Core WarCore War Virtual Machines, Viruses, and Defense Against the Dark Arts Philip W. L. Fong...
Transcript of Core WarCore War Virtual Machines, Viruses, and Defense Against the Dark Arts Philip W. L. Fong...
Core WarVirtual Machines, Viruses, and Defense
Against the Dark Arts
Philip W. L. Fong
Department of Computer Science
University of Regina
Regina, Saskatchewan, Canada S4S 0A2
Overview
1. Core War – The Game
2. Malicious Code
3. Java Virtual Machine
4. My research
Core War – p.1/34
Core War
Author: A. K. Dewdney (1984)
Objective:Players launch virus programs that attempt toterminate each other.
The Core:Virtual machine architecture on which virusesexecute.
Redcode:Assembly language for programming viruses
MARS (Memory Array Redcode Simulator):Software simulator for the virtual machine.
Core War – p.2/34
The Core
A memory array of 8000 cells.
Every cell holds an integer representing either aninstruction or random data.
0 -1 -...
...7998 -7999 -
Array is circular: address 8000 = address 0
Core War – p.3/34
The Rules
Competing viruses are loaded at random locations.
Viruses are executed in turns, one instruction at atime.
The first program to execute an illegal instructionloses.
Goal: Overwrite opponent with illegal instructions.
Core War – p.4/34
Redcode
Example:
MOV 2 -1
Meaning:
opcode source destinationMOV 2 -1
Move the content 2 cells ahead to the location 1 cellbehind.
Core War – p.5/34
Redcode
Effect:...
...1373 -1374 MOV 2 -11375 -1376 DAT 99
......
Core War – p.6/34
Redcode
Effect:...
...1373 DAT 991374 MOV 2 -11375 -1376 DAT 99
......
Core War – p.7/34
Self-Destruct
Here is a short Redcode program that self-destructs:...
→ MOV #0 1 Immediate addressing-...
Core War – p.8/34
Self-Destruct
Here is a short Redcode program that self-destructs:...
→ MOV #0 1 Move number 0.DAT 0
...
Core War – p.9/34
Self-Destruct
Here is a short Redcode program that self-destructs:...
MOV #0 1→ DAT 0 Illegal instruction!
...
Core War – p.10/34
Self-Destruct
Here is a short Redcode program that self-destructs:...
MOV #0 1→ DAT 0 Execution terminated!
...
Core War – p.11/34
Imp
A self-replicating program:...
→ MOV 0 1---...
Core War – p.12/34
Imp
A self-replicating program:...
→ MOV 0 1 Copy itself to next addressMOV 0 1
--...
Core War – p.13/34
Imp
A self-replicating program:...
MOV 0 1→ MOV 0 1
--...
Core War – p.14/34
Imp
A self-replicating program:...
MOV 0 1→ MOV 0 1 Copy again.
MOV 0 1-...
Core War – p.15/34
Imp
A self-replicating program:...
MOV 0 1MOV 0 1
→ MOV 0 1 Copy . . .-...
Core War – p.16/34
Imp
A self-replicating program:...
MOV 0 1MOV 0 1MOV 0 1
→ MOV 0 1 Copy . . ....
Core War – p.17/34
Imp
A self-replicating program:...
MOV 0 1MOV 0 1MOV 0 1MOV 0 1
→
...
Sweeping through the core.
Overwriting opponent with itself, thereby forcing a tie.
Core War – p.18/34
Dwarf
A bombing program:
0 DAT -1 Counter.→ 1 ADD #5 -1
2 MOV #0 @-23 JMP -2
Core War – p.19/34
Dwarf
A bombing program:
0 DAT 4 Counter.→ 1 ADD #5 -1 Increment counter by 5.
2 MOV #0 @-23 JMP -2
Core War – p.20/34
Dwarf
A bombing program:
0 DAT 4 Counter.1 ADD #5 -1 Increment counter by 5.
→ 2 MOV #0 @-2 Bomb address 4.3 JMP -2
Core War – p.21/34
Dwarf
A bombing program:
0 DAT 4 Counter.1 ADD #5 -1 Increment counter by 5.2 MOV #0 @-2 Bomb address 4.
→ 3 JMP -2 Loop.
Core War – p.22/34
Dwarf
A bombing program:
0 DAT 9 Counter.1 ADD #5 -1 Increment counter by 5.
→ 2 MOV #0 @-2 Bomb address 9.3 JMP -2 Loop.
Core War – p.23/34
Dwarf
A bombing program:
0 DAT 14 Counter.1 ADD #5 -1 Increment counter by 5.
→ 2 MOV #0 @-2 Bomb address 14.3 JMP -2 Loop.
Core War – p.24/34
Dwarf
A bombing program:
0 DAT 14 Counter.1 ADD #5 -1 Increment counter by 5.
→ 2 MOV #0 @-2 Bomb address 14.3 JMP -2 Loop.
Systematically bombing: 4, 9, 14, 19, 24, 29, . . . .
Effectively terminating opponent.
Core War – p.25/34
MARS
A MARS is a simulator for the Core virtual machine.
Most popular one is pMARS (portable MARS).
Freely available from the internet.
Core War – p.26/34
Malicious Code
Easy Cases:
What if applications run wild like Redcodeprograms?
Multiprogramming Operating Systems(e.g., UNIX, WinXP)
How do you know the programs you downloadfrom the internet behave in a benign way?
Virus scanners
Core War – p.27/34
Malicious Code
Hard Cases:
Mobile code: embedding programs intransactions!Plug-ins: what if your left hand does not trust yourright hand?
One promising solution approach . . .
Core War – p.28/34
Language-based Security
Use a safe language for software distribution.
Then use programming language technologies toenforce security.
Example: Java Virtual Machine (JVM)
Core War – p.29/34
Protection Mechanisms in JVM
Virtual machineBytecode runs in a sandbox.Just like a MARS.
Strongly typedWriting to arbitrary address is forbidden.Sorry, Dwarfs not welcome.
Constrained control-flowBytecode never runs wild.Sorry, Imps not welcome.
Core War – p.30/34
Protection Mechanisms in JVM
Safe dynamic linkingNo type spoofing.No impersonation (or identity crisis) allowed.
Security managerComplete mediation.No unauthorized access.
Core War – p.31/34
What I do for a living
Language-based security researchPluggable Verification ModulesAegis VM (http://aegisvm.sourceforge.net)Type system for access controlMathematical theory of security policies
Core War – p.32/34
Where to go from here . . .
http://www.cs.uregina.ca/˜pwlfong/Projects/AnnualCo mputerCamps
Core War – p.33/34
Thank You
Core War – p.34/34