?

Topological Sort

Cornelius Aschermann

Page 74: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

VM

TargetCoverage

Intel PT

Inputs

DMA

Hypercall

Instrument

VMI

Cornelius Aschermann

Page 75: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

VM

Target

CoverageIntel PT

Inputs

DMA

Hypercall

Instrument

VMI

Cornelius Aschermann

Page 76: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

VM

TargetCoverage

Intel PT

Inputs

DMA

Hypercall

Instrument

VMI

Cornelius Aschermann

Page 77: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

VM

TargetCoverage

Intel PT

Inputs

DMA

Hypercall

Instrument

VMI

Cornelius Aschermann

Page 78: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

VM

TargetCoverage

Intel PT

Inputs

DMA

Hypercall

Instrument

VMI

Cornelius Aschermann

Page 79: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

VM

TargetCoverage

Intel PT

Inputs

DMA

Hypercall

Instrument

VMI

Cornelius Aschermann

Page 80: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

VM

TargetCoverage

Intel PT

Inputs

DMA

Hypercall

Instrument

VMI

Cornelius Aschermann

Page 81: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

VM

TargetCoverage

Intel PT

Inputs

DMA

Hypercall

Instrument

VMI

Cornelius Aschermann

Page 82: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

VM

TargetCoverage

Intel PT

Inputs

DMA

Hypercall

Instrument

VMI

Cornelius Aschermann

Page 83: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

LAVA-M

Cornelius Aschermann

Page 84: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

LAVA-M

Cornelius Aschermann

Page 85: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

LAVA-M

Cornelius Aschermann

Page 86: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

LAVA-M

Cornelius Aschermann

Page 87: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

LAVA-M

Cornelius Aschermann

Page 88: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

LAVA-M

Cornelius Aschermann

Page 89: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

CVE-2018-12641 (binutils nm-new)CVE-2018-12697 (binutils libiberty)CVE-2018-12698 (binutils libiberty)CVE-2018-12699 (binutils objdump)CVE-2018-12700 (binutils objdump)CVE-2018-12934 (binutils cxxfilt)CVE-2018-12928 (Linux kernel 4.15.0 hfs.ko)CVE-2018-12929 (Linux kernel 4.15.0 ntfs.ko)CVE-2018-12930 (Linux kernel 4.15.0 ntfs.ko)CVE-2018-12931 (Linux kernel 4.15.0 ntfs.ko)CVE-2018-12932 (Wine)CVE-2018-12933 (Wine)

CVE-2018-14337 (mruby)CVE-2018-14566 (bash)CVE-2018-14567 (xml2)CVE-2018-16747 (fdk-aac)CVE-2018-16748 (fdk-aac)CVE-2018-16749 (ImageMagick)CVE-2018-16750 (ImageMagick)CVE-2018-12935 (ImageMagick)CVE-2018-20116 (tcpdump)CVE-2018-20117 (tcpdump)CVE-2018-20118 (tcpdump)CVE-2018-20119 (tcpdump)

Bugs

Cornelius Aschermann

Page 90: NDSS Symposium – The Network and Distributed System ......Author: Cornelius Aschermann Created Date: 2/26/2019 5:35:16 PM

Input-to-State

Encodings

Colorization

Checksum Patches

Intel PT

VM - Introspection

Overview

Cornelius Aschermann


Syntia: Synthesizing the Semantics of Obfuscated CodeSyntia: Synthesizing the Semantics of Obfuscated Code Tim Blazytko, Moritz Contag, Cornelius Aschermann, Thorsten Holz Ruhr-Universität

Syntia: Synthesizing the Semantics of Obfuscated CodeSyntia: Synthesizing the Semantics of Obfuscated Code Tim Blazytko, Moritz Contag, Cornelius Aschermann, Thorsten Holz Ruhr-Universität

Documents
Metamorph: Injecting Inaudible Commands ... - NDSS Symposium

Metamorph: Injecting Inaudible Commands ... - NDSS Symposium

Documents
El Cornelius

El Cornelius

Documents
Guide Me & Watch Me Succeed - NDSS

Guide Me & Watch Me Succeed - NDSS

Documents
rimoire: Synthesizing Structure while Fuzzing · GRIMOIRE: Synthesizing Structure while Fuzzing Tim Blazytko, Cornelius Aschermann, Moritz Schlögel, Ali Abbasi, Sergej Schumilo,

rimoire: Synthesizing Structure while Fuzzing · GRIMOIRE: Synthesizing Structure while Fuzzing Tim Blazytko, Cornelius Aschermann, Moritz Schlögel, Ali Abbasi, Sergej Schumilo,

Documents
Cornelius Cardew

Cornelius Cardew

Documents
Cornelius Hutfless 20605 Assignsubmission File Zwischenkritik I Luana Cornelius Leopold

Cornelius Hutfless 20605 Assignsubmission File Zwischenkritik I Luana Cornelius Leopold

Documents
NDSS Symposium

NDSS Symposium

Documents
Lis Helena Aschermann Keuchegerian O estranho e o familiar ...€¦ · Lis Helena Aschermann Keuchegerian O estranho e o familiar na noção de habitar de Martin Heidegger . Uma conversa

Lis Helena Aschermann Keuchegerian O estranho e o familiar ...€¦ · Lis Helena Aschermann Keuchegerian O estranho e o familiar na noção de habitar de Martin Heidegger . Uma conversa

Documents
Polypyus – The Firmware Historian - NDSS Symposium

Polypyus – The Firmware Historian - NDSS Symposium

Documents
St. Cornelius

St. Cornelius

Documents
BotSniffer Ndss Slides

BotSniffer Ndss Slides

Documents
Intel Cornelius

Intel Cornelius

Documents
Cornelius Kekelidze

Cornelius Kekelidze

Documents
, Sujuan - NDSS Symposium

, Sujuan - NDSS Symposium

Documents
NDSS Ambassador Sargent Shriver International Global ...€¦ · David Egan 1 NDSS Ambassador Sargent Shriver International Global Messenger. JP Kennedy Jr. Public Policy Fellow

NDSS Ambassador Sargent Shriver International Global ...€¦ · David Egan 1 NDSS Ambassador Sargent Shriver International Global Messenger. JP Kennedy Jr. Public Policy Fellow

Documents
Cornelius Rosse

Cornelius Rosse

Documents
NTI UZZ: Impeding Fuzzing Audits of Binary Executables · ANTIFUZZ: Impeding Fuzzing Audits of Binary Executables Emre Güler, Cornelius Aschermann, Ali Abbasi, and Thorsten Holz

NTI UZZ: Impeding Fuzzing Audits of Binary Executables · ANTIFUZZ: Impeding Fuzzing Audits of Binary Executables Emre Güler, Cornelius Aschermann, Ali Abbasi, and Thorsten Holz

Documents
Aurora: Statistical Crash Analysis for Automated Root ... · AURORA: Statistical Crash Analysis for Automated Root Cause Explanation Tim Blazytko, Moritz Schlögel, Cornelius Aschermann,

Aurora: Statistical Crash Analysis for Automated Root ... · AURORA: Statistical Crash Analysis for Automated Root Cause Explanation Tim Blazytko, Moritz Schlögel, Cornelius Aschermann,

Documents
NDSS National Defense Super System

NDSS National Defense Super System

Education
CloudLeak - NDSS Symposium

CloudLeak - NDSS Symposium

Documents
NDSS Registration Form - Diabetes Australia · PDF fileRegistration Form The National Diabetes Services Scheme (NDSS) is an initiative of the Australian Government administered by

NDSS Registration Form - Diabetes Australia · PDF fileRegistration Form The National Diabetes Services Scheme (NDSS) is an initiative of the Australian Government administered by

Documents
Michael Zohner (TU Darmstadt) - NDSS Symposium

Michael Zohner (TU Darmstadt) - NDSS Symposium

Documents
Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS

Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS

Documents
Cornelius Castoriadis. Cornelius Castoriadis: Political and

Cornelius Castoriadis. Cornelius Castoriadis: Political and

Documents
Cornelius Hoot

Cornelius Hoot

Entertainment & Humor
Absorption NDSS

Absorption NDSS

Documents
Cornelius Arts Center is now Fall 2021 Cornelius Arts

Cornelius Arts Center is now Fall 2021 Cornelius Arts

Documents
Understanding and Detecting International ... - NDSS Symposium

Understanding and Detecting International ... - NDSS Symposium

Documents
Mr Cornelius

Mr Cornelius

Education