core war
play

Core War Virtual Machines, Viruses, and Defense Against the Dark - PowerPoint PPT Presentation

Core War Virtual Machines, Viruses, and Defense Against the Dark Arts Philip W. L. Fong pwlfong@cs.uregina.ca Department of Computer Science University of Regina Regina, Saskatchewan, Canada S4S 0A2 Overview 1. Core War The Game 2.


  1. Core War Virtual Machines, Viruses, and Defense Against the Dark Arts Philip W. L. Fong pwlfong@cs.uregina.ca Department of Computer Science University of Regina Regina, Saskatchewan, Canada S4S 0A2

  2. Overview 1. Core War – The Game 2. Malicious Code 3. Java Virtual Machine 4. My research Core War – p.1/34

  3. Core War Author : A. K. Dewdney (1984) Objective : Players launch virus programs that attempt to terminate each other. The Core : Virtual machine architecture on which viruses execute. Redcode : Assembly language for programming viruses MARS (Memory Array Redcode Simulator) : Software simulator for the virtual machine. Core War – p.2/34

  4. The Core A memory array of 8000 cells. Every cell holds an integer representing either an instruction or random data. 0 - 1 - . . . . . . 7998 - 7999 - Array is circular: address 8000 = address 0 Core War – p.3/34

  5. The Rules Competing viruses are loaded at random locations. Viruses are executed in turns, one instruction at a time. The first program to execute an illegal instruction loses. Goal: Overwrite opponent with illegal instructions. Core War – p.4/34

  6. Redcode Example: MOV 2 -1 Meaning: opcode source destination MOV 2 -1 Move the content 2 cells ahead to the location 1 cell behind. Core War – p.5/34

  7. Redcode Effect: . . . . . . 1373 - 1374 MOV 2 -1 1375 - 1376 DAT 99 . . . . . . Core War – p.6/34

  8. Redcode Effect: . . . . . . 1373 DAT 99 1374 MOV 2 -1 1375 - 1376 DAT 99 . . . . . . Core War – p.7/34

  9. Self-Destruct Here is a short Redcode program that self-destructs: . . . MOV #0 1 Immediate addressing → - . . . Core War – p.8/34

  10. Self-Destruct Here is a short Redcode program that self-destructs: . . . MOV #0 1 Move number 0. → DAT 0 . . . Core War – p.9/34

  11. Self-Destruct Here is a short Redcode program that self-destructs: . . . MOV #0 1 DAT 0 Illegal instruction! → . . . Core War – p.10/34

  12. Self-Destruct Here is a short Redcode program that self-destructs: . . . MOV #0 1 DAT 0 Execution terminated! → . . . Core War – p.11/34

  13. Imp A self-replicating program: . . . MOV 0 1 → - - - . . . Core War – p.12/34

  14. Imp A self-replicating program: . . . MOV 0 1 Copy itself to next address → MOV 0 1 - - . . . Core War – p.13/34

  15. Imp A self-replicating program: . . . MOV 0 1 MOV 0 1 → - - . . . Core War – p.14/34

  16. Imp A self-replicating program: . . . MOV 0 1 MOV 0 1 Copy again. → MOV 0 1 - . . . Core War – p.15/34

  17. Imp A self-replicating program: . . . MOV 0 1 MOV 0 1 MOV 0 1 Copy . . . → - . . . Core War – p.16/34

  18. Imp A self-replicating program: . . . MOV 0 1 MOV 0 1 MOV 0 1 MOV 0 1 Copy . . . → . . . Core War – p.17/34

  19. Imp A self-replicating program: . . . MOV 0 1 MOV 0 1 MOV 0 1 MOV 0 1 . . . → Sweeping through the core. Overwriting opponent with itself, thereby forcing a tie. Core War – p.18/34

  20. Dwarf A bombing program: 0 DAT -1 Counter. 1 ADD #5 -1 → 2 MOV #0 @-2 3 JMP -2 Core War – p.19/34

  21. Dwarf A bombing program: 0 DAT 4 Counter. 1 ADD #5 -1 Increment counter by 5. → 2 MOV #0 @-2 3 JMP -2 Core War – p.20/34

  22. Dwarf A bombing program: 0 DAT 4 Counter. 1 ADD #5 -1 Increment counter by 5. 2 MOV #0 @-2 Bomb address 4. → 3 JMP -2 Core War – p.21/34

  23. Dwarf A bombing program: 0 DAT 4 Counter. 1 ADD #5 -1 Increment counter by 5. 2 MOV #0 @-2 Bomb address 4. 3 JMP -2 Loop. → Core War – p.22/34

  24. Dwarf A bombing program: 0 DAT 9 Counter. 1 ADD #5 -1 Increment counter by 5. 2 MOV #0 @-2 Bomb address 9. → 3 JMP -2 Loop. Core War – p.23/34

  25. Dwarf A bombing program: 0 DAT 14 Counter. 1 ADD #5 -1 Increment counter by 5. 2 MOV #0 @-2 Bomb address 14. → 3 JMP -2 Loop. Core War – p.24/34

  26. Dwarf A bombing program: 0 DAT 14 Counter. 1 ADD #5 -1 Increment counter by 5. 2 MOV #0 @-2 Bomb address 14. → 3 JMP -2 Loop. Systematically bombing: 4, 9, 14, 19, 24, 29, . . . . Effectively terminating opponent. Core War – p.25/34

  27. MARS A MARS is a simulator for the Core virtual machine. Most popular one is pMARS (portable MARS). Freely available from the internet. Core War – p.26/34

  28. Malicious Code Easy Cases: What if applications run wild like Redcode programs? Multiprogramming Operating Systems (e.g., UNIX, WinXP) How do you know the programs you download from the internet behave in a benign way? Virus scanners Core War – p.27/34

  29. Malicious Code Hard Cases: Mobile code: embedding programs in transactions! Plug-ins: what if your left hand does not trust your right hand? One promising solution approach . . . Core War – p.28/34

  30. Language-based Security Use a safe language for software distribution. Then use programming language technologies to enforce security. Example: Java Virtual Machine (JVM) Core War – p.29/34

  31. Protection Mechanisms in JVM Virtual machine Bytecode runs in a sandbox. Just like a MARS. Strongly typed Writing to arbitrary address is forbidden. Sorry, Dwarfs not welcome. Constrained control-flow Bytecode never runs wild. Sorry, Imps not welcome. Core War – p.30/34

  32. Protection Mechanisms in JVM Safe dynamic linking No type spoofing. No impersonation (or identity crisis) allowed. Security manager Complete mediation. No unauthorized access. Core War – p.31/34

  33. What I do for a living Language-based security research Pluggable Verification Modules Aegis VM (http://aegisvm.sourceforge.net) Type system for access control Mathematical theory of security policies Core War – p.32/34

  34. Where to go from here . . . http://www.cs.uregina.ca/˜pwlfong/Projects/AnnualComputerCamps Core War – p.33/34

  35. Thank You Core War – p.34/34

Recommend


More recommend