“What Are Weird Machines?”, 2015 (; backlinks; similar):
The expression “weird machines” was first used in the RSS 2009 talk. It referred to state-of-the-art exploitation as finding and programming an execution model (a machine, such as a virtual automaton) within the target via crafted inputs. It was soon extended to other methods of reliably or probabilistically influencing the target’s state. A compressed version of that original talk was given at the Chaos Computing Congress 27c3 [slides], [video].
The concept was further elaborated in Exploitation and State Machines by Thomas Dullien / Halvar Flake at 2011, Heap Exploitation Abstraction by Example by Census Labs at OWASP 2012, and others. A historical sketch can be found in From Buffer Overflows to “Weird Machines” by et al 2011
Effort is underway to produce formal descriptions of weird machine classes in various computing environments. Thomas 2017 paper Weird machines, exploitability, and provable unexploitability is the most notable recent development (see Formalisms below). The LangSec effort is aimed at describing and eliminating broad classes of input-related bugs and associated weird machines.
View HTML: