Exploitation (Halvar Flake)

Weird machines, exploitability, and provable unexploitability: http://ieeexplore.ieee.org/stamp/stamp.jsp?reload=true&tp=&arnumber=8226852

Finite State Machines

CPU States:

  1. Sane
  2. Transitory
  3. Weird States

Exploitation Procedure

  1. Setup (choose the right sane state)
  2. Instantiation (enter the weird state)
  3. Programming (program the weird state)

Attacker Specialization