NorthSec 2020 (Online Edition)

Regions are types, types are policy, and other ramblings
2020-05-15, 11:00–11:45, Twitch

Compilers and interpreters make use of types to ensure a degree of semantic sanity. I will describe how types can be used outside this narrow paradigm to apply policies across address spaces.

Semantically related objects often get grouped together in memory, and it is about time we take advantage of this in developing software hardening measures. Types can be naturally assigned to regions of memory in a flexible manner. Such types can form the basis of a practical and intelligible access control policy. This observation allowed me to retroactively harden an instance of the U-Boot bootloader, to model the bootloader's intentions and build an access control policy that mediated its behavior.

Typed region-based hardening measures can be applied to other kinds of software to not only protect against low-level memory vulnerabilities but also to help protect and address high-level logic-based attacks (i.e., instances of weird machines).


bx enjoys tinkering with systems in undocumented manners to find hidden sources of computation. She has previously studied the weird machines present in application linkers and loaders, publishing some nifty PoC along the way, but has since turned her focus towards the kinds of loaders that bootstrap systems. bx is currently a senior security researcher at Narf Industries.