Program analysis of binary (i.e., executable) code has become an important and recurring goal in software analysis research and practice. Binary code analysis is attractive because it offers high fidelity reasoning of the code that will actually execute, and because not requiring source code makes such techniques more widely applicable. BAP, the Binary Analysis Platform, is the third incarnation of our infrastructure for performing analysis on binary code. Like other platforms such as CodeSurfer/x86 [3], McVeto [15], Phoenix [11], and Jakstab [9], BAP first disassembles binary code into assembly instructions, lifts the instructions to an intermediate language (IL), and then performs analysis at the IL level. BAP provides the following salient features: – BAP makes all side effects of assembly instructions explicit in the IL. This enables all subsequent analyses to be written in a syntax-directed fashion. For example, the core code of our symbolic executor for assembly is only 250 lines long due to the simplicity of the IL. The operational semantics of the IL are formally defined and available in the BAP manual [7]. – Common code representations such as CFGs, static single assignment/threeaddress code form, program dependence graphs, a dataflow framework with constant folding, dead code elimination, value set analysis [3], and strongly connected component (SCC) based value numbering. – Verification capabilities via Dijkstra and Flanagan-Saxe style weakest preconditions and interfaces with several SMT solvers. The verification can be performed on dynamically executed traces (e.g., via an interface with Intel’s Pin Framework), as well as on static code sequences. – BAP is publicly available with source code at http://bap.ece.cmu.edu/. BAP currently supports x86 and ARM. We have leveraged BAP and its predecessors in dozens of security research applications ranging from automatically generating exploits for buffer overflows to inferring types on assembly. A recurring task in our research is to generate Published in the Proceedings of 2011 Conference on Computer Aided Verification 2 BAP logical verification conditions (VCs) from code, usually so that satisfying answers are inputs that drive execution down particular code paths. Generating VCs that are actually solvable in practice is important; we routinely solve VCs hundreds of megabytes in size that capture the semantics of 100,000s of assembly instructions using BAP. In the rest of this paper we discuss these features, how they evolved, compare them to other platforms where possible, and provide examples of how we have used them in various projects. 2 BAP Goals and Related Work Fully representing the semantics of assembly is more challenging than it would seem. In order to appreciate the difficulty, consider the three line assembly program below. Suppose we want to create a verification condition (VC) that is satisfied only by inputs that take the conditional jump (e.g., to find inputs that take the jump). The challenge is that arithmetic operations set up to 6 status flags, and control flow in assembly depends upon the values of those flags. Simply lifting line 1 to something like ebx = eax + ebx does not expose those side effects. 1 add %eax , %ebx # ebx=eax+ebx ( s e t s OF, SF , ZF , AF, CF , PF) 2 s h l %c l , %ebx # ebx=ebx<<c l ( s e t s OF, SF , ZF , AF, CF , PF) 3 j c t a r g e t # jump t o t a r g e t i f c a r r y f l a g i s s e t The first generation of our binary analysis tools, asm2c, attempted to directly decompile x86 assembly to C, and then perform all software analysis on the resulting C code. asm2c left instruction side effects implicit, which made it difficult to analyze control flow. Other binary tools such as instrumentors, disassemblers, and editors (e.g., DynInst [13], Valgrind [12], and Microsoft Phoenix [11]) also did not represent these side effects explicitly. Our next incarnation, Vine, was designed to address the problem by explicitly encoding side-effects in the IL. The result is that subsequent analyses and verification could rely upon the IL syntax alone. Vine is significantly more successful than asm2c, and has been used in dozens of research projects (see [4]).1 Vine used VEX [12] to provide a rough IL for each instruction, which was then augmented by Vine to expose all otherwise-implicit side effects. An important implementation decision was to implement the Vine back-end in OCaml (asm2c was in C++). We found OCaml’s language features to be a much better match for program analysis and verification. However, the Vine IL grew over time, lacked a formal semantics for the IL itself, and did not handle bi-endian architectures such as ARM correctly.
A Contract Data Requirements List (CDRL) is part of the Department of Defense’s procurement contract documents. CDRLs work in conjunction with the Statement of Work (SOW) form and the Data Item Description (DID) form. CDRLs list the items that a contractor is required to deliver per the contract. The document identifies for a contractor which analysis, reports or data a vendor has to submit regarding tasks specified in the SOW. The document provides information that a contractor is required to have concerning the time frame for original and subsequent submissions, total number of copies required, data distribution, and whether the government will approve the submittal. Government approval notwithstanding, the vendor is still required to perform the work and provide the data. A SOW identifies the work that is to be performed by a contractor. The CDRL designates the data that is to be provided to the government. The DID designates the format and content of the data to be submitted to the government. The document is designated as DD1423 for the Department of Defense (DoD) and is a part of every contract. Government employees and contractors have sections that require completion on the form. CDRLs represent the fundamental contract document which describes data required by and for the contract. Contractors have to provide the data described in the DIDs that accompany the document. The Contract Data Requirements List identifies each item of data requested as deliverable in the delivery order. DIDs that are not listed or identified in a specific Deliver Order Statement of Work will not be needed for that Deliver Order. Contractors have to structure, maintain and deliver all data in compliance with the requirements stated on the document. The DoD has very strict requirements regarding use and completion of the Contract Data Requirements List. Some sections are self-explanatory. Each CDRL contains a data item number, data item title and a data item approval code. All data requirements listed on the document have a corresponding DID. If a minor change, designated as Class II, should occur in the final versions of data items that have been delivered, contractors are afforded the opportunity to create a document change notice. The document is essential in communicating which analysis, maps, drawings, samples or spreadsheets are needed by the government.
Capture the Flag (CTF) is a special kind of information security competitions. There are three common types of CTFs: Jeopardy, Attack-Defence and mixed. Jeopardy-style CTFs has a couple of questions (tasks) in range of categories. For example, Web, Forensic, Crypto, Binary or something else. Team can gain some points for every solved task. More points for more complicated tasks usually. The next task in chain can be opened only after some team solve previous task. Then the game time is over sum of points shows you a CTF winer. Famous example of such CTF is Defcon CTF quals. Well, attack-defence is another interesting kind of competitions. Here every team has own network(or only one host) with vulnarable services. Your team has time for patching your services and developing exploits usually. So, then organizers connects participants of competition and the wargame starts! You should protect own services for defence points and hack opponents for attack points. Historically this is a first type of CTFs, everybody knows about DEF CON CTF - something like a World Cup of all other competitions. Mixed competitions may vary possible formats. It may be something like wargame with special time for task-based elements (like UCSB iCTF). CTF games often touch on many other aspects of information security: cryptography, stego, binary analysis, reverse engeneering, mobile security and others. Good teams generally have strong skills and experience in all these issues. CTF contests are usually designed to serve as an educational exercise to give participants experience in securing a machine, as well as conducting and reacting to the sort of attacks found in the real world. Reverse-engineering, network sniffing, protocol analysis, system administration, programming, and cryptanalysis are all skills which have been required by prior CTF contests at DEF CON. There are two main styles of capture the flag competitions: attack/defense and jeopardy. In an attack/defense style competition, each team is given a machine (or a small network) to defend on an isolated network. Teams are scored on both their success in defending their assigned machine and on their success in attacking other team's machines. Depending on the nature of the particular CTF game, teams may either be attempting to take an opponent's flag from their machine or teams may be attempting to plant their own flag on their opponent's machine. One of the more prominent attack/defense CTF's is held every year at the hacker conference DEF CON. Jeopardy-style competitions usually involve multiple categories of problems, each of which contains a variety of questions of different point values and difficulties. Teams attempt to solve the most number of points in the competition's time frame (for example 24 hours), but do not directly attack each other. Rather than a race, this style of game play encourages taking time to approach challenges and prioritizes quantity of correct submissions over the timing. see an example!Tools for BusinessesManage apps your business owns Business Mapping APICorrelate a person's IDs across the multiple apps your business owns. Cross-app promotionHelp people discover your other apps by surfacing the friends who use them. Hardware choiceBrillo is supported across ARM, Intel x86, and MIPS-based hardware. Compatible boards conform to specific guidelines, making your development experience simple and consistent. Get started quickly by purchasing an Intel Edison or Qualcomm Dragonboard 410c development board. Prototype to productionFlexibly prototype your custom application. Easily move from prototype to production. Everything else you need is already built-in Operate at scaleUse the provided tools to manage your fleet of devices at scale with OTA updates, runtime metrics, and crash reporting. These secure services are available through a single developer console. Start developing with BrilloBuild on Brillo with an embedded OS based on Android, core services built-in, a developer kit, and a developer console. Choose from a variety of hardware capabilities and customization options, quickly move from prototype to production, and manage at scale with OTA updates, metrics, and crash reporting. Invitation Request |
Good coders code.
|
the_opportunity_analysis_canvas_-_third_edition.pdf | |
File Size: | 1685 kb |
File Type: |