sum total of isa sum total of isa knowledge knowledge
play

Sum Total of ISA Sum Total of ISA Knowledge Knowledge Analyzing - PowerPoint PPT Presentation

Mar 17, 2024 •347 likes •726 views

Sum Total of ISA Sum Total of ISA Knowledge Knowledge Analyzing Your Static Analysis Tools Analyzing Your Static Analysis Tools @alexkropivny Unsolicited Firmware Unsolicited Firmware Archeology and You Archeology and You "I bet I

  1. Sum Total of ISA Sum Total of ISA Knowledge Knowledge Analyzing Your Static Analysis Tools Analyzing Your Static Analysis Tools @alexkropivny

  2. Unsolicited Firmware Unsolicited Firmware Archeology and You Archeology and You

  4. "I bet I can hack this"

  6. References References - full work�ow example VMU hackery - long-term toolchain example Nexmon Tools to assist static portion of work�ow: angr (obfuscated interpreters?) Triton or (pure Python) miasm2 amoco (if you have source) KLEE bincat / BAP / Manticore / ...

  7. Manual Static Manual Static Analysis Analysis Automation Automation

  8. Types of Failures Types of Failures 1. False positives discovering more false positives (sev: high) 2. Underapproximations makes you re-visit code (sev: annoying) 3. Script stomped over manually-entered markup (sev: only happens once)

  9. Useful Automation Useful Automation Instruction length disassembler All control �ow e�ects Constant propagation (sometimes)

  10. Useful Automation Useful Automation Command/state machine tables (fancy switches)

  11. Lifter Problems: System Code Lifter Problems: System Code Uncommon instruction classes Once-per-boot setup features Shared memory bus: FIFOs, control �ags, DMA

  12. Lifter Problems: Abstractions Lifter Problems: Abstractions Flattening memory spaces Aliasing with registers (or other memory) Inter- vs intra-procedural analysis C memory and stack model

  13. Examples Examples

  14. Examples Examples

  15. Examples Examples

  16. Examples Examples

  17. Examples Examples

  18. Examples Examples

  19. Examples Examples

  20. Planned Work�ow Planned Work�ow

  21. QA by Concrete Execution QA by Concrete Execution

  22. Sources of Information Sources of Information Emulators! Hacker tools

  23. Emulator Architecture Emulator Architecture

  24. Emulator Architecture Emulator Architecture

  25. Fuzzing A vs B Fuzzing A vs B explore on commonly-occuring instructions bin di�erences on instruction opcodes prioritize on registers a�ected

  26. QA by Symbolic Execution QA by Symbolic Execution

  27. ii = lift.instruction_at(bv, here) # 'swap' MCS-51 instructi emu = lift.function(current_function) # 'swap_a' function on ARM s = ii.solver() emu.constrain(s) s.add(z3.And(ii['A'][0] == emu['mem'][0][0x1ef2608], ii['A'][-1] != emu['mem'][-1][0x1ef2608])) print s.check() # sat print s.model()[x['A'][0]].sexpr(), ':', print s.model()[x['A'][-1]].sexpr()

  29. x = lift.function(current_function) summary = x['Y4'][-1] != x['Y4'][0] & x['Y0'][0] s = x.solver() s.assert_and_track(summary, 'not-equivalent') print s.check() # unsat s.unsat_core() # [not-equivalent]

  31. Program Analysis is a Search Problem Program Analysis is a Search Problem Fast backtracking vs slow complex search Specialized algorithms vs generic solver Heuristics compensating for generic solver Checking results of search vs search ∃ ∀ Approximating state coverage via path coverage

  32. Work�ow and Correctness Work�ow and Correctness

  33. References References - comparison of several major lifters in F# MeanDi� - ambitious academic work Automatic Generation of Peephole Superoptimizers - equivalence checking experiments Fuzzing and Patch Analysis: SAGEly Advice - emulator comparison (would AFL do better?) Hi-Fi Tests for Lo-Fi Emulators Literature reviews to pull terminology from: A Survey of Symbolic Execution Techniques A Vocabulary of Program Slicing-Based Techniques Mechanizing Proof: Computing, Risk, and Trust for a fun historical perspective

  34. What Went Right & What Went Right & What Went Wrong What Went Wrong

  35. 1. Approximations: acceptable, but validate major assumptions 2. Partial lifting: acceptable and commonplace 3. Emulator-as-oracle: less partial, needs a map to lifted model 4. Full equivalence checking versus emulator: hampered by 2 and 3, but sometimes works

  36. Example Tools Example Tools i8051 - minimum viable processor module for 8051 STC - (WIP) attempt at generic lifter analysis tools slides ( PDF render, reveal.js with notes)

Recommend

KNOWLEDGE ACQUISITION AND CONSTRUCTION Transfer of Knowledge Knowledge acquisition is the

KNOWLEDGE ACQUISITION AND CONSTRUCTION Transfer of Knowledge Knowledge acquisition is the

KNOWLEDGE ACQUISITION AND CONSTRUCTION Transfer of Knowledge Knowledge acquisition is the process of extracting knowledge from whatever source including document, manuals, case studies, etc. Knowledge elicitation is a type of the

373 views • 26 slides
Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In

Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In

Short Pairing-based Non-interactive Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In a zero knowledge protocol a prover can convince a verifier that some statement is true without leaking any side

628 views • 14 slides
National Budget Meeting FY 2019 Total Agencies\Field Offices: 5 Total Tribes: 24

National Budget Meeting FY 2019 Total Agencies\Field Offices: 5 Total Tribes: 24

National Budget Meeting FY 2019 Total Agencies\Field Offices: 5 Total Tribes: 24 Total Reservations: 20 Total Acres: 479,015.38 Total Tribal Enrollment: 119,327 Total Programs Funded: 41 Total Employees: 225

541 views • 17 slides
Knowledge-Based Agents knowledge knowledge representation, knowledge base, types of knowledge

Knowledge-Based Agents knowledge knowledge representation, knowledge base, types of knowledge

CPE/CSC 580-S06 Artificial Intelligence Intelligent Agents Knowledge-Based Agents knowledge knowledge representation, knowledge base, types of knowledge wumpus world example of knowledge-based agents knowledge representation language

325 views • 31 slides
OUTLINE CAPITALIZATION OF COLLECTIVE KNOWLEDGE: Knowledge management and Knowledge

OUTLINE CAPITALIZATION OF COLLECTIVE KNOWLEDGE: Knowledge management and Knowledge

OUTLINE CAPITALIZATION OF COLLECTIVE KNOWLEDGE: Knowledge management and Knowledge Engineering FROM KNOWLEDGE Definitions ENGINEERING, MULTI- Process AGENTS TO CSCW AND SOCIO Knowledge Capitalization approaches Cooperative

976 views • 51 slides
Plan for today Knowledge-based systems 1 Explicit knowledge Knowledge Representation Inferred

Plan for today Knowledge-based systems 1 Explicit knowledge Knowledge Representation Inferred

Knowledge Representation Knowledge Representation Plan for today Knowledge-based systems 1 Explicit knowledge Knowledge Representation Inferred knowledge Domain-specific stuff A very brief intro Changing premises Uncertainty Jacek Malec

179 views • 13 slides
Plan for today Knowledge-based systems 1 Tacit knowledge Knowledge Representation Inferred

Plan for today Knowledge-based systems 1 Tacit knowledge Knowledge Representation Inferred

Knowledge Representation Knowledge Representation Plan for today Knowledge-based systems 1 Tacit knowledge Knowledge Representation Inferred knowledge Domain-specific stuff A very brief intro Changing premises Uncertainty Jacek Malec

265 views • 13 slides
Knowledge-based Agents Can represent knowledge And reason with this knowledge CS 331:

Knowledge-based Agents Can represent knowledge And reason with this knowledge CS 331:

Knowledge-based Agents Can represent knowledge And reason with this knowledge CS 331: Artificial Intelligence How is this different from the knowledge Propositional Logic I used by problem-specific agents? More general More

221 views • 9 slides
CORRECT? Introduction Working hypothesis Observations: Hypothesis: Human intelligence

CORRECT? Introduction Working hypothesis Observations: Hypothesis: Human intelligence

The Knowledge Representation Hypothesis (Brian Smith, 1982): IT3706 Knowledge Representation An intelligent systems competence is Rodney Brooks: determined by its knowledge. Knowledge without The knowledge is contained within

405 views • 5 slides
The MJO in Tropical Total Ozone The MJO in Tropical Total Ozone The MJO in Tropical Total Ozone

The MJO in Tropical Total Ozone The MJO in Tropical Total Ozone The MJO in Tropical Total Ozone

The MJO in Tropical Total Ozone The MJO in Tropical Total Ozone The MJO in Tropical Total Ozone The MJO in Tropical Total Ozone Baijun Tian Jet Propulsion Laboratory, California Institute of Technology Thanks Y. L. Yung, T. Tyranowski and L.

453 views • 28 slides
Knowledge Model Basics Challenges in knowledge modeling Basic knowledge-modeling constructs

Knowledge Model Basics Challenges in knowledge modeling Basic knowledge-modeling constructs

Knowledge Model Basics Challenges in knowledge modeling Basic knowledge-modeling constructs Comparison to general software analysis Knowledge model specialized tool for specification of knowledge- intensive tasks abstracts from

758 views • 44 slides
So You re Having re Having So You a Total Hip a Total Hip Replacement? Replacement? Your

So You re Having re Having So You a Total Hip a Total Hip Replacement? Replacement? Your

So You re Having re Having So You a Total Hip a Total Hip Replacement? Replacement? Your team of nurses, surgeons, therapists and social workers are here to help you every step of the way. This presentation is meant to assist you before,

723 views • 36 slides
Recording the Knowledge Footprints February 4, 2015 The Knowledge Problem Those who cannot

Recording the Knowledge Footprints February 4, 2015 The Knowledge Problem Those who cannot

Recording the Knowledge Footprints February 4, 2015 The Knowledge Problem Those who cannot remember the past are condemned to repeat it. George Santayana 2 7 Myths of Knowledge Management Knowledge management is about knowledge

422 views • 19 slides
Building Knowledge & Networking Capacities How to Succeed and Fail at Knowledge Sharing

Building Knowledge & Networking Capacities How to Succeed and Fail at Knowledge Sharing

Building Knowledge & Networking Capacities How to Succeed and Fail at Knowledge Sharing Cheryl Cooper, Applied Wisdom International Knowledge & Learning Consultant CherylAppliedWisdom@gmail.com Since 2002... Strategic Knowledge

490 views • 23 slides
Knowledge Management KNOWLEDGE INSPIRED INNOVATION An investment in knowledge always pays the

Knowledge Management KNOWLEDGE INSPIRED INNOVATION An investment in knowledge always pays the

KAIETEUR INSTITUTE FOR KNOWLEDGE MANAGEMENT Kaieteur Institute for Knowledge Management KNOWLEDGE INSPIRED INNOVATION An investment in knowledge always pays the best interest. Benjamin Franklin US author, diplomat, inventor, physicist,

1.09k views • 66 slides
Dog Knowledge The 3rd pillar of the Dog Program Index What is Dog knowledge? Topics

Dog Knowledge The 3rd pillar of the Dog Program Index What is Dog knowledge? Topics

Dog Knowledge The 3rd pillar of the Dog Program Index What is Dog knowledge? Topics Studying Sources Making study guides Quiz bowl Introduction Knowledge Tests Ticket to Big-E 2 Topics The curriculum for 4-H

229 views • 20 slides
gg-Cloud Service for Total Management gg Cloud Service for Total Management of Urban Development

gg-Cloud Service for Total Management gg Cloud Service for Total Management of Urban Development

Green growth knowledge platform conference Green growth knowledge platform conference January 11-13, 2012, Mexico city, Mexico January 11-13, 2012, Mexico city, Mexico Making Green Growth Operational in Urban Areas: Making Green Growth

493 views • 16 slides
707.009 Foundations of Knowledge Management g g Participative Knowledge Acquisition

707.009 Foundations of Knowledge Management g g Participative Knowledge Acquisition

Knowledge Management Institute 707.009 Foundations of Knowledge Management g g Participative Knowledge Acquisition Methods Markus Strohmaier Univ. Ass. / Assistant Professor Knowledge Management Institute Graz University of

599 views • 46 slides
Week 4 Video 2 Knowledge Inference: Bayesian Knowledge Tracing Bayesian Knowledge Tracing (BKT)

Week 4 Video 2 Knowledge Inference: Bayesian Knowledge Tracing Bayesian Knowledge Tracing (BKT)

Week 4 Video 2 Knowledge Inference: Bayesian Knowledge Tracing Bayesian Knowledge Tracing (BKT) The classic approach for measuring tightly defined skill in online learning First proposed by Richard Atkinson Most thoroughly

902 views • 45 slides
Knowledge and Distributed Coordination Yoram Moses Technion NUS Research Week ( :- ) Knowledge

Knowledge and Distributed Coordination Yoram Moses Technion NUS Research Week ( :- ) Knowledge

Knowledge and Distributed Coordination Yoram Moses Technion NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 1 / 45 Outline Indistinguishability and knowledge Modeling knowledge The Knowledge of Preconditions principle

2.17k views • 176 slides
Towards Analytical Data and Knowledge . . . Knowledge . . . Techniques for Optimizing Resulting

Towards Analytical Data and Knowledge . . . Knowledge . . . Techniques for Optimizing Resulting

Introduction Outline Sensor Placement: . . . Towards Analytical Data and Knowledge . . . Knowledge . . . Techniques for Optimizing Resulting Geometric . . . How to Use the . . . Knowledge Acquisition, Future Work Processing, Propagation,

778 views • 60 slides
-Decay Total Absorption Spectroscopy: A Tool for Applied and Fundamental Research

-Decay Total Absorption Spectroscopy: A Tool for Applied and Fundamental Research

-Decay Total Absorption Spectroscopy: A Tool for Applied and Fundamental Research J.L. Tain Jose.Luis.Tain@ific.uv.es http://ific.uv.es/gamma/ Instituto de Fsica Corpuscular C.S.I.C - Univ. Valencia An accurate knowledge of

628 views • 20 slides
1 2 Total Budgeted in Total Planned in Total Planned in 2019 for Total Budgeted 2020 for

1 2 Total Budgeted in Total Planned in Total Planned in 2019 for Total Budgeted 2020 for

1 2 Total Budgeted in Total Planned in Total Planned in 2019 for Total Budgeted 2020 for 2021 for Total Budgeted for Carryover/Multi- in 2019 for New Total Budgeted Carryover & Carryover & 2018 year Projects Projects for

406 views • 7 slides
UNCERTAINTY IN KNOWLEDGE Ch. 9 Uncertainty in Knowledge 1 Sources of Uncertainty

UNCERTAINTY IN KNOWLEDGE Ch. 9 Uncertainty in Knowledge 1 Sources of Uncertainty

UNCERTAINTY IN KNOWLEDGE Ch. 9 Uncertainty in Knowledge 1 Sources of Uncertainty Uncertainty in problem solving can be attributed to Imperfect domain knowledge Imperfect case data Experts employ inexact methods for two

605 views • 31 slides

More recommend