INFERENCE OF RESIDUAL ATTACK SURFACE UNDER MITIGATIONS

Kyriakos K Ispoglou (6632954)

14 May 2019

<div>Despite the broad diversity of attacks and the many different ways an adversary can exploit a system, each attack can be divided into different phases. These phases include the discovery of a vulnerability in the system, its exploitation and the achieving persistence on the compromised system for (potential) further compromise and future access. Determining the exploitability of a system –and hence the success of an attack– remains a challenging, manual task. Not only because the problem cannot be formally defined but also because advanced protections and mitigations further complicate the analysis and hence, raise the bar for any successful attack. Nevertheless, it is still possible for an attacker to circumvent all of the existing defenses –under certain circumstances.</div><div><br></div><div>In this dissertation, we define and infer the Residual Attack Surface on a system. That is, we expose the limitations of the state-of-the-art mitigations, by showing practical ways to circumvent them. This work is divided into four parts. It assumes an attack with three phases and proposes new techniques to infer the Residual Attack Surface on each stage.</div><div><br></div><div>For the first part, we focus on the vulnerability discovery. We propose FuzzGen, a tool for automatically generating fuzzer stubs for libraries. The synthesized fuzzers are target specific, thus resulting in high code coverage. This enables developers to expose and fix vulnerabilities (that reside deep in the code and require initializing a complex state to trigger them), before they can be exploited. We then move to the vulnerability exploitation part and we present a novel technique called Block Oriented Programming (BOP), that automates data-only attacks. Data-only attacks defeat advanced control-flow hijacking defenses such as Control Flow Integrity. Our framework, called BOPC, maps arbitrary exploit payloads into execution traces and encodes them as a set of memory writes. Therefore an attacker’s intended execution “sticks” to the execution flow of the underlying binary and never departs from it. In the third part of the dissertation, we present an extension of BOPC that presents some measurements that give strong indications of what types of exploit payloads are not possible to execute. Therefore, BOPC enables developers to test what data an attacker would compromise and enables evaluation of the Residual Attack Surface to assess an application’s risk. Finally, for the last part, which is to achieve persistence on the compromised system, we present a new technique to construct arbitrary malware that evades current dynamic and behavioral analysis. The desired malware is split into hundreds (or thousands) of little pieces and each piece is injected into a different process. A special emulator coordinates and synchronizes the execution of all individual pieces, thus achieving a “distributed execution” under multiple address spaces. malWASH highlights weaknesses of current dynamic and behavioral analysis schemes and argues for full-system provenance.</div><div><br></div><div>Our envision is to expose all the weaknesses of the deployed mitigations, protections and defenses through the Residual Attack Surface. That way, we can help the research community to reinforce the existing defenses, or come up with new, more effective ones.</div>

Applied Computer Science

systems security

attack surface

binary analysis

binary exploitation

stealthy malware

fuzzing

whole system analysis

Contribution à la conception et à l'optimisation thermodynamique d'une microcentrale solaire thermo-électrique / Contribution to the design and thermodynamical optimization of micro solar thermo-electric power plant

Mathieu, Antoine

23 May 2012

En ce début de millénaire 1,4 Milliards d'humains, parmi les plus démunis de la planète, vivent dans des sites isolés et ne bénéficient pas de réseaux de distribution d'énergie. Leur besoin en électricité est modeste, mais important en terme d'usages : accès aux soins médicaux et à l'instruction, communication, développement d'économies locales. C'est face à ce constat que Schneider Electric Industries relève, depuis 2009, le défi de concevoir et réaliser des microcentrales solaires thermodynamiques, concurrentielles à d'autres solutions, pour fournir à ces populations une énergie électrique fiable et respectueuse de l'environnement. Inscrit dans le cadre de ce projet, le présent travail - réalisé en Cifre - est séquencé par l'évolution industrielle du projet. Dans un premier temps, un Etat de l'Art, étendu à une analyse de détail, a contribué à privilégier certains choix technologiques : capteurs solaires à concentration, stockage thermique à chaleur sensible et moteur de Stirling. Dans un second temps, une étude thermodynamique préliminaire a permis d'évaluer le dimensionnement d'éléments clefs du système : champ de captage solaire et stockage thermique. En complément une étude de sensibilité paramétrique du dimensionnement et des performances à divers facteurs de pertes énergétiques a souligné les points durs techniques et participé à l'orientation des travaux de conception. Enfin, l'analyse exergétique de fonctionnement de capteurs solaires et d'un moteur Stirling en régimes dynamiques stationnaires proposent des bases pour l'optimisation de contrôle et commande, visant à accroître les performances énéergétiques du système et favoriser sa viabilité thermoéconomique / As a new millenium begins, 1.4 Billion people worldwide earn less than 2 dollars daily and have no access to the power grid. The need of electric power of these people represent small energy amounts but is very important regarding to the usage : acces to healthcare and education, communication, local economic development. In reponse to the situation, since 2009, Schneider Electric Industries takes up the challenge to design and realize micro solar power plants, competitive with other solutions, to supply these people with reliable and environment-friendly electricity. Dealing with this project, this work has been realized under contract, so it follows the development sequence of the industrial project. The first part is a State of the Art of the actual solar thermodynamical technologies. This task is extended to a qualitative evaluation of various technologies, as a contribution to select adapted technologies: concentrating solar thermal receivers, sensible heat thermal storage and Stirling engine. The secon step is a preliminary thermodynamics analysis of the whole system, that allowed to evaluate key features: the size of the solar receivers area, the thermal storage volume, and overall energy performance. This task is streched by a sensitivity analysis of the sizing and performances, according to various energy losses parameters, that shows the technical hard spots of the design. Finally, an exergy-based dynamical analysis of stationary operating solar receivers and Stirling engines leads to a propostion of basis methods and criteria for the optimal control of power, in order to maximize the energy performances of the system and to enhance its competitiveness

Thermodynamique

Analyse Système Globale

Captage solaire thermique

Moteur Stirling

Optimisation dynamique

Exergie

Thermodynamics

Whole System Analysis

Solar Thermal Receiving

Stirling Engine

Dynamical Optimization

Exergy

621.312