SlideShare a Scribd company logo

Star bed 2018.07.19

Ruo Ando
Ruo Ando

This document discusses several topics related to threads, memory allocation, and software vulnerabilities: 1) It mentions master threads, worker threads, and synchronization primitives like spin locks and conditional variables that are used for communication between threads. 2) It discusses issues like user-after-free vulnerabilities that can occur if memory is freed and reallocated without proper synchronization between threads. 3) It provides an example of how reallocating memory could potentially cause problems if the memory address changes or if too many reallocations exhaust available memory. Precautions are needed to avoid security issues or denial of service attacks in multithreaded programs.

1 of 4
Download to read offline
Master Thread Worker Thread Flex / Bison A enqueue write pointer *.c *.cpp *.h BC Spin lock and conditional variables dequeue read pointer SPINLOCK pthread_cond_wait / pthread_cond_signal
User-after-free (aka heap spray) : CVE-2013-4371 Xen hypervisor http://blog.tempest.com.br/breno-cunha/perspectives-on-exploit-development-and-cyber- attacks.html create() free() realloc() use() Jump to payload on heap ROP + Shellcode int *tmp = (int*)realloc(k,(N+1)*sizeof(int)); if( tmp!=NULL ){ k = tmp; puts("________realloc(k)_________"); for(i=0; i<N+1; i++){ printf("&k[%d]:%p , k[%d]=%d¥n",i,&k[i],i,k[i]); } } realloc() allocates new area if realloc() fails to expand the pointer of first argument. Consequently, the string is saved but the address is changed. If too many realloc() is invoked, DoS is enabled by adversary and an arbitrary malicious string can be executed. void* realloc (void* ptr, size_t size);
version search depth EMPTY (LEAF) EDGE version search depth EMPTY (LEAF) EDGE xen440 1 1 15xen433 1 1 7 xen440 2 6 62xen433 2 5 36 xen440 3 68 876xen433 3 74 998 xen412 1 0 8xen453 1 1 15 xen412 2 1 17xen453 2 6 65 xen412 3 10 119xen453 3 11 208 xen414 1 0 8xen432 1 1 7 xen414 2 1 17xen432 2 5 36 xen414 3 10 119xen432 3 88 1223 xen410 2 1 17xen450 1 1 15 xen410 3 10 122xen450 2 6 65 xen441 1 1 15xen450 3 11 203 xen441 2 6 62xen451 1 1 15 xen441 3 83 1068xen451 2 6 65 xen415 1 0 8xen451 3 10 201 xen415 2 1 17xen434 1 1 7 xen415 3 10 119xen434 2 5 36 xen422 1 0 8xen434 3 81 1043 xen422 2 3 36xen455 1 1 15 xen422 3 87 1525xen455 2 6 65 xen424 1 0 8xen455 3 12 217 xen424 2 3 36xen430 1 1 7 xen424 3 80 1476xen430 2 5 36 xen413 1 0 8xen430 3 62 761 xen413 2 1 17xen442 1 1 15 xen413 3 10 119xen442 2 6 62 xen425 1 0 8xen442 3 68 876 xen440 : libxl_list_cpupool : 3 : 68 : 876 psycopg2.Operational Error: FATAL: sorry, too many clients already FATAL: sorry, too many clients already xen440 : libxl_list_cpupool : 4 : 297 : 4811 xen414 : libxl_list_cpupool : 3 : 10 : 119 xen414 : libxl_list_cpupool : 4 : 10 : 123 xen414 : libxl_list_cpupool : 5 : 10 : 127 LIMITATION: Upper bound of PostgreSQL: search depth > 4 (path explotion)

Recommended

Rop and it's friends
Rop and it's friendsRop and it's friends
Rop and it's friends
nuc13us
 
Sensu wrapper-sensu-summit
Sensu wrapper-sensu-summitSensu wrapper-sensu-summit
Sensu wrapper-sensu-summit
Lee Briggs
 
Debugging JavaScript with Chrome
Debugging JavaScript with ChromeDebugging JavaScript with Chrome
Debugging JavaScript with Chrome
Igor Zalutsky
 
Backpressure? Resistance is not futile. RxJS Live 2019
Backpressure? Resistance is not futile. RxJS Live 2019Backpressure? Resistance is not futile. RxJS Live 2019
Backpressure? Resistance is not futile. RxJS Live 2019
Jay Phelps
 
Sge
SgeSge
Sge
Chris Roeder
 
I love Automation
I love AutomationI love Automation
I love Automation
Takayuki Miyauchi
 
Ee
EeEe
Ee
Syeda Muskaan
 
Boulder Ruby Statsd
Boulder Ruby StatsdBoulder Ruby Statsd
Boulder Ruby Statsd
Mark Morris
 

Recommended

Rop and it's friends
Rop and it's friendsRop and it's friends
Rop and it's friends
nuc13us
 
Sensu wrapper-sensu-summit
Sensu wrapper-sensu-summitSensu wrapper-sensu-summit
Sensu wrapper-sensu-summit
Lee Briggs
 
Debugging JavaScript with Chrome
Debugging JavaScript with ChromeDebugging JavaScript with Chrome
Debugging JavaScript with Chrome
Igor Zalutsky
 
Backpressure? Resistance is not futile. RxJS Live 2019
Backpressure? Resistance is not futile. RxJS Live 2019Backpressure? Resistance is not futile. RxJS Live 2019
Backpressure? Resistance is not futile. RxJS Live 2019
Jay Phelps
 
Sge
SgeSge
Sge
Chris Roeder
 
I love Automation
I love AutomationI love Automation
I love Automation
Takayuki Miyauchi
 
Ee
EeEe
Ee
Syeda Muskaan
 
Boulder Ruby Statsd
Boulder Ruby StatsdBoulder Ruby Statsd
Boulder Ruby Statsd
Mark Morris
 
Spark Jobserver
Spark JobserverSpark Jobserver
Spark Jobserver
Yegor Andreenko
 
Simpatía
SimpatíaSimpatía
Simpatía
eliacosta2010
 
Scheduling torque-maui-tutorial
Scheduling torque-maui-tutorialScheduling torque-maui-tutorial
Scheduling torque-maui-tutorial
Santosh Kumar
 
RingoJS
RingoJSRingoJS
RingoJS
Oleg Podsechin
 
Data structure programs in c++
Data structure programs in c++Data structure programs in c++
Data structure programs in c++
mmirfan
 
人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js
人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js
人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js
KatsuyaENDOH
 
Understanding the nodejs event loop
Understanding the nodejs event loopUnderstanding the nodejs event loop
Understanding the nodejs event loop
Saurabh Kumar
 
Linux works
Linux worksLinux works
Linux works
Shivaraj RH
 
TestR: generating unit tests for R internals
TestR: generating unit tests for R internalsTestR: generating unit tests for R internals
TestR: generating unit tests for R internals
Roman Tsegelskyi
 
Coordination of Distributed Software with Redis
Coordination of Distributed Software with RedisCoordination of Distributed Software with Redis
Coordination of Distributed Software with Redis
Konrad Bucheli
 
marko_go_in_badoo
marko_go_in_badoomarko_go_in_badoo
marko_go_in_badoo
Marko Kevac
 
Tips on how to improve the performance of your custom modules for high volume...
Tips on how to improve the performance of your custom modules for high volume...Tips on how to improve the performance of your custom modules for high volume...
Tips on how to improve the performance of your custom modules for high volume...
Odoo
 
clara-rules
clara-rulesclara-rules
clara-rules
Ikuru Kanuma
 
Parallel Computing with R
Parallel Computing with RParallel Computing with R
Parallel Computing with R
Peter Solymos
 
Why Redux-Observable?
Why Redux-Observable?Why Redux-Observable?
Why Redux-Observable?
Anna Su
 
Arp
ArpArp
Arp
Ebsil Sherly
 
Gearinfive
GearinfiveGearinfive
Gearinfive
bpmedley
 
XPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, Citrix
XPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, CitrixXPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, Citrix
XPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, Citrix
The Linux Foundation
 
Async programming on NET
Async programming on NETAsync programming on NET
Async programming on NET
yuyijq
 
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...
Jarek Potiuk
 
Automated reduction of attack surface using call graph enumeration
Automated reduction of attack surface using call graph enumerationAutomated reduction of attack surface using call graph enumeration
Automated reduction of attack surface using call graph enumeration
Ruo Ando
 
Crash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenCrash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_Tizen
Lex Yu
 

More Related Content

What's hot

Spark Jobserver
Spark JobserverSpark Jobserver
Spark Jobserver
Yegor Andreenko
 
Simpatía
SimpatíaSimpatía
Simpatía
eliacosta2010
 
Scheduling torque-maui-tutorial
Scheduling torque-maui-tutorialScheduling torque-maui-tutorial
Scheduling torque-maui-tutorial
Santosh Kumar
 
RingoJS
RingoJSRingoJS
RingoJS
Oleg Podsechin
 
Data structure programs in c++
Data structure programs in c++Data structure programs in c++
Data structure programs in c++
mmirfan
 
人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js
人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js
人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js
KatsuyaENDOH
 
Understanding the nodejs event loop
Understanding the nodejs event loopUnderstanding the nodejs event loop
Understanding the nodejs event loop
Saurabh Kumar
 
Linux works
Linux worksLinux works
Linux works
Shivaraj RH
 
TestR: generating unit tests for R internals
TestR: generating unit tests for R internalsTestR: generating unit tests for R internals
TestR: generating unit tests for R internals
Roman Tsegelskyi
 
Coordination of Distributed Software with Redis
Coordination of Distributed Software with RedisCoordination of Distributed Software with Redis
Coordination of Distributed Software with Redis
Konrad Bucheli
 
marko_go_in_badoo
marko_go_in_badoomarko_go_in_badoo
marko_go_in_badoo
Marko Kevac
 
Tips on how to improve the performance of your custom modules for high volume...
Tips on how to improve the performance of your custom modules for high volume...Tips on how to improve the performance of your custom modules for high volume...
Tips on how to improve the performance of your custom modules for high volume...
Odoo
 
clara-rules
clara-rulesclara-rules
clara-rules
Ikuru Kanuma
 
Parallel Computing with R
Parallel Computing with RParallel Computing with R
Parallel Computing with R
Peter Solymos
 
Why Redux-Observable?
Why Redux-Observable?Why Redux-Observable?
Why Redux-Observable?
Anna Su
 
Arp
ArpArp
Arp
Ebsil Sherly
 
Gearinfive
GearinfiveGearinfive
Gearinfive
bpmedley
 
XPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, Citrix
XPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, CitrixXPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, Citrix
XPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, Citrix
The Linux Foundation
 
Async programming on NET
Async programming on NETAsync programming on NET
Async programming on NET
yuyijq
 
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...
Jarek Potiuk
 

What's hot (20)

Spark Jobserver
Spark JobserverSpark Jobserver
Spark Jobserver
 
Simpatía
SimpatíaSimpatía
Simpatía
 
Scheduling torque-maui-tutorial
Scheduling torque-maui-tutorialScheduling torque-maui-tutorial
Scheduling torque-maui-tutorial
 
RingoJS
RingoJSRingoJS
RingoJS
 
Data structure programs in c++
Data structure programs in c++Data structure programs in c++
Data structure programs in c++
 
人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js
人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js
人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js
 
Understanding the nodejs event loop
Understanding the nodejs event loopUnderstanding the nodejs event loop
Understanding the nodejs event loop
 
Linux works
Linux worksLinux works
Linux works
 
TestR: generating unit tests for R internals
TestR: generating unit tests for R internalsTestR: generating unit tests for R internals
TestR: generating unit tests for R internals
 
Coordination of Distributed Software with Redis
Coordination of Distributed Software with RedisCoordination of Distributed Software with Redis
Coordination of Distributed Software with Redis
 
marko_go_in_badoo
marko_go_in_badoomarko_go_in_badoo
marko_go_in_badoo
 
Tips on how to improve the performance of your custom modules for high volume...
Tips on how to improve the performance of your custom modules for high volume...Tips on how to improve the performance of your custom modules for high volume...
Tips on how to improve the performance of your custom modules for high volume...
 
clara-rules
clara-rulesclara-rules
clara-rules
 
Parallel Computing with R
Parallel Computing with RParallel Computing with R
Parallel Computing with R
 
Why Redux-Observable?
Why Redux-Observable?Why Redux-Observable?
Why Redux-Observable?
 
Arp
ArpArp
Arp
 
Gearinfive
GearinfiveGearinfive
Gearinfive
 
XPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, Citrix
XPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, CitrixXPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, Citrix
XPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, Citrix
 
Async programming on NET
Async programming on NETAsync programming on NET
Async programming on NET
 
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...
 

Similar to Star bed 2018.07.19

Automated reduction of attack surface using call graph enumeration
Automated reduction of attack surface using call graph enumerationAutomated reduction of attack surface using call graph enumeration
Automated reduction of attack surface using call graph enumeration
Ruo Ando
 
Crash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenCrash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_Tizen
Lex Yu
 
Windbg랑 친해지기
Windbg랑 친해지기Windbg랑 친해지기
Windbg랑 친해지기
Ji Hun Kim
 
Nodejs性能分析优化和分布式设计探讨
Nodejs性能分析优化和分布式设计探讨Nodejs性能分析优化和分布式设计探讨
Nodejs性能分析优化和分布式设计探讨
flyinweb
 
Davide Berardi - Linux hardening and security measures against Memory corruption
Davide Berardi - Linux hardening and security measures against Memory corruptionDavide Berardi - Linux hardening and security measures against Memory corruption
Davide Berardi - Linux hardening and security measures against Memory corruption
linuxlab_conf
 
FØCAL Boston AiR - Computer Vision Tracing and Hardware Simulation
FØCAL Boston AiR - Computer Vision Tracing and Hardware SimulationFØCAL Boston AiR - Computer Vision Tracing and Hardware Simulation
FØCAL Boston AiR - Computer Vision Tracing and Hardware Simulation
FØCAL
 
OpenWorld 2018 - Common Application Developer Disasters
OpenWorld 2018 - Common Application Developer DisastersOpenWorld 2018 - Common Application Developer Disasters
OpenWorld 2018 - Common Application Developer Disasters
Connor McDonald
 
04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)
Alexandre Moneger
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Plugins
amiable_indian
 
glance replicator
glance replicatorglance replicator
glance replicator
irix_jp
 
RSROC 2015 - AutoHotKey
RSROC 2015 - AutoHotKeyRSROC 2015 - AutoHotKey
RSROC 2015 - AutoHotKey
I-Ta Tsai
 
ISCA Final Presentaiton - Compilations
ISCA Final Presentaiton - CompilationsISCA Final Presentaiton - Compilations
ISCA Final Presentaiton - Compilations
HSA Foundation
 
Osol Pgsql
Osol PgsqlOsol Pgsql
Osol Pgsql
Emanuel Calvo
 
re:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at Netflixre:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at Netflix
Brendan Gregg
 
Jvm operation casual talks
Jvm operation casual talksJvm operation casual talks
Jvm operation casual talks
Yusaku Watanabe
 
Linux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene PirogovLinux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene Pirogov
Pivorak MeetUp
 
OpenStack API's and WSGI
OpenStack API's and WSGIOpenStack API's and WSGI
OpenStack API's and WSGI
Mike Pittaro
 
Checking the Cross-Platform Framework Cocos2d-x
Checking the Cross-Platform Framework Cocos2d-xChecking the Cross-Platform Framework Cocos2d-x
Checking the Cross-Platform Framework Cocos2d-x
Andrey Karpov
 
Adding replication protocol support for psycopg2
Adding replication protocol support for psycopg2Adding replication protocol support for psycopg2
Adding replication protocol support for psycopg2
Alexander Shulgin
 
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoringOSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
NETWAYS
 

Similar to Star bed 2018.07.19 (20)

Automated reduction of attack surface using call graph enumeration
Automated reduction of attack surface using call graph enumerationAutomated reduction of attack surface using call graph enumeration
Automated reduction of attack surface using call graph enumeration
 
Crash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenCrash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_Tizen
 
Windbg랑 친해지기
Windbg랑 친해지기Windbg랑 친해지기
Windbg랑 친해지기
 
Nodejs性能分析优化和分布式设计探讨
Nodejs性能分析优化和分布式设计探讨Nodejs性能分析优化和分布式设计探讨
Nodejs性能分析优化和分布式设计探讨
 
Davide Berardi - Linux hardening and security measures against Memory corruption
Davide Berardi - Linux hardening and security measures against Memory corruptionDavide Berardi - Linux hardening and security measures against Memory corruption
Davide Berardi - Linux hardening and security measures against Memory corruption
 
FØCAL Boston AiR - Computer Vision Tracing and Hardware Simulation
FØCAL Boston AiR - Computer Vision Tracing and Hardware SimulationFØCAL Boston AiR - Computer Vision Tracing and Hardware Simulation
FØCAL Boston AiR - Computer Vision Tracing and Hardware Simulation
 
OpenWorld 2018 - Common Application Developer Disasters
OpenWorld 2018 - Common Application Developer DisastersOpenWorld 2018 - Common Application Developer Disasters
OpenWorld 2018 - Common Application Developer Disasters
 
04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Plugins
 
glance replicator
glance replicatorglance replicator
glance replicator
 
RSROC 2015 - AutoHotKey
RSROC 2015 - AutoHotKeyRSROC 2015 - AutoHotKey
RSROC 2015 - AutoHotKey
 
ISCA Final Presentaiton - Compilations
ISCA Final Presentaiton - CompilationsISCA Final Presentaiton - Compilations
ISCA Final Presentaiton - Compilations
 
Osol Pgsql
Osol PgsqlOsol Pgsql
Osol Pgsql
 
re:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at Netflixre:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at Netflix
 
Jvm operation casual talks
Jvm operation casual talksJvm operation casual talks
Jvm operation casual talks
 
Linux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene PirogovLinux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene Pirogov
 
OpenStack API's and WSGI
OpenStack API's and WSGIOpenStack API's and WSGI
OpenStack API's and WSGI
 
Checking the Cross-Platform Framework Cocos2d-x
Checking the Cross-Platform Framework Cocos2d-xChecking the Cross-Platform Framework Cocos2d-x
Checking the Cross-Platform Framework Cocos2d-x
 
Adding replication protocol support for psycopg2
Adding replication protocol support for psycopg2Adding replication protocol support for psycopg2
Adding replication protocol support for psycopg2
 
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoringOSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
 

More from Ruo Ando

KISTI-NII Joint Security Workshop 2023.pdf
KISTI-NII Joint Security Workshop 2023.pdfKISTI-NII Joint Security Workshop 2023.pdf
KISTI-NII Joint Security Workshop 2023.pdf
Ruo Ando
 
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Ruo Ando
 
解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf
Ruo Ando
 
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
Ruo Ando
 
解説#83 情報エントロピー
解説#83 情報エントロピー解説#83 情報エントロピー
解説#83 情報エントロピー
Ruo Ando
 
解説#82 記号論理学
解説#82 記号論理学解説#82 記号論理学
解説#82 記号論理学
Ruo Ando
 
解説#81 ロジスティック回帰
解説#81 ロジスティック回帰解説#81 ロジスティック回帰
解説#81 ロジスティック回帰
Ruo Ando
 
解説#74 連結リスト
解説#74 連結リスト解説#74 連結リスト
解説#74 連結リスト
Ruo Ando
 
解説#76 福岡正信
解説#76 福岡正信解説#76 福岡正信
解説#76 福岡正信
Ruo Ando
 
解説#77 非加算無限
解説#77 非加算無限解説#77 非加算無限
解説#77 非加算無限
Ruo Ando
 
解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス
Ruo Ando
 
解説#78 誤差逆伝播
解説#78 誤差逆伝播解説#78 誤差逆伝播
解説#78 誤差逆伝播
Ruo Ando
 
解説#73 ハフマン符号
解説#73 ハフマン符号解説#73 ハフマン符号
解説#73 ハフマン符号
Ruo Ando
 
【技術解説20】 ミニバッチ確率的勾配降下法
【技術解説20】 ミニバッチ確率的勾配降下法【技術解説20】 ミニバッチ確率的勾配降下法
【技術解説20】 ミニバッチ確率的勾配降下法
Ruo Ando
 
【技術解説4】assertion failureとuse after-free
【技術解説4】assertion failureとuse after-free【技術解説4】assertion failureとuse after-free
【技術解説4】assertion failureとuse after-free
Ruo Ando
 
ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料 ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料
Ruo Ando
 
ファジングの解説
ファジングの解説ファジングの解説
ファジングの解説
Ruo Ando
 
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
Ruo Ando
 
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
Ruo Ando
 
Intel Trusted Computing Group 1st Workshop
Intel Trusted Computing Group 1st WorkshopIntel Trusted Computing Group 1st Workshop
Intel Trusted Computing Group 1st Workshop
Ruo Ando
 

More from Ruo Ando (20)

KISTI-NII Joint Security Workshop 2023.pdf
KISTI-NII Joint Security Workshop 2023.pdfKISTI-NII Joint Security Workshop 2023.pdf
KISTI-NII Joint Security Workshop 2023.pdf
 
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
 
解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf
 
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
 
解説#83 情報エントロピー
解説#83 情報エントロピー解説#83 情報エントロピー
解説#83 情報エントロピー
 
解説#82 記号論理学
解説#82 記号論理学解説#82 記号論理学
解説#82 記号論理学
 
解説#81 ロジスティック回帰
解説#81 ロジスティック回帰解説#81 ロジスティック回帰
解説#81 ロジスティック回帰
 
解説#74 連結リスト
解説#74 連結リスト解説#74 連結リスト
解説#74 連結リスト
 
解説#76 福岡正信
解説#76 福岡正信解説#76 福岡正信
解説#76 福岡正信
 
解説#77 非加算無限
解説#77 非加算無限解説#77 非加算無限
解説#77 非加算無限
 
解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス
 
解説#78 誤差逆伝播
解説#78 誤差逆伝播解説#78 誤差逆伝播
解説#78 誤差逆伝播
 
解説#73 ハフマン符号
解説#73 ハフマン符号解説#73 ハフマン符号
解説#73 ハフマン符号
 
【技術解説20】 ミニバッチ確率的勾配降下法
【技術解説20】 ミニバッチ確率的勾配降下法【技術解説20】 ミニバッチ確率的勾配降下法
【技術解説20】 ミニバッチ確率的勾配降下法
 
【技術解説4】assertion failureとuse after-free
【技術解説4】assertion failureとuse after-free【技術解説4】assertion failureとuse after-free
【技術解説4】assertion failureとuse after-free
 
ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料 ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料
 
ファジングの解説
ファジングの解説ファジングの解説
ファジングの解説
 
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
 
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
 
Intel Trusted Computing Group 1st Workshop
Intel Trusted Computing Group 1st WorkshopIntel Trusted Computing Group 1st Workshop
Intel Trusted Computing Group 1st Workshop
 

Recently uploaded

DfMAy 2024 - key insights and contributions
DfMAy 2024 - key insights and contributionsDfMAy 2024 - key insights and contributions
DfMAy 2024 - key insights and contributions
gestioneergodomus
 
Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf
Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdfIron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf
Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf
RadiNasr
 
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...
University of Maribor
 
Literature Review Basics and Understanding Reference Management.pptx
Literature Review Basics and Understanding Reference Management.pptxLiterature Review Basics and Understanding Reference Management.pptx
Literature Review Basics and Understanding Reference Management.pptx
Dr Ramhari Poudyal
 
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
IJECEIAES
 
132/33KV substation case study Presentation
132/33KV substation case study Presentation132/33KV substation case study Presentation
132/33KV substation case study Presentation
kandramariana6
 
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsKuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
Victor Morales
 
ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024
Rahul
 
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part IIIRecycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
Aditya Rajan Patra
 
2. Operations Strategy in a Global Environment.ppt
2. Operations Strategy in a Global Environment.ppt2. Operations Strategy in a Global Environment.ppt
2. Operations Strategy in a Global Environment.ppt
PuktoonEngr
 
Question paper of renewable energy sources
Question paper of renewable energy sourcesQuestion paper of renewable energy sources
Question paper of renewable energy sources
mahammadsalmanmech
 
International Conference on NLP, Artificial Intelligence, Machine Learning an...
International Conference on NLP, Artificial Intelligence, Machine Learning an...International Conference on NLP, Artificial Intelligence, Machine Learning an...
International Conference on NLP, Artificial Intelligence, Machine Learning an...
gerogepatton
 
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
ihlasbinance2003
 
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
insn4465
 
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdfBPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
MIGUELANGEL966976
 
6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)
ClaraZara1
 
Manufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptxManufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptx
Madan Karki
 
14 Template Contractual Notice - EOT Application
14 Template Contractual Notice - EOT Application14 Template Contractual Notice - EOT Application
14 Template Contractual Notice - EOT Application
SyedAbiiAzazi1
 
PPT on GRP pipes manufacturing and testing
PPT on GRP pipes manufacturing and testingPPT on GRP pipes manufacturing and testing
PPT on GRP pipes manufacturing and testing
anoopmanoharan2
 
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
Mukeshwaran Balu
 

Recently uploaded (20)

DfMAy 2024 - key insights and contributions
DfMAy 2024 - key insights and contributionsDfMAy 2024 - key insights and contributions
DfMAy 2024 - key insights and contributions
 
Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf
Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdfIron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf
Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf
 
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...
 
Literature Review Basics and Understanding Reference Management.pptx
Literature Review Basics and Understanding Reference Management.pptxLiterature Review Basics and Understanding Reference Management.pptx
Literature Review Basics and Understanding Reference Management.pptx
 
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
 
132/33KV substation case study Presentation
132/33KV substation case study Presentation132/33KV substation case study Presentation
132/33KV substation case study Presentation
 
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsKuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
 
ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024
 
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part IIIRecycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
 
2. Operations Strategy in a Global Environment.ppt
2. Operations Strategy in a Global Environment.ppt2. Operations Strategy in a Global Environment.ppt
2. Operations Strategy in a Global Environment.ppt
 
Question paper of renewable energy sources
Question paper of renewable energy sourcesQuestion paper of renewable energy sources
Question paper of renewable energy sources
 
International Conference on NLP, Artificial Intelligence, Machine Learning an...
International Conference on NLP, Artificial Intelligence, Machine Learning an...International Conference on NLP, Artificial Intelligence, Machine Learning an...
International Conference on NLP, Artificial Intelligence, Machine Learning an...
 
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
 
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
 
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdfBPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
BPV-GUI-01-Guide-for-ASME-Review-Teams-(General)-10-10-2023.pdf
 
6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)
 
Manufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptxManufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptx
 
14 Template Contractual Notice - EOT Application
14 Template Contractual Notice - EOT Application14 Template Contractual Notice - EOT Application
14 Template Contractual Notice - EOT Application
 
PPT on GRP pipes manufacturing and testing
PPT on GRP pipes manufacturing and testingPPT on GRP pipes manufacturing and testing
PPT on GRP pipes manufacturing and testing
 
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
 

Star bed 2018.07.19

  • 1. Master Thread Worker Thread Flex / Bison A enqueue write pointer *.c *.cpp *.h BC Spin lock and conditional variables dequeue read pointer SPINLOCK pthread_cond_wait / pthread_cond_signal
  • 2.
  • 3. User-after-free (aka heap spray) : CVE-2013-4371 Xen hypervisor http://blog.tempest.com.br/breno-cunha/perspectives-on-exploit-development-and-cyber- attacks.html create() free() realloc() use() Jump to payload on heap ROP + Shellcode int *tmp = (int*)realloc(k,(N+1)*sizeof(int)); if( tmp!=NULL ){ k = tmp; puts("________realloc(k)_________"); for(i=0; i<N+1; i++){ printf("&k[%d]:%p , k[%d]=%d¥n",i,&k[i],i,k[i]); } } realloc() allocates new area if realloc() fails to expand the pointer of first argument. Consequently, the string is saved but the address is changed. If too many realloc() is invoked, DoS is enabled by adversary and an arbitrary malicious string can be executed. void* realloc (void* ptr, size_t size);
  • 4. version search depth EMPTY (LEAF) EDGE version search depth EMPTY (LEAF) EDGE xen440 1 1 15xen433 1 1 7 xen440 2 6 62xen433 2 5 36 xen440 3 68 876xen433 3 74 998 xen412 1 0 8xen453 1 1 15 xen412 2 1 17xen453 2 6 65 xen412 3 10 119xen453 3 11 208 xen414 1 0 8xen432 1 1 7 xen414 2 1 17xen432 2 5 36 xen414 3 10 119xen432 3 88 1223 xen410 2 1 17xen450 1 1 15 xen410 3 10 122xen450 2 6 65 xen441 1 1 15xen450 3 11 203 xen441 2 6 62xen451 1 1 15 xen441 3 83 1068xen451 2 6 65 xen415 1 0 8xen451 3 10 201 xen415 2 1 17xen434 1 1 7 xen415 3 10 119xen434 2 5 36 xen422 1 0 8xen434 3 81 1043 xen422 2 3 36xen455 1 1 15 xen422 3 87 1525xen455 2 6 65 xen424 1 0 8xen455 3 12 217 xen424 2 3 36xen430 1 1 7 xen424 3 80 1476xen430 2 5 36 xen413 1 0 8xen430 3 62 761 xen413 2 1 17xen442 1 1 15 xen413 3 10 119xen442 2 6 62 xen425 1 0 8xen442 3 68 876 xen440 : libxl_list_cpupool : 3 : 68 : 876 psycopg2.Operational Error: FATAL: sorry, too many clients already FATAL: sorry, too many clients already xen440 : libxl_list_cpupool : 4 : 297 : 4811 xen414 : libxl_list_cpupool : 3 : 10 : 119 xen414 : libxl_list_cpupool : 4 : 10 : 123 xen414 : libxl_list_cpupool : 5 : 10 : 127 LIMITATION: Upper bound of PostgreSQL: search depth > 4 (path explotion)