Bad Computation with Good Code

NewThreats

If you want to make sure your computer or server is not tricked into undertaking malicious or undesirable behavior, it's not enough to keep bad code out of the system.

Two graduate students from UC San Diego's computer science departmentóErik Buchanan and Ryan Roemer - have just published work showing that the process of building bad programs from good code using 'return-oriented programming' can be automated and that this vulnerability applies to RISC computer architectures and not just the x86 architecture (which includes the vast majority of personal computers). Reduced Instruction Set Computer (RISC) is the type of microprocessor pioneered by Acorn Computers (amongst others) which has an instruction set less than that of its counterparts and hence operates faster.

Last year, UC San Diego computer science professor Hovav Shacham formally described how return-oriented programming could be used to force computers with the x86 architecture to behave maliciously without introducing any bad code into the system. However, the attack required painstaking construction by hand and appeared to rely a unique quirk of the x86 design.

This new automation and generalization work from graduate students and professors from UC San Diego's Jacobs School of Engineering was presented on October 28 at ACM's Conference on Communications and Computer Security (CCS) 2008, one of the premier academic computer security conferences.

"Most computer security defenses are based on the notion that preventing the introduction of malicious code is sufficient to protect a computer. This assumption is at the core of trusted computing, anti-virus software, and various defenses like Intel and AMD's no execute protections. There is a subtle fallacy in the logic, however: simply keeping out bad code is not sufficient to keep out bad computation," said UC San Diego computer science professor.

Return-oriented Programming

Return-oriented programming exploits start out like more familiar attacks on computers. The attacker takes advantage of a programming error in the target system to overwrite the runtime stack and divert program execution away from the path intended by the system's designers. But instead of injecting outside code - the approach used in traditional malicious exploits - return-oriented programming enables attackers to create any kind of nasty computation or program by using just the existing code. "You can create any kind of malicious program you can imagine - turning complete functionality," said Shacham. For example, a user's Web browser could be subverted to record passwords typed by the user or to send spam e-mail to all address book contacts, using only the code that makes up the browser itself.

The term 'return-oriented programming' describes the fact that the 'good' instructions that can be strung together in order to build malicious programs need to end with a return command. The graduate students showed that the process of building these malicious programs from good code can be largely automated by grouping sets of instructions into 'gadgets' and then abstracting much of the tedious work behind a programming language and compiler.

Imagine taking a 700 page book, picking and choosing words and phrases in no particular order and then assembling a 50 page story that has nothing to do with the original book. Return-oriented programming allows you to do something similar. Here the 700 page book is the code that makes up the system being attackedófor example, the standard C-language library libc - and the story is the malicious program the attacker wishes to have executed.

"We found that return-oriented programming poses a much more general vulnerability than people initially thought," said computer science graduate student Ryan Roemer. He and another colleague chose to study return-oriented programming for a class project after they heard Shacham outline a series of open questions in a guest lecture he gave in a computer security course.

"The threat posed by return-oriented programming, across all architectures and systems, has negative implications for an entire class of security mechanisms: those that seek to prevent malicious computation by preventing the execution of malicious code," the authors write in their CCS 2008 paper.

Let us quote an example here: Intel and AMD have implemented security functionality into their chips (NX/XD) that prevents code from being executed from certain memory regions. Operating systems in turn use these features to prevent input data from being executed as code (e.g., Microsoft's Data Execution Prevention feature introduced in Windows XP SP2). The new research from UC San Diego, however, highlights an entire class of exploits that would not be stopped by these security measures since no malicious code is actually executed. Instead, the stack is 'hijacked' and forced to run good code in bad ways.

"We have demonstrated that return-oriented exploits are practical to write, as the complexity of gadget combination is abstracted behind a programming language and compiler. Finally, we argue that this approach provides a simple bypass for the vast majority of exploitation mitigations in use today," the computer scientists write.

The authors outline a series of approaches to combat return-oriented programming. Eliminating vulnerabilities permitting control flow manipulation remains a high priority - as it has for 20 years. Other possibilities: hardware and software support for further constraining control flow and addressing the power of the return-oriented approach itself. "Finally, if the approaches fail, we may be forced to abandon the convenient model that code is statically either good or bad, and instead focus on dynamically distinguishing whether a particular execution stream exhibits good or bad behavior," the authors write. -Hassan Rameez

DigiTales

Online Translation Tools

Have you ever used Google's translation feature or Yahoo!'s Babel Fish to help you make sense of a language you don't speak? Be careful! Here's what the BBC says could happen to you.

Our story comes from beautiful Wales, where English is spoken, but so is Welsh. In fact the law states all road signs in Wales must be bilingual. When a new sign was being put up to restrict truck traffic the English text, "No entry for heavy goods vehicles. Residential site only," needed to be translated to Welsh.

The procedure was pretty simple. The person in-charge of the sign emailed someone fluent in Welsh who dutifully replied "Nid wyf yn yswyddfa ar hyn o bryd. Anfonwch unrhyn waith I'w gyfieithu." Modern technology at its finest!

Oh - in case you don't speak Welsh, "Nid wyf yn yswyddfa ar hyn o bryd. Anfonwch unrhyn waith I'w gyfieithu," translates to, "I am not in the office at the moment. Please send any work to be translated." That's what was printed on the sign which was then erected at the side of the road!

This has created a minor storm on the pages of the English language Welsh site thisisSwansea.co.uk where Martin from Swansea uses a little non-standard English to get his point across. -BBC

Computer makers recall 100,000 Sony batteries

TOKYO: Computer manufacturers are recalling 100,000 laptop batteries made by Sony Corp. after 40 incidents of overheating. Some users reported smoke or flames. Four of the incidents resulted in minor skin burns while 21 of the cases caused damage to property, as reported by Sony.

Hewlett-Packard, Toshiba, Dell, Acer and Lenovo are involved in the global recall. The defect appeared to have been caused by a problem with a production line during October 2004 and June 2005.

The US Consumer Product Safety Commission said that about 32,000 batteries were being recalled voluntarily in the United States, mostly by Hewlett-Packard. It said consumers should stop using the recalled products immediately because they can overheat, posing a fire and burn hazard to consumers.

In 2006 Sony was hit by similar recalls of almost 10 million of its batteries for laptop computers because of fears they could catch fire, burning a deep hole in the Japanese giant's profits. 

Computer to assess body shape under clothing

AppliedIT

Imagine you are a police detective trying to identify a suspect wearing a trench coat, baggy pants and a baseball cap pulled low. Or imagine you are a fashion industry executive who wants to market virtual clothing that customers of all shapes and sizes can try online before they purchase.

Perhaps you want to create the next generation of ìGuitar Heroî in which the user, not some character, is pumping out the licks. The main obstacle to these and other pursuits is creating a realistic, 3-D body shape ó especially when the figure is clothed or obscured.

ìIf you see a person wearing clothing, can the computer figure out what they look like underneath?î asked Michael Black, a computer science professor. The researchers have created a computer program that can accurately map the human bodyís shape from digital images or video. This is an advance from current body scanning technology, which requires people to stand still without clothing in order to produce a 3-D model of the body.

With the new 3-D body-shape model, the scientists can determine a personís gender and calculate an individualís waist size, chest size, height, weight and other features.

Black and Balan debuted their findings this month at the European Conference on Computer Vision in Marseilles, France. Their paper is one of fewer than 5 percent of submitted manuscripts chosen for oral presentation at this international gathering.

The potential applications are broad. Besides forensics and fashion, Black and Balanís research could benefit the film industry. Currently, actors must wear tight-fitting suits covered with reflective markers to have their motion captured. The new approach could capture both the actorsí shape and motion, while doing away with the markers and suits.

In sports medicine, doctors would be able to use accurate, computerized models of athletesí bodies to better identify susceptibility to injury. In the gaming world, it could mean the next generation of interactive technology. Instead of acting through a character, a camera could track the user, create a 3-D representation of that personís body and insert the user into the video game.

Brown University has filed two provisional patents covering the research and its potential commercial applications. The key insight for Black and Balan was when they learned they could divine clues about a personís shape even with clothing. They created a computerized body model from 2,400 detailed laser range scans of men and women in minimal clothing. They found that by combining information from a person in multiple poses, the computer was able to infer the gender of the person and the 3-D body shape. They further refined the model by incorporating the computerís detection of skin in the images.

"As I move, my clothes become loose or tight on different parts of my body,î Black said. ìEach pose gives different constraints on the underlying body shape, so while a personís body pose may change, his or her true shape remains the same. By analyzing the body in different poses, we can better guess that personís true shape."

The researchers stress the technique is not invasive; it does not use X-rays, nor does it actually see through clothing. The software makes an intelligent guess about the personís exact body shape. A simulation of the new technology can be seen at http://www.cs.brown.edu/~alb/scapeClothing/. -Rasheed Ahmad Abbasi, Houston, Texas, USA.

Windows File extensions: what do they do?

Managing files is one of the most important things to learn in order to use Windows properly. There is a lot more involved than the basic functions like copy, delete, and move. Unfortunately, the subject is poorly understood by many people. One mystery is file extensions. Another is the annoying things that can happen when new software changes your file associations.

Understanding file extensions and knowing how to manage your file associations can be productive in many ways.

You will recall that in the Windows operating system, most files have names with the format filename.ext where .ext is the extension. An extension is not absolutely required but most files have one in their name. Extensions are often, but not necessarily, three characters. Their function is to tell the computer what the file type is and what is to be done with the file when it is opened or double-clicked or otherwise invoked one way or the other. When the operating system is presented with a file for action (e.g., when you double-click it), the Registry is consulted where a list of file types and their extensions is kept. The list contains what actions are possible for that particular file, which software is supposed to carry out the action, and where on the computer that software is located (the path).

By being aware of the role of an extension, a user can make intelligent decisions about how (or whether) to use a file. For example, e-mail viruses are usually spread by means of attachments with one of the executable extensions such as .exe, .vbs or .scr. An informed user will be able to recognize the danger in indiscriminately opening such attachments and will be prepared to take appropriate action.

Visible Extensions

Unless you change the default system settings, Windows will not show the extensions of filenames in any listing of files. Presumably Microsoft thinks users need to be protected from themselves in this way, in spite of the fact that a lot of people think it is a poor idea for the default setting. Whatever is right, the setting can easily be changed. For Windows XP, open My Computer and click on the Tools menu. Then open Folder Options|View. In the list of settings that appears, uncheck the box by the entry, Hide Extensions For Known File Types. For a more detailed description with graphics, go to How to Make File Extensions Visible in Windows XP.

Given in the table are some of the common extensions that you will encounter. Also listed is a brief description of what type of file each extension is for. This table lists a few of the most common file extensions and a little information about them.

The subject however, is not quite simple. So, if you want to carry out more research on extensions; do visit sites given below:

*http://www.ace.net.nz/tech/TechFileFormat.html

* http://www.fnds.net/ext/a.html

* FileFormat.Info

* http://dotwhat.net/

* http://www.fileinfo.net/

Unknown or New File Types

A file that has no extension or that has an extension that is not listed in the Registry on your computer will need to have some program associated with its type before it can be opened or otherwise used. Some computers are configured to use Notepad for unknown file types but otherwise double-clicking on such a file will bring up the unknown file dialog box where you can choose to pick a program from a list by choosing the radio button Select The Program From a List and clicking OK.

When you choose to select a program, the OPEN WITH dialog box appears. Windows will list what it thinks are the best possibilities but it is often the case that some other program is what is wanted. Scroll down the list of other programs to get a better selection. Even then, the desired program may not be listed. To see all the program files that are available on your computer, use the BROWSE function. Be watchful of the entry at the bottom of the dialog box, ALWAYS USE THE SELECTED PROGRAM TO OPEN THIS KIND OF FILE. This is often checked by default and you may permanently assign a program to this kind of file without intending to do so. By leaving the entry unchecked, you can experiment with different programs. However, if you wish to use a particular program for this type of file every time it is double-clicked, place a check in the box.

If you do not know anything about the function of an unknown file, use Quick View (if your computer has it) or Notepad (WordPad for larger files) to see if it is a text or binary file and find any other information that would help to decide if and how it should be opened.

References mentioned previously can help you find which software is needed for unknown file types. It may be that your computer is lacking the program needed for a particular file type. For example, if a friend gives you a file that is a spreadsheet created in Microsoft Excel (extension .xls) you will not be able to open the file properly unless you have appropriate software such as Excel itself or an Excel Viewer.

File Associations

In the Registry is a list of file types that are registered for a specific computer. The list contains what actions are possible for that particular file, which software is supposed to carry out the action, and where on the computer that software is located (the path). All file types will have at least one possible action called the Default. Many file types may have several possible actions, often using different software.

In general, actions other than the Default are invoked from the right-click context menu. Right-clicking a file once will bring up a list of things called the CONTEXT MENUE.

The top portion of the menu shows all the possible actions for the file, including the Default, which will be in boldface. An example of the top portion of a context menu is shown in the first figure. The default action here is the typical Open. A list of all the file types registered on a particular computer together with their associated actions and software can be seen by going to My Computer-Tools-Folder Options-File Types.

Many of us have had the experience of installing some new software only to find that, without asking, the installation has changed our file associations so that some of our favorite programs no longer work. Knowing how to manage file associations will allow you to take back control of your computer. There is a simple procedure to change the default action or to occasionally use a different program to open a file. Right-click on a file of the type whose associations you wish to edit. In the context menu click on OPEN WITH. Selecting this entry will bring up a list of programs from which a selection can be made to open the file.

Adding Associations

Sometimes it is advantageous to have a choice of programs to open a file. For example, occasionally you may wish to open a .txt file in Word instead of using Notepad. Or you may have two Internet browsers and want to be able to use either to open .html files. Also, it is sometimes desirable to have separate programs for different functions. You may wish to open (display) pictures with one program and do editing with another. In this case it is often convenient to have the extra functions listed explicitly in the right-click context menu. For example, you could Open a .txt file with Notepad, View it with Wordpad, and Read it with Microsoft Word, in all cases doing the same thing but using different programs. To keep track of what program is being invoked, you can use the name of the program in the description of the action. Thus for .jpg files you could name one action OPEN with Internet Explorer and name another OPEN with Paint Shop Pro. Similarly, for .html files, you could have both OPEN with Internet Explorer and OPEN with Netscape.

IBM India-South Asia Country Manager Systems & Technology Group Shailesh Agarwal speaks during an event to announce launch of new storage hardware , software and services in Bangalore, India, Tuesday, Nov. 4, 2008. IBM launched largest information infrastructure with an investment of USD $2 billion over three years with 2500 researchers and developers around the world, including India.

Since long the camera tripods remain a common tool in case a person wants to snap a picture of his/her own. Look at the handy tool given in the picture above. So simple; isn't it? However, it's astonishing that this simplest idea took so long to become a reality. -Kamran Khan

Journalists and workers are seen inside the Parthenon on the Acropolis, Athens last week. Scientists are drawing on the latest technology to install a complete computer-based system that will record just how much the nature is affecting 2,500-year-old citadel. They hope their findings will help identify areas that could be vulnerable to this archaeological asset.