Abstract Self Modifying Machines Hubert Godfroy joint work with - PowerPoint PPT Presentation

Abstract Self Modifying Machines Hubert Godfroy joint work with Jean-Yves Marion Loria Nancy October 14, 2014 1/32

Plan Introduction Framework Applications 2/32

Plan Introduction Framework Applications 3/32

Program? Data? ◮ A program is something which can be executed. ◮ A data is something which can be read and write 4/32

Program? Data? ◮ A program is something which can be executed. ◮ A data is something which can be read and write ◮ In most langages, programs are distinct from data. ◮ Example : C, JAVA, OCaml 4/32

Program? Data? ◮ A program is something which can be executed. ◮ A data is something which can be read and write ◮ In most langages, programs are distinct from data. ◮ Example : C, JAVA, OCaml ◮ There is exceptions... ◮ Programs with exec function have self-modifying behaviors ◮ Example : Python 4/32

Program? Data? ◮ A program is something which can be executed. ◮ A data is something which can be read and write ◮ In most langages, programs are distinct from data. ◮ Example : C, JAVA, OCaml ◮ There is exceptions... ◮ Programs with exec function have self-modifying behaviors ◮ Example : Python Low level case: nothing is forbidden! ◮ Programs and data are totally indistinguishable ◮ They belong to the same space (memory) 4/32

Example PoïPoï 1 move 10 2 2 jz � 10 � 6 move ( 10 − � 10 � ) ( � 10 − � 10 �� ) − 42 ) 3 4 move 10 ( � 10 � − 1 ) 5 jump 2 6 jump 8 7 stop 8 ( E ( print hello world ) + 42 ) 9 ( E ( jump 7 ) + 42 ) 10 jump 1 5/32

Example PoïPoï 1 move 10 2 2 jz � 10 � 6 3 move ( 10 − � 10 � ) ( � 10 − � 10 �� ) − 42 4 move 10 ( � 10 � − 1 ) 5 jump 2 6 jump 8 7 stop ( E ( print hello world ) + 42 ) 8 9 ( E ( jump 7 ) + 42 ) 10 jump 1 5/32

Example 1 move 10 2 2 jz � 10 � 6 3 move ( 10 − � 10 � ) ( � 10 − � 10 �� ) − 42 4 move 10 ( � 10 � − 1 ) 5 jump 2 6 jump 8 7 stop ( E ( print hello world ) + 42 ) 8 9 ( E ( jump 7 ) + 42 ) 10 jump 1 5/32

Example PoïPoï 1 move 10 2 2 jz � 10 � 6 3 move ( 10 − � 10 � ) ( � 10 − � 10 �� ) − 42 4 move 10 ( � 10 � − 1 )) 5 jump 2 6 jump 8 7 stop ( E ( print hello world ) + 42 ) 8 9 ( E ( jump 7 ) + 42 ) 10 2 5/32

Example 1 move 10 2 2 jz � 10 � 6 3 move ( 10 − � 10 � ) ( � 10 − � 10 �� ) − 42 4 move 10 ( � 10 � − 1 ) 5 jump 2 6 jump 8 7 stop ( E ( print hello world ) + 42 ) 8 9 ( E ( jump 7 ) + 42 ) 10 2 5/32

Example PoïPoï 1 move 10 2 2 jz � 10 � 6 3 move ( 10 − � 10 � ) ( � 10 − � 10 �� ) − 42 4 move 10 ( � 10 � − 1 ) 5 jump 2 6 jump 8 7 stop 8 print hello world 9 ( E ( jump 7 ) + 42 ) 10 2 5/32

Example 1 move 10 2 2 jz � 10 � 6 3 move ( 10 − � 10 � ) ( � 10 − � 10 �� ) − 42 4 move 10 ( � 10 � − 1 ) 5 jump 2 6 jump 8 7 stop 8 print hello world 9 ( E ( jump 7 ) + 42 ) 10 1 5/32

Example PoïPoï 1 move 10 2 2 jz � 10 � 6 3 move ( 10 − � 10 � ) ( � 10 − � 10 �� ) − 42 4 move 10 ( � 10 � − 1 ) 5 jump 2 6 jump 8 7 stop 8 print hello world 9 jump 7 10 0 5/32

Example 1 move 10 2 2 jz � 10 � 6 3 move ( 10 − � 10 � ) ( � 10 − � 10 �� ) − 42 4 move 10 ( � 10 � − 1 ) 5 jump 2 6 jump 8 7 stop 8 print hello world 9 jump 7 10 0 5/32

Example PoïPoï 1 move 10 2 2 jz � 10 � 6 3 move ( 10 − � 10 � ) ( � 10 − � 10 �� ) − 42 4 move 10 ( � 10 � − 1 ) 5 jump 2 6 jump 8 7 stop 8 print hello world 9 jump 7 10 0 5/32

Example 1 move 10 2 2 jz � 10 � 6 3 move ( 10 − � 10 � ) ( � 10 − � 10 �� ) − 42 4 move 10 ( � 10 � − 1 ) 5 jump 2 6 jump 8 7 stop 8 print hello world 9 jump 7 10 0 5/32

Example PoïPoï 1 move 10 2 2 jz � 10 � 6 3 move ( 10 − � 10 � ) ( � 10 − � 10 �� ) − 42 4 move 10 ( � 10 � − 1 ) 5 jump 2 6 jump 8 7 stop 8 print hello world 9 jump 7 10 0 5/32

General problematics Compilation & certification ◮ From non SM programs to SM programs (obfuscation/optimisation) ◮ Certify compilation 6/32

General problematics Compilation & certification ◮ From non SM programs to SM programs (obfuscation/optimisation) ◮ Certify compilation Recover high-level semantics from low-level SM semantics ◮ Recover non SM program from SM program... ◮ ...wrt existing models of self-modification (wave semantics) 6/32

General problematics Compilation & certification ◮ From non SM programs to SM programs (obfuscation/optimisation) ◮ Certify compilation Recover high-level semantics from low-level SM semantics ◮ Recover non SM program from SM program... ◮ ...wrt existing models of self-modification (wave semantics) Program abstraction ◮ Find abstract model specifically taking about self-modification. 6/32

Plan Introduction Framework Applications 7/32

Current frameworks ◮ Turing machine ◮ RAM (Cook & Reckhow, 1973) ◮ Cellular automaton (Neumann, 1966) ◮ Blob (Jones, 2010) ◮ RASP (Elgot & Robinson, 1964) ◮ SRM (Marion, 2012) 8/32

Language ASM 2 Language over data in D , addresses in A and registers in R : ∀ r ∈ R , � r � : A → D Abstract machine ◮ Register pointer: RP ∈ R ◮ Instruction pointer: IP ∈ A ◮ Executable zone: X ∈ ℘ ( R ) r 1 d 1 1 · ... · d 1 r 5 d 5 1 · ... · d 5 n n r 2 d 2 1 · ... · d 2 r 6 d 6 1 · ... · d 6 n n r 3 d 3 1 · ... · d 3 r 7 d 7 1 · ... · d 7 n n d 4 1 · ... · d 4 d 8 1 · ... · d 8 r 4 r 8 n n X D Memory 9/32

Instruction The set of data D contains codes of the following instructions: Instruction Meaning move r, d Write the data d at the end of D [ r ] input r Write the top of the input at the end of D [ r ] pop r Pop the data on the top of D [ r ] jump a Go to the instruction at address a case r Conditional jump depending on D [ r ] exec r Control transfer to register RP = r and IP = 0 activate r Activate D [ r ] inactivate r Inactivate X [ r ] 10/32

Instruction activate r u r 1 u 1 r 4 u 4 r 2 u 2 r 5 u 5 r 3 u 3 r 6 u 6 X D = r 3 RP � RP � IP = activate r 11/32

Instruction activate r u r 1 u 1 r 4 u 4 r 2 u 2 r 5 u 5 r 3 u 3 r 6 u 6 X D = r 3 RP � RP � IP = activate r 11/32

Instruction inactivate r u r 1 u 1 r 4 u 4 r 2 u 2 r 5 u 5 r 3 u 3 r 6 u 6 X D = r 3 RP � RP � IP = inactivate r 12/32

Instruction inactivate r u r 1 u 1 r 4 u 4 r 2 u 2 r 5 u 5 r 3 u 3 r 6 u 6 X D = r 3 RP � RP � IP = inactivate r 12/32

Instruction exec r 1 u 1 r 5 u 5 r 2 u 2 r 6 u 6 r 3 u 3 r 7 u 7 r 4 u 4 r 8 u 8 X D = r 3 RP � RP � IP = exec r 13/32

Instruction exec r 1 u 1 r 5 u 5 r 2 u 2 r 6 u 6 r 3 u 3 r 7 u 7 r 4 u 4 r 8 u 8 X D = r 3 RP � RP � IP = exec r 13/32

Example: decrypting code 1 move 10 2 2 jz � 10 � 6 move ( 10 − � 10 � ) ( � 10 − � 10 �� ) − 42 3 4 move 10 ( � 10 � − 1 ) 5 jump 2 6 jump 8 7 stop 8 ( E ( print hello world ) + 42 ) 9 ( E ( jump 7 ) + 42 ) 10 jump 1 14/32

Example: decrypting code 1 move 10 2 2 jz � 10 � 6 3 move ( 10 − � 10 � ) ( � 10 − � 10 �� ) − 42 4 move 10 ( � 10 � − 1 ) 5 jump 2 6 jump 8 7 stop ( E ( print hello world ) + 42 ) 8 9 ( E ( jump 7 ) + 42 ) 10 jump 1 14/32

Cinematic a 1 inactivate r 4 a 2 move r 4 2 a 3 pop r 4 a 4 case r 4 a 5 jump a 7 a 6 jump a 11 r 1 a 7 move r 3 � r 3 | 10 − � r 4 | 10 �� − 42 a 8 pop r 3 a 9 move r 4 � r 4 | 10 � − 1 a 10 pop r 4 a 11 jump a 4 a 12 activate r 4 a 13 exec r 4 a 15 ( E ( print hello world ) + 42 ) r 3 ( E ( exec r 2 ) + 42 ) a 16 r 2 a 14 stop r 4 a 17 exec r 1 X D 15/32

Cinematic a 1 inactivate r 4 a 2 move r 4 2 a 3 pop r 4 a 4 case r 4 a 5 jump a 7 a 6 jump a 11 r 1 a 7 move r 3 � r 3 | 10 − � r 4 | 10 �� − 42 a 8 pop r 3 a 9 move r 4 � r 4 | 10 � − 1 a 10 pop r 4 a 11 jump a 4 a 12 activate r 4 a 13 exec r 4 a 15 ( E ( print hello world ) + 42 ) r 3 ( E ( exec r 2 ) + 42 ) a 16 r 2 a 14 stop r 4 a 17 exec r 1 X D 15/32

Cinematic a 1 inactivate r 4 a 2 move r 4 2 a 3 pop r 4 a 4 case r 4 a 5 jump a 7 a 6 jump a 11 r 1 a 7 move r 3 � r 3 | 10 − � r 4 | 10 �� − 42 a 8 pop r 3 a 9 move r 4 � r 4 | 10 � − 1 a 10 pop r 4 a 11 jump a 4 a 12 activate r 4 a 13 exec r 4 a 15 ( E ( print hello world ) + 42 ) r 3 ( E ( exec r 2 ) + 42 ) a 16 r 2 a 14 stop r 4 a 17 exec r 1 X D 15/32

Cinematic a 1 inactivate r 4 a 2 move r 4 2 a 3 pop r 4 a 4 case r 4 a 5 jump a 7 a 6 jump a 11 r 1 a 7 move r 3 � r 3 | 10 − � r 4 | 10 �� − 42 a 8 pop r 3 a 9 move r 4 � r 4 | 10 � − 1 a 10 pop r 4 a 11 jump a 4 a 12 activate r 4 a 13 exec r 4 a 15 print hello world r 3 a 16 exec r 2 r 2 a 14 stop r 4 a 17 0 X D 15/32

Cinematic a 1 inactivate r 4 a 2 move r 4 2 a 3 pop r 4 a 4 case r 4 a 5 jump a 7 a 6 jump a 11 r 1 a 7 move r 3 � r 3 | 10 − � r 4 | 10 �� − 42 a 8 pop r 3 a 9 move r 4 � r 4 | 10 � − 1 a 10 pop r 4 a 11 jump a 4 a 12 activate r 4 a 13 exec r 4 a 15 print hello world r 3 a 16 exec r 2 r 2 a 14 stop r 4 a 17 0 X D 15/32