If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
This talk develops on our previous "weird machines" work published in WOOT 2013, https://www.usenix.org/system/files/conference/woot13/woot13-shapiro.pdf and
https://www.usenix.org/system/files/conference/woot13/woot13-bangert.pdf
(video & slides at https://www.usenix.org/conference/woot13/tech-schedule/workshop-program) We will look at the elements of runtime that are typically overlooked as "mere engineering", and show that without restricting these to statically predictable computing power no trust in the toolchain is possible, i.e., a computation can be hijacked from a "signed" image even before it starts executing. In particular, we will show how parser differentials between images as verified and as loaded, or as seen by the kernel and the RTLD can result in completely different view of the loadable segments (and, as a result, of the runtime space).