Verifying offchain computations using TrueBit. Sami MakelaCyber Fund
This document discusses the TrueBit protocol for verifying offchain computations on the Ethereum blockchain. It describes how computations can be done offchain but still guaranteed to be correct through a process of solvers posting solutions and verifiers checking them. If a solution is incorrect, verifiers can challenge it. The protocol uses a technique of binary search to efficiently locate points of disagreement between solvers and verifiers, which can then be adjudicated onchain. It aims to enable virtually any computation to be verified in this way.
1) Ekiden is a new platform that allows for private and high-performance smart contract execution using trusted execution environments (TEEs) and blockchains.
2) It combines blockchains with TEEs to execute smart contracts off-chain in a way that preserves data confidentiality while maintaining strong on-chain consistency.
3) Ekiden aims to provide confidentiality-preserving smart contracts with high availability, high performance, and formal security guarantees through the use of cryptographic techniques and TEE hardware.
FastBFT is a scalable Byzantine fault tolerant consensus protocol that uses hardware-assisted secret sharing to achieve high performance. It uses a trusted execution environment to implement a lightweight secret sharing scheme and assign unique sequence numbers to requests. Replicas are organized in a tree topology to distribute communication and computation costs, allowing the protocol to reach consensus in a constant number of message rounds regardless of the number of replicas. The protocol takes an optimistic approach where a subset of replicas participate in agreement while others passively update their state.
The document presents Visigoth, a new fault tolerance model and framework for replicated state machines in data centers. Visigoth can calibrate timing assumptions between synchronous and asynchronous, and fault behavior between crash and Byzantine faults. It aims to tolerate arbitrary but non-malicious faults with fewer replicas than Byzantine fault tolerance by distinguishing fault types. The authors implement a Visigoth fault tolerance library called VFT-SMaRt that uses a new quorum gathering primitive to handle the flexible quorum sizes of the Visigoth model. An evaluation shows VFT can tolerate the same number of faults as crash fault tolerance with better performance and fewer resources.
OmniLedger is a secure and scalable decentralized ledger that uses sharding to improve throughput. It uses RandHound for bias-resistant sharding of validators into shards via cryptographic sortition. ByzCoinX provides intra-shard consensus and Atomix enables cross-shard transactions using a UTXO model and BlockDAG. OmniLedger aims to preserve security and decentralization while providing Visa-level throughput and low latency transactions. Formal security proofs were not provided.
The document provides a summary of the history and components of Linux and Unix operating systems. It discusses how UNIX was first developed in 1969 and many variants emerged since including Linux, which was created by Linus Torvalds in 1991. It then outlines the key components of Linux including the kernel, development environment, user interface, documentation, and commands for navigating directories, manipulating files, and input/output redirection.
Bsdtw17: george neville neil: realities of dtrace on free-bsdScott Tsai
This document summarizes a talk on the history and current state of DTrace, a dynamic tracing framework originally developed for Solaris and later ported to FreeBSD and MacOS. It discusses how DTrace has been used for performance analysis, distributed systems tracing, and teaching operating systems. Recent improvements include machine-readable output, new providers, and performance tuning. Future work includes the OpenDTrace cross-platform project and improving the D programming language used to write probes.
Verifying offchain computations using TrueBit. Sami MakelaCyber Fund
This document discusses the TrueBit protocol for verifying offchain computations on the Ethereum blockchain. It describes how computations can be done offchain but still guaranteed to be correct through a process of solvers posting solutions and verifiers checking them. If a solution is incorrect, verifiers can challenge it. The protocol uses a technique of binary search to efficiently locate points of disagreement between solvers and verifiers, which can then be adjudicated onchain. It aims to enable virtually any computation to be verified in this way.
1) Ekiden is a new platform that allows for private and high-performance smart contract execution using trusted execution environments (TEEs) and blockchains.
2) It combines blockchains with TEEs to execute smart contracts off-chain in a way that preserves data confidentiality while maintaining strong on-chain consistency.
3) Ekiden aims to provide confidentiality-preserving smart contracts with high availability, high performance, and formal security guarantees through the use of cryptographic techniques and TEE hardware.
FastBFT is a scalable Byzantine fault tolerant consensus protocol that uses hardware-assisted secret sharing to achieve high performance. It uses a trusted execution environment to implement a lightweight secret sharing scheme and assign unique sequence numbers to requests. Replicas are organized in a tree topology to distribute communication and computation costs, allowing the protocol to reach consensus in a constant number of message rounds regardless of the number of replicas. The protocol takes an optimistic approach where a subset of replicas participate in agreement while others passively update their state.
The document presents Visigoth, a new fault tolerance model and framework for replicated state machines in data centers. Visigoth can calibrate timing assumptions between synchronous and asynchronous, and fault behavior between crash and Byzantine faults. It aims to tolerate arbitrary but non-malicious faults with fewer replicas than Byzantine fault tolerance by distinguishing fault types. The authors implement a Visigoth fault tolerance library called VFT-SMaRt that uses a new quorum gathering primitive to handle the flexible quorum sizes of the Visigoth model. An evaluation shows VFT can tolerate the same number of faults as crash fault tolerance with better performance and fewer resources.
OmniLedger is a secure and scalable decentralized ledger that uses sharding to improve throughput. It uses RandHound for bias-resistant sharding of validators into shards via cryptographic sortition. ByzCoinX provides intra-shard consensus and Atomix enables cross-shard transactions using a UTXO model and BlockDAG. OmniLedger aims to preserve security and decentralization while providing Visa-level throughput and low latency transactions. Formal security proofs were not provided.
The document provides a summary of the history and components of Linux and Unix operating systems. It discusses how UNIX was first developed in 1969 and many variants emerged since including Linux, which was created by Linus Torvalds in 1991. It then outlines the key components of Linux including the kernel, development environment, user interface, documentation, and commands for navigating directories, manipulating files, and input/output redirection.
Bsdtw17: george neville neil: realities of dtrace on free-bsdScott Tsai
This document summarizes a talk on the history and current state of DTrace, a dynamic tracing framework originally developed for Solaris and later ported to FreeBSD and MacOS. It discusses how DTrace has been used for performance analysis, distributed systems tracing, and teaching operating systems. Recent improvements include machine-readable output, new providers, and performance tuning. Future work includes the OpenDTrace cross-platform project and improving the D programming language used to write probes.
Diagnosing HotSpot JVM Memory Leaks with JFR and JMCMushfekur Rahman
This document discusses diagnosing memory leaks in the HotSpot JVM using Java Flight Recorder (JFR) and Java Mission Control (JMC). It covers Java reference types, GC reachability, common causes of memory leaks like non-static inner classes and thread locals, and how to use JFR to record events and diagnose leaks by analyzing memory usage over time.
Building a Unified Logging Layer with Fluentd, Elasticsearch and KibanaMushfekur Rahman
This document discusses building a unified logging layer using Fluentd, Elasticsearch, and Kibana. It describes what a unified logging layer is and why it is needed to collect, format, filter, and forward logs from multiple sources to storage. It then provides overviews of Fluentd for log collection, Elasticsearch for storage and querying, and Kibana for real-time visualization. Details are given on the architectures, plugins, and configurations of each tool and how they can work together in a scalable and highly available logging system.
Distributed Transaction Management in Spring & JEEMushfekur Rahman
This document discusses distributed transaction management in Spring and Java EE. It begins with an overview of transactions and their importance for atomic operations across multiple databases or other resources. It then discusses the challenges of distributed transactions that involve multiple machines and components. The document introduces the XA specification for coordinating two-phase commit transactions across heterogeneous systems. It also discusses how Java Transaction API (JTA) and application servers like WebLogic implement the XA specification. Finally, it covers declarative and programmatic transaction demarcation in Spring using annotations and proxies.
This document discusses the basics of cryptography including encryption, decryption, and cryptanalysis. Encryption is the process of disguising plaintext using a cipher and key, resulting in ciphertext. Decryption is the reverse process that results in the original plaintext. Cryptanalysis aims to recover the original plaintext, key, or algorithm without having the key by using attacks like ciphertext-only, known-plaintext, chosen-plaintext, and adaptive chosen-plaintext attacks.
The document summarizes research into the Red Star OS operating system used in North Korea. Key findings include:
1) Red Star OS is based on Linux and resembles Windows XP or Mac OS X. It includes custom firewall software called Pyongyang Fortress which is derived from the open-source Snort network intrusion detection system.
2) Analysis of Pyongyang Fortress found it to be security theater with binaries that were much smaller than their open source counterparts and lacked full functionality.
3) Tests of censorship detection found that internet requests were not modified or blocked from within Red Star OS, suggesting censorship occurs at the intranet level before internet access.
This document summarizes a presentation about pentesting custom TLS stacks. It discusses using the scapy-ssl_tls tool to craft and analyze TLS packets in order to evaluate the security of custom TLS implementations. The presentation covers TLS protocol basics, features of scapy-ssl_tls like packet parsing and crypto hooks, and techniques for analyzing areas like supported versions/ciphers, the TLS state machine, Diffie-Hellman parameters, side channels, fragmentation, and more. It aims to provide a way to efficiently reproduce TLS attacks and help test responses to vulnerabilities.
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)Kevin Lynch
In this presentation I talk about our motivation to converting our microservices to run on Kubernetes. I discuss many of the technical challenges we encountered along the way, including networking issues, Java issues, monitoring and alerting, and managing all of our resources!
31c3 Presentation - Virtual Machine IntrospectionTamas K Lengyel
This document discusses virtual machine introspection (VMI) using the Xen hypervisor. VMI allows reconstructing a guest VM's state from outside the guest by monitoring its memory, CPU, and devices. It provides isolation, interpretation of the guest's state, and ability to intercept execution. The document outlines challenges like reconstructing paged memory and kernel data structures. It presents tools like LibVMI and DRAKVUF that use VMI for malware analysis and cloud security. Kernel code integrity during runtime patching is also discussed.
Real time intrusion detection in network traffic using adaptive and auto-scal...Gobinath Loganathan
This document proposes an adaptive and auto-scaling stream processor called Wisdom to enable real-time intrusion detection in network traffic. Wisdom can dynamically optimize complex event processing (CEP) rules using hybrid optimization algorithms like particle swarm optimization and bisection. Tests show Wisdom can detect attacks like HTTP slow header denial of service and port scans with over 99.95% accuracy. Wisdom also allows functionally auto-scaling deployments of CEP rules to optimize resource usage.
Profilers find performance bottlenecks in your app but provide confusing information. Let's give you insights into how your profiler and your app are really interacting. What profiling APIs are available, how they work, and what their implementation on the JVM (OpenJDK) side looks like:
Stack sampling profilers: stop motion view of your app
GetCallTrace(JVisualVM case study): The official stack sampling API
Safepoints and safepoint sampling bias
AsyncGetCallTrace(Honest Profiler Case Study): The unofficial API
JVM Profilers vs System Profilers: No API needed?
Building a data pipeline to ingest data into Hadoop in minutes using Streamse...Guglielmo Iozzia
Slides from my talk at the Hadoop User Group Ireland meetup on June 13th 2016: building a data pipeline to ingest data from sources of different nature into Hadoop in minutes (and no coding at all) using the Open Source Streamsets Data Collector tool.
Combining Phase Identification and Statistic Modeling for Automated Parallel ...Mingliang Liu
Parallel application benchmarks are indispensable for evaluating/optimizing HPC software and hardware. However, it is very challenging and costly to obtain high-fidelity benchmarks reflecting the scale and complexity of state-of-the-art parallel applications. Hand-extracted synthetic benchmarks are time- and labor-intensive to create. Real applications themselves, while offering most accurate performance evaluation, are expensive to compile, port, reconfigure, and often plainly inaccessible due to security or ownership concerns. This work contributes APPrime, a novel tool for trace-based automatic parallel benchmark generation. Taking as input standard communication-I/O traces of an application's execution, it couples accurate automatic phase identification with statistical regeneration of event parameters to create compact, portable, and to some degree reconfigurable parallel application benchmarks. Experiments with four NAS Parallel Benchmarks (NPB) and three real scientific simulation codes confirm the fidelity of APPrime benchmarks. They retain the original applications' performance characteristics, in particular their relative performance across platforms. Also, the result benchmarks, already released online, are much more compact and easy-to-port compared to the original applications.
http://dl.acm.org/citation.cfm?id=2745876
The Google File System was designed by Google to store and manage large files across thousands of commodity servers. It uses a single master to manage metadata and track file locations across chunkservers. Chunks are replicated for reliability and placed across racks to improve bandwidth utilization. The system provides high throughput for concurrent reads and writes through leases to maintain consistency and pipelining of data flows. Logs and replication are used to provide fault tolerance against server failures.
Kubernetes @ Squarespace: Kubernetes in the DatacenterKevin Lynch
The document discusses Kubernetes adoption at Squarespace as their engineering organization grew. It describes the challenges of a monolithic architecture and how microservices addressed these challenges. It then discusses how Kubernetes helped solve operational challenges of provisioning and scaling microservices. Key Kubernetes concepts like pods, deployments, services and namespaces are explained. Monitoring, networking and security with Kubernetes are also covered.
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemThomas Graf
Container runtimes cause Linux to return to its original purpose: to serve applications interacting directly with the kernel. At the same time, the Linux kernel is traditionally difficult to change and its development process is full of myths. A new efficient in-kernel programming language called eBPF is changing this and allows everyone to extend existing kernel components or glue them together in new forms without requiring to change the kernel itself.
Ever Present Persistence - Established Footholds Seen in the WildCTruncer
This talk is about different attacker persistence techniques that we have seen in the wild, or published by other companies. We wanted to create a massive document containing all of these techniques with a mile wide, inch deep approach. Our goal is to give a description of how each technique works and a way to detect them to allow anyone to start looking for these specific techniques.
MongoDB Operational Best Practices (mongosf2012)Scott Hernandez
The document outlines operational best practices learned from analyzing real support cases. It describes 3 scenarios where performance issues were identified: 1) response time timeouts due to disk monitoring and instrumentation issues, 2) high CPU usage due to poorly indexed queries, and 3) general slowdowns due to large disk read-ahead size. Key learnings include monitoring logs and systems, performance testing before deployments, using database profilers and indexes, and planning rollouts and configurations.
Skydive is a real-time network topology and protocols analyzer that provides non-intrusive monitoring of SDNs. It collects data from agents running on nodes through southbound APIs and topology queries to analyze flows and topology in an SDN-agnostic manner. Skydive aims to help troubleshoot complex SDN issues by providing visibility into where packets are dropped, fragmented, or experiencing congestion across overlays, underlays, and the control and data planes.
Ведущий: Макс Мороз
Обзор системы ClusterFuzz, позволяющей осуществить проверку браузера Chrome на наличие уязвимостей в режиме реального времени и получить воспроизводимые результаты исследования каждого конкретного сбоя. Будут продемонстрированы преимущества использования различных санитайзеров и LibFuzzer, библиотеки для направленного фаззинга. Будет приведена подробная статистика видов уязвимостей, найденных в Chrome. Слушатели узнают о подводных камнях распределенного фаззинга; о том, как можно запустить свои собственные фаззеры в инфраструктуре Google и получить вознаграждение за найденные уязвимости.
The second part of Linux Internals covers system calls, process subsystem and inter process communication mechanisms. Understanding these services provided by Linux are essential for embedded systems engineer.
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...Alexandre Moneger
This presentation shows that code coverage guided fuzzing is possible in the context of network daemon fuzzing.
Some fuzzers are blackbox while others are protocol aware. Even ones which are made protocol aware, fuzzer writers typically model the protocol specification and implement packet awareness logic in the fuzzer. Unfortunately, just because the fuzzer is protocol aware, it does not guarantee that sufficient code paths have been reached.
The presentation deals with specific scenarios where the target protocol is completely unknown (proprietary) and no source code or protocol specs are accessible. The tool developed builds a feedback loop between the client and the server components using the concept of "gate functions". A gate function triggers monitoring. The pintool component tracks the binary code coverage for all the functions untill it reaches an exit gate. By instrumenting such gated functions, the tool is able to measure code coverage during packet processing.
Diagnosing HotSpot JVM Memory Leaks with JFR and JMCMushfekur Rahman
This document discusses diagnosing memory leaks in the HotSpot JVM using Java Flight Recorder (JFR) and Java Mission Control (JMC). It covers Java reference types, GC reachability, common causes of memory leaks like non-static inner classes and thread locals, and how to use JFR to record events and diagnose leaks by analyzing memory usage over time.
Building a Unified Logging Layer with Fluentd, Elasticsearch and KibanaMushfekur Rahman
This document discusses building a unified logging layer using Fluentd, Elasticsearch, and Kibana. It describes what a unified logging layer is and why it is needed to collect, format, filter, and forward logs from multiple sources to storage. It then provides overviews of Fluentd for log collection, Elasticsearch for storage and querying, and Kibana for real-time visualization. Details are given on the architectures, plugins, and configurations of each tool and how they can work together in a scalable and highly available logging system.
Distributed Transaction Management in Spring & JEEMushfekur Rahman
This document discusses distributed transaction management in Spring and Java EE. It begins with an overview of transactions and their importance for atomic operations across multiple databases or other resources. It then discusses the challenges of distributed transactions that involve multiple machines and components. The document introduces the XA specification for coordinating two-phase commit transactions across heterogeneous systems. It also discusses how Java Transaction API (JTA) and application servers like WebLogic implement the XA specification. Finally, it covers declarative and programmatic transaction demarcation in Spring using annotations and proxies.
This document discusses the basics of cryptography including encryption, decryption, and cryptanalysis. Encryption is the process of disguising plaintext using a cipher and key, resulting in ciphertext. Decryption is the reverse process that results in the original plaintext. Cryptanalysis aims to recover the original plaintext, key, or algorithm without having the key by using attacks like ciphertext-only, known-plaintext, chosen-plaintext, and adaptive chosen-plaintext attacks.
The document summarizes research into the Red Star OS operating system used in North Korea. Key findings include:
1) Red Star OS is based on Linux and resembles Windows XP or Mac OS X. It includes custom firewall software called Pyongyang Fortress which is derived from the open-source Snort network intrusion detection system.
2) Analysis of Pyongyang Fortress found it to be security theater with binaries that were much smaller than their open source counterparts and lacked full functionality.
3) Tests of censorship detection found that internet requests were not modified or blocked from within Red Star OS, suggesting censorship occurs at the intranet level before internet access.
This document summarizes a presentation about pentesting custom TLS stacks. It discusses using the scapy-ssl_tls tool to craft and analyze TLS packets in order to evaluate the security of custom TLS implementations. The presentation covers TLS protocol basics, features of scapy-ssl_tls like packet parsing and crypto hooks, and techniques for analyzing areas like supported versions/ciphers, the TLS state machine, Diffie-Hellman parameters, side channels, fragmentation, and more. It aims to provide a way to efficiently reproduce TLS attacks and help test responses to vulnerabilities.
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)Kevin Lynch
In this presentation I talk about our motivation to converting our microservices to run on Kubernetes. I discuss many of the technical challenges we encountered along the way, including networking issues, Java issues, monitoring and alerting, and managing all of our resources!
31c3 Presentation - Virtual Machine IntrospectionTamas K Lengyel
This document discusses virtual machine introspection (VMI) using the Xen hypervisor. VMI allows reconstructing a guest VM's state from outside the guest by monitoring its memory, CPU, and devices. It provides isolation, interpretation of the guest's state, and ability to intercept execution. The document outlines challenges like reconstructing paged memory and kernel data structures. It presents tools like LibVMI and DRAKVUF that use VMI for malware analysis and cloud security. Kernel code integrity during runtime patching is also discussed.
Real time intrusion detection in network traffic using adaptive and auto-scal...Gobinath Loganathan
This document proposes an adaptive and auto-scaling stream processor called Wisdom to enable real-time intrusion detection in network traffic. Wisdom can dynamically optimize complex event processing (CEP) rules using hybrid optimization algorithms like particle swarm optimization and bisection. Tests show Wisdom can detect attacks like HTTP slow header denial of service and port scans with over 99.95% accuracy. Wisdom also allows functionally auto-scaling deployments of CEP rules to optimize resource usage.
Profilers find performance bottlenecks in your app but provide confusing information. Let's give you insights into how your profiler and your app are really interacting. What profiling APIs are available, how they work, and what their implementation on the JVM (OpenJDK) side looks like:
Stack sampling profilers: stop motion view of your app
GetCallTrace(JVisualVM case study): The official stack sampling API
Safepoints and safepoint sampling bias
AsyncGetCallTrace(Honest Profiler Case Study): The unofficial API
JVM Profilers vs System Profilers: No API needed?
Building a data pipeline to ingest data into Hadoop in minutes using Streamse...Guglielmo Iozzia
Slides from my talk at the Hadoop User Group Ireland meetup on June 13th 2016: building a data pipeline to ingest data from sources of different nature into Hadoop in minutes (and no coding at all) using the Open Source Streamsets Data Collector tool.
Combining Phase Identification and Statistic Modeling for Automated Parallel ...Mingliang Liu
Parallel application benchmarks are indispensable for evaluating/optimizing HPC software and hardware. However, it is very challenging and costly to obtain high-fidelity benchmarks reflecting the scale and complexity of state-of-the-art parallel applications. Hand-extracted synthetic benchmarks are time- and labor-intensive to create. Real applications themselves, while offering most accurate performance evaluation, are expensive to compile, port, reconfigure, and often plainly inaccessible due to security or ownership concerns. This work contributes APPrime, a novel tool for trace-based automatic parallel benchmark generation. Taking as input standard communication-I/O traces of an application's execution, it couples accurate automatic phase identification with statistical regeneration of event parameters to create compact, portable, and to some degree reconfigurable parallel application benchmarks. Experiments with four NAS Parallel Benchmarks (NPB) and three real scientific simulation codes confirm the fidelity of APPrime benchmarks. They retain the original applications' performance characteristics, in particular their relative performance across platforms. Also, the result benchmarks, already released online, are much more compact and easy-to-port compared to the original applications.
http://dl.acm.org/citation.cfm?id=2745876
The Google File System was designed by Google to store and manage large files across thousands of commodity servers. It uses a single master to manage metadata and track file locations across chunkservers. Chunks are replicated for reliability and placed across racks to improve bandwidth utilization. The system provides high throughput for concurrent reads and writes through leases to maintain consistency and pipelining of data flows. Logs and replication are used to provide fault tolerance against server failures.
Kubernetes @ Squarespace: Kubernetes in the DatacenterKevin Lynch
The document discusses Kubernetes adoption at Squarespace as their engineering organization grew. It describes the challenges of a monolithic architecture and how microservices addressed these challenges. It then discusses how Kubernetes helped solve operational challenges of provisioning and scaling microservices. Key Kubernetes concepts like pods, deployments, services and namespaces are explained. Monitoring, networking and security with Kubernetes are also covered.
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemThomas Graf
Container runtimes cause Linux to return to its original purpose: to serve applications interacting directly with the kernel. At the same time, the Linux kernel is traditionally difficult to change and its development process is full of myths. A new efficient in-kernel programming language called eBPF is changing this and allows everyone to extend existing kernel components or glue them together in new forms without requiring to change the kernel itself.
Ever Present Persistence - Established Footholds Seen in the WildCTruncer
This talk is about different attacker persistence techniques that we have seen in the wild, or published by other companies. We wanted to create a massive document containing all of these techniques with a mile wide, inch deep approach. Our goal is to give a description of how each technique works and a way to detect them to allow anyone to start looking for these specific techniques.
MongoDB Operational Best Practices (mongosf2012)Scott Hernandez
The document outlines operational best practices learned from analyzing real support cases. It describes 3 scenarios where performance issues were identified: 1) response time timeouts due to disk monitoring and instrumentation issues, 2) high CPU usage due to poorly indexed queries, and 3) general slowdowns due to large disk read-ahead size. Key learnings include monitoring logs and systems, performance testing before deployments, using database profilers and indexes, and planning rollouts and configurations.
Skydive is a real-time network topology and protocols analyzer that provides non-intrusive monitoring of SDNs. It collects data from agents running on nodes through southbound APIs and topology queries to analyze flows and topology in an SDN-agnostic manner. Skydive aims to help troubleshoot complex SDN issues by providing visibility into where packets are dropped, fragmented, or experiencing congestion across overlays, underlays, and the control and data planes.
Ведущий: Макс Мороз
Обзор системы ClusterFuzz, позволяющей осуществить проверку браузера Chrome на наличие уязвимостей в режиме реального времени и получить воспроизводимые результаты исследования каждого конкретного сбоя. Будут продемонстрированы преимущества использования различных санитайзеров и LibFuzzer, библиотеки для направленного фаззинга. Будет приведена подробная статистика видов уязвимостей, найденных в Chrome. Слушатели узнают о подводных камнях распределенного фаззинга; о том, как можно запустить свои собственные фаззеры в инфраструктуре Google и получить вознаграждение за найденные уязвимости.
The second part of Linux Internals covers system calls, process subsystem and inter process communication mechanisms. Understanding these services provided by Linux are essential for embedded systems engineer.
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...Alexandre Moneger
This presentation shows that code coverage guided fuzzing is possible in the context of network daemon fuzzing.
Some fuzzers are blackbox while others are protocol aware. Even ones which are made protocol aware, fuzzer writers typically model the protocol specification and implement packet awareness logic in the fuzzer. Unfortunately, just because the fuzzer is protocol aware, it does not guarantee that sufficient code paths have been reached.
The presentation deals with specific scenarios where the target protocol is completely unknown (proprietary) and no source code or protocol specs are accessible. The tool developed builds a feedback loop between the client and the server components using the concept of "gate functions". A gate function triggers monitoring. The pintool component tracks the binary code coverage for all the functions untill it reaches an exit gate. By instrumenting such gated functions, the tool is able to measure code coverage during packet processing.
The document discusses Process Control Daemon (PCD), an open source process manager for embedded Linux platforms. PCD aims to improve over traditional shell script-based startup by allowing deterministic, parallel startup and recovery actions for processes. It provides a centralized way to define and manage processes and their dependencies. Key features include event-driven startup, crash handling and logging, and a process API. PCD has modest resource needs and supports various architectures. It has benefited products by improving startup time, robustness, and debug capabilities.
The Linux kernel is undergoing the most fundamental architecture evolution in history and is becoming a microkernel. Why is the Linux kernel evolving into a microkernel? The potentially biggest fundamental change ever happening to the Linux kernel. This talk covers how companies like Facebook and Google use BPF to patch 0-day exploits, how BPF will change the way features are added to the kernel forever, and how BPF is introducing a new type of application deployment method for the Linux kernel.
Unmanned Aerial Vehicles can be automated using Metasploit to fingerprint clients, scan for servers, and exploit vulnerabilities. Metasploit provides built-in modules to automate scanning networks using tools like Nmap and Nexpose. Exploits and payloads can then be automatically run on vulnerable servers and clients. Post-exploitation activities can also be automated using Meterpreter scripts and plugins to perform tasks like privilege escalation, packet capture, and maintaining persistence.
This document discusses post-mortem debugging in embedded Linux systems. Post-mortem debugging involves analyzing system state data collected after a crash to investigate the cause. Key data includes RAM regions, CPU states, and peripheral states. Challenges include retrieving this data without modifying critical state information and analyzing it using tools that understand the OS and CPU architecture. Example tools discussed are Lauterbach TRACE32 and Red Hat Crash, which can analyze kernel crashes, IPC issues, deadlocks, and watchdog errors.
Similar to SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits (20)
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Project Management Semester Long Project - Acuityjpupo2018
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
2. Abstract
● Input validation flaws exploit can be automatically generated, through it’s hard and
rare
● Less understood are the implications of other bug-related informations(CVE infos,
etc.), and such information can facilitate exploit generation
● They present a tool called SemFuzz that can leverage vulnerability-related text to
guide automatic generation of POC exploits
○ Target: Linux kernel with CVE report and git log
○ Including UAF, Memory corruption, information leak, etc
● 18/122 Succeed, 1 0-day and 1 undisclosed vulnerability
4. Vulnerability Life Cycle
● System updates are often slow
● Miscreants are often given a large time frame (30
days on average), during which they can leverage
the information exposed by public patches to
recover hidden bugs
● Less understood, however, are the implications of
other information
○ CVE, git log, bug description posted on forums and blogs
● Whether such information can also be leveraged
for automatic construction of complicated
exploits?
5. Challenges in AEG
● Attack on input-validation flaws
○ Symbolic execution
○ Constraint solving are known to be difficult
■ Non-linear, incomplete constraints
● Other types of vulnerabilities are more complicated,
cannot be patched by a patch
○ Even a whole chunk of code need to be replaced
9. Semantic Information Retrieving
● Natural Language Processing
○ Part-of-Speech(POS) Tagging, Phrase Parsing and Syntactic Parsing
● Generating parse tree
○ Represent the syntactic structure of a sentence according to a Context-Free Grammar(CoFG)
S: Sentence, NP: none phrase, VP: verb phrase, JJ: adj., NN: noun.
“the whole skb len is dangerous”
10. Semantic Information Retrieving
● Affected Version: Regular expression
● Vulnerability Type: Match Candidate Types List
● Vulnerable Functions: Code Diff
● Critical Variables: Match Symbol Table
● System Call:
○ 2 types, prepare environment or trigger the bug
○ Sometimes no syscall in bug description
11. Syscall
● Build a knowledge base
○ LPM
● Correlate the keywords
to domain-speci€c
concepts
○ e.g. Link MSG MORE to
the flags parameter of the
sendto system call
● Selects the system call
that can cover the most
keywords
12. Semantics-Guided Fuzzing
● Environment Setup
○ Syzkaller based Framwork
● Generating the seed input
● Coarse mutation
○ Find a system call sequence
● Fire-Grained mutation
○ Mutation on variable
○ Monitor “critical variables”
● Trigger the vulnerability
KCOV: kernel code coverage API
Parameter Monitor: observe param of kf instead of critical variables, with C/DFA
Out-Box Loader: capture abnormal events, KASAN, UBSAN, etc.
13. Seed Input
● First, put all retrieved syscall together
○ incomplete seed input
○ fill all parameters, including structures (learn from LPM)
○ socket, sendto need syscall bind
● Second, correlates other system calls with the retrieved ones
14. Coarse-level Mutation
● Mutate input and check distance between
vulnerable function and trace
○ shortest path
○ new seed input
● Construct a reverse call graph
○ Backward reachability analysis
○ Modify GCC to collect call info
15. Fine-grained Mutation
● Mutate the values of system call parameters
● Only observes the function parameters that the critical variables depend on
○ DFA, CFA
● Measure the input quality using the distance between BBL
e: entry bbl
p: patch bbl
b: current bbl
17. Effectiveness
● Environment
○ x86/x86_64 Linux kernel from 4.0 to 4.11
○ KCOV ported to version before 4.6
○ KASAN & UBSAN enabled
○ Vulnerabilties require specific devices are filtered out
○ Time limit: 48 hour
● Generate PoC exploits for 18(16%) CVEs
○ 5 of 18 have been studied, other without trigger
● For the rest 94
○ 49% lead to vulnerable function
○ 20% lead to patched block
18. Performance
● Faster than Syzkaller
○ 13.2h VS 33.9h
○ 18 VS 7 (trigger vulnerabilities)
● Conner Cases
○ Specific condition
○ Race Condition
19. Findings
● More vulnerable functions decrease the possibility to generate a vulnerability
○ So do the Critical Variables
● More precise info works well
● Unknown Vulnerabilities
○ 0day: CVE-2017-6347
○ Undisclosed vulnerability
20. Cases
● 0day: CVE-2017-6347
○ In the fuzzing process of CVE-2016-4794
■ a UAF vulnerability in the Berkeley Packet Filter
(bpf) subsystem
○ Same syscall sequence with different params
● Undisclosed vulnerability
○ In the fuzzing process of CVE-2016-3841
■ a UAF vulnerability in the networking subsystem
○ 18 vulnerable functions/patches
○ triggered in another protocol