Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed...
Transcript of Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed...
![Page 1: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/1.jpg)
Title
CyberGrandChallengeandCodeJitsu
ChaoZhang
References:h9ps://cgc.darpa.mil/h9ps://www.cybergrandchallenge.com/
![Page 2: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/2.jpg)
Title
AboutMe§ Experience• PekingUniversity,Ph.D.(2008.9~2013.7)• UCBerkeley,Postdoc(2013.9~2016.9)• TsinghuaUniversity,AssociateProfessor(2016.9~)
§ ResearchInterests• systemsecurity,programanalysis,reverseengineering
§ Hackforfun• 2012MicrosoXBlueHatPrizeContest• 2015/2016DEFCONCTF• 2015/2016DARPACGC
![Page 3: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/3.jpg)
Title
CyberSecurity:Defense§ n
![Page 4: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/4.jpg)
Title
CyberSecurity:A9ackhoursanddaystofindvulnerabili`esandwriteexploits
DEFCONCTF2015(Blue-Lotus)
![Page 5: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/5.jpg)
Title
Ques`on
Canmachineautoma`callyperforma9ackanddefense,andevenbeathuman?
![Page 6: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/6.jpg)
Title
We’veBeenHereBefore
h9ps://cgc.darpa.mil/ISSTA_2014_r2.pdf
![Page 7: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/7.jpg)
Title
CyberGrandChallenge
AnewDARPAChallenge…
![Page 8: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/8.jpg)
Title
DARPA’sGrandChallenges§ 2004GrandChallenge• robotvehicles,target150miles,max7.32miles
§ 2005GrandChallenge• robotvehicles,target132miles,5teamspassed• focusonphysicalchallenges
§ 2007UrbanChallenge• autonomouscars,target60milesin6hours,6teamspassed• focusonsoXware:trafficlights,stopsigns,distance• industry:Googleself-driving,TeslaAutopilot,etc.
§ 2012Robo`csChallenge• humanoidrobo`cs,executecomplexac`onsincomplexenvironments
• industry:BostonDynamicsRobot(ModelAtlas,2016)
![Page 9: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/9.jpg)
Title
CyberGrandChallengeAgenda7FundingTeams
(0.75M)97OpenTrack
Teams
CQE(2015/6)
7Finalists(0.75M)
CFE(2016/8)
CGCChampion(2M)
DEFCONCTFHumanTeams
Machinevs.Human(2016/8)
![Page 10: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/10.jpg)
Title
HowisCGC(CFE)operated?
• Reputa`onvs.Chea`ng• Fairness(noprioriknowledge)• Closetoreal-worldenvironment
![Page 11: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/11.jpg)
Title
CGCRoles
DARPA
organizer&coordinator
Compe``onFrameworkBuilders
ChallengeBinary
Developers
Howdoteamsinteract?
Run`meBuilders
Howdoprogramsrun?
vulnerabili`es&referenceexploits&polls
Team1
analyzeCBs
Team7
analyzeCBs
…
![Page 12: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/12.jpg)
Title
Compe``onFramework§ RESTAPIs
• h9ps://github.com/CyberGrandChallenge/cgc-release-documenta`on/blob/master/`-api-spec.txt
§ Submission(HTTPPOST)• RCB:ReplacementCBs• IDSrules• PoV:ProofofVulnerabili`es
§ Download(HTTPGET)• status
§ round,scoreboard• consensusevalua`on
§ opponents’RCBs§ opponents’IDSrules§ noopponents’PoVs
• feedback§ performance: `meandmemory§ security: CBcrashinforma`on,notprecisea3ackinforma7on§ evalua`on: whethersubmi9edexploitsworkornot
§ Networktraffic(incomingandoutgoing)• aspecialtapinterface
Compe``onFrameworkBuilders
![Page 13: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/13.jpg)
Title
DECREE§ DARPAExperimentalCyberResearchEvalua`onEnvironment• Linuxkernelwithslightmodifica`ons
§ SpeciallyDesignedEnvironment• 7SystemCalls[Garfinkel2003]
§ terminate–endprogram(exit)§ transmit–writedatatoanfd(write)§ receive–readdatafromanfd(read)§ fdwait–waitforfds(select)§ allocate–allocatesmemory(mmap)§ deallocate–releasesallocatedmemory(munmap)§ random–populateabufferwithrandombytes
§ RestrictedInter-ProcessCommunica`on• Nosharedmemory• Onlysocket-pairs
§ Cleanbidirec`onalcommunica`on§ Automa`callycreatedbysystemonstartup§ SharedbetweenallprocessesinanIPCChallengeBinary
Run`meBuilders
![Page 14: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/14.jpg)
Title
ChallengeBinary(CB)§ CGCformat• minormodifica`ontoELF• aspecialloader
§ Nofilesystemaccess,nonetworkaccess• communicateviacontrolledfdsocket-pairs
§ Userspaceonlyandsta`callylinked§ Nocode-reuseexceptacommon“libc”• 7syscallswrappers• commonmathfunc`ons
§ CompiledBinariesonly(nothandcoded)• alwaysavailableinrealworld• groundtruth(withoutnoiseofcompilerop`miza`onetc.)
ChallengeBinary
Developers
![Page 15: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/15.jpg)
Title
Teams
IDSrules
Patches
exploits
polls
![Page 16: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/16.jpg)
Title
CyberReasoningSystem(CRS)§ EachteamisresponsibletobuildanautomatedCRS,abletoconnecttothecompe``onframework,andcompetewithotherCRSsystems
Input:• OriginalCB• Opponents’RCBs• Opponents’IDS• networktraffic• status• feedback
Output:• PoVs(exploits)• RCBs(patches)• IDSrules
Tasks:• interactwithcompe``onframework• analyzeCBs• analyzetraffic• findvulnerabili?es• generatePoVs(exploits)• generateRCBs(patches)• generateIDSrules(networkdefenses)• tes`ng(func`onalityandperformance)
Teams
![Page 17: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/17.jpg)
Title
ProofofVulnerability(PoV)§ Type1:control-flowhijacking• crashatanego`atedEIP• oneextrageneralregisterhasanego`atedvalue
§ Type2:informa`onleakage• leak4bytesatanego`atedaddressinaflagpage• Theflagpageisatafixedaddress,withrandombytes
§ Note:a9ackerscanusecontrol-flowhijackingtoleakflagpage.
Teams
![Page 18: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/18.jpg)
Title
Scoring
§ availability(0~1)• func`onality• performance
§ memoryoverhead5%~50%§ `meoverhead5%~50%§ filesizeoverhead20%~200%
§ Security(1or2)• abletodefeatalla9acks?
§ Evalua`on(1~2)• linearfunc`on• howmanyteamscanwea9ack?
![Page 19: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/19.jpg)
Title
Round-Accumula`ngScoring
§ Eachroundisabout4.5minutes• CBscouldbereleasedandrevokeddynamicallybyDARPA
§ IfwesubmitaRCB(orIDS)inroundN• wewillgetascoreof0inroundN+1• opponentscoulddownloaditinroundN+1• itwillbedeployedinroundN+2
§ IfwesubmitaPoVinroundN• itwilltakeeffectinroundN+1
![Page 20: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/20.jpg)
Title
CodeJitsu
![Page 21: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/21.jpg)
Title
OurTeam
HengYinDawnSong GeorgeCandea ChaoZhang
UCBerkeleyBitBlazae
Syracuse(UCRiverside)TEMU/DECAF
EPFL(CyberHeaven)S2E
UCBerkeley(TsinghuaUniv.)
![Page 22: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/22.jpg)
Title
![Page 23: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/23.jpg)
Title
CGCMachines
![Page 24: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/24.jpg)
Title
OurCRS:Galac`ca
Highlightedinskyblue,theCRSthatleadsapowerfulfleetofselecMvesymbolicexecuMonengines,binaryinstrumentaMontools,andfuzzersonaheroicquesttofindcybersecurityformankind.
![Page 25: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/25.jpg)
Title
design:cloud-basedarchitecture§ HPC:64nodes,eachwith20cores,256Gmem,1TBdisk• toanalyzeatmost30CBsata`me
![Page 26: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/26.jpg)
Title
deployment§ Unifiedstorage:• glusterfs+postgres
§ Automateddeployment:• ansible
§ Self-containedapplica`ons:• docker
§ resourcemanagement:• mesos
§ taskscheduling:• custommesosscheduler
§ healthmonitoringandautomatedrecovery:• monit
![Page 27: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/27.jpg)
Title
design:coreanalysiscomponents§ s
![Page 28: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/28.jpg)
Title
Analysis§ disassembly• customdisassemblerbasedonIDAPro• conserva`velyscancodepointersindatasec`ons• integratecodeinforma`onfromdynamicanalysiscomponents(AFL,S2E)
§ defensemetadata• iden`fysuspiciousfunc`on,e.g.,prinx• iden`fyindirectlycalledfunc`ons• JITmemoryalloca`onsite• JITcodecallsites
![Page 29: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/29.jpg)
Title
VulnerabilityDetec`on§ SmartFuzzing:improvedversionofAFL• IPCsupport• cookiehandling• seedmetrics:• throughputimprovement:AFLFast(CCS’2016)
§ SymbolicExecu`on:S2E• exploreprogramstatesandsolveconstraintstofindvulnerabili`es• statemergingandpriori`zing
§ Fusionofdifferentsolu`ons• seedsharing:fuzzer+S2E+trafficreplay• pathexplora`on:S2EhelpsFuzzertobreakthroughsomebranches
![Page 30: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/30.jpg)
Title
ExploitGenera`on§ Crashsamples
§ Dynamicanalysis• Trackprogramstates:e.g.,memoryobjects.• Detecterrorevents:e.g.,memoryviola`ons.• Reportexploitablescenarios:e.g.,symbolicEIP.
§ Exploitgenera`on• fromexploitablescenarios,tryandsolveknownexploitpa9erns
§ PoVformathandling• Howtoembedthe(dynamic)nego`atedvaluesintothe(sta`c)exploits?
• S2Ewillembedtheformulaofthenego`atedvalueinthePoV• MayhemembedsaPythoninterpreterintoeachPoV!
![Page 31: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/31.jpg)
Title
Defense§ CFI:controlflowintegrity§ Shadowstacks§ DEP§ Randomiza`on§ Dataleakagedefense§ op`miza`on
Trade-off:• Security• Func`onality• Performance
ShellPhishfindsabuginQEMU,andembedsspecialinstrucMonsintheirRCBs,topreventopponentteamsanalyzingthem.
![Page 32: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/32.jpg)
Title
defensecorpus
![Page 33: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/33.jpg)
Title
Results
![Page 34: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/34.jpg)
Title
FinalScore§ green:availability,blue:security,red:evalua`on(a9ack)
![Page 35: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/35.jpg)
Title
Evalua`on:A9acksout
Foreachteam,howmanysuccessfula9acks(team*round*CB)?
3.5.4.2.7.1.6.
![Page 36: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/36.jpg)
Title
Evalua`on:Firstblood
Foreachteam,howmanyCBsdoesita9ackfirst?
5.3.1.2.4.7.6.
![Page 37: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/37.jpg)
Title
Evalua`on:SolvedCBs
Foreachteam,howmanyCBsdoesitexploit?
3.1.5.7.4.2.6.
![Page 38: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/38.jpg)
Title
Security:A9acksin
2.3.4.5.7.1.6.
![Page 39: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/39.jpg)
Title
Availability:`meoverhead
1.5.6.4.3.2.7.
![Page 40: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/40.jpg)
Title
Availability:memoryoverhead
3.5.1.6.7.4.2.
![Page 41: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/41.jpg)
Title
Availability:func`onality
1.2.6.3.7.4.5.
![Page 42: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/42.jpg)
Title
Availability:SubmissionsofRCBs
Eachsubmissionwillcausenextround’sscoretobe0!
1.6.2.7.4.5.3.
![Page 43: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/43.jpg)
Title
Lessonslearned§ AvailabilityscoreismoreimportantthanSecurityscoreandEvalua`onscoreinCGC.
§ Opponentteamsarenotgoodatexploits,soit’ssafetokeeporiginalCBswithoutanypenalty.• Allteamsexploited26/82CBstogether.
![Page 44: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/44.jpg)
Title
Machinevs.Human
![Page 45: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/45.jpg)
Title
DEFCONCTF2016§ Day1:last§ Day2:3rdtolast§ Day3:last
§ Human• copyopponents’patches
§ PPP:embedbackdoorsintheirRCBs• reconstructopponents’exploits
§ Machine• firsttogenerateexploitsagainsta“arbitrarywritebyte0”vulnerability• firsttogenerateexploitsagainstanobfuscatedCB
![Page 46: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/46.jpg)
Title
SomeThoughts§ Machinesaregoodat• findinglow-levelbugs• a9ack:defeatsimpleobfusca`on• defense:deploygenericdefensesquickly• defense:generatevaria`onsofprograms(movingtargets)
§ Machinearenotgoodat• findhigh-levelbugs• a9ack:generateadvancedexploits• defense:deployvulnerability-specificpatches
§ Futureofmachines• machinelearning?
![Page 47: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/47.jpg)
Title
Conclusion§ CGCisagreatpioneerprojectinmakingautomateddefenseanda9ackintoprac`ce.
§ Itisthefirsta9empttomakesuchasystemwork.It’sreasonablesomegamerulesarenotproperlyset.
§ Itsuccessfullys`mulatesthecrea`onof7prototypesystems,andprovesautomateddefenseanda9ackispossible.Itwillleadawaveofresearchandindustryefforts.
§ Themachineisrising!
![Page 48: Cyber Grand Challenge and CodeJitsufree.eol.cn/edu_net/edudown/spkt/zhangchao.pdf · § PPP: embed backdoors in their RCBs • reconstruct opponents’ exploits § Machine • first](https://reader030.fdocuments.net/reader030/viewer/2022040310/5f3438aa9135e52bc06d201d/html5/thumbnails/48.jpg)
Title
Thanks!Q&A