Category Archives: Security

Some Thoughts about PCI Express Device Security Enhacement

Posted on May 15, 2021 by daveti

The USB Type-C Authentication specification provides a method to authenticate USB products, although with some flaws. As you might wonder — what about other non-USB peripherals? How can we establish trust with them instead of “Trust-by-Default”? That’s how I ended … Continue reading

Posted in Security | Tagged , , , , , , , , | Leave a comment

USB Fuzzing: A USB Perspective

Posted on July 17, 2019 by daveti

Syzkaller [1] starts to support USB fuzzing recently and has already found over 80 bugs within the Linux kernel [2]. Almost every fuzzing expert whom I talked to has started to apply their fuzzing techniques to USB because of the … Continue reading

Posted in Security | Tagged , , , , , , , , , , | 3 Comments

Speculations on Intel SGX Card

Posted on March 25, 2019 by daveti

One of the exciting things Intel has brought to RSA 2019 is Intel SGX Card [2]. Yet there is not much information about this coming hardware. This post collects some related documentation from Intel and speculates what could happen within … Continue reading

Posted in Security | Tagged , , , , , | Leave a comment

Syscall hijacking in 2019

Posted on February 25, 2019 by daveti

Whether you need to implement a kernel rootkit or inspect syscalls for intrusion detection, in a lot of cases, you might need to hijack syscall in a kernel module. This post summorizes detailed procedures and provides a working example for … Continue reading

Posted in OS, Security | Tagged , , , , | 1 Comment

Valgrind trapdoor and fun

Posted on July 7, 2018 by daveti

Valgrind has a client request mechanism, which allows a client to pass some information back to valgrind. This includes asks valgrind to do a logging in its own environment, tells valgrind a range of VA being used as a new … Continue reading

Posted in Programming, Security | Tagged , , , | Leave a comment

Some notes on SGX OwnerEpoch and Sealing

Posted on June 24, 2018 by daveti

Intel SGX has been there in the market for while. Yet there are still a lot of misundrestandings and mysteries about this technology. This post provides an introduction to Intel SGX OwnerEpoch and Sealing, discusses their security impacts, and speculates … Continue reading

Posted in Security | Tagged , , , , , | Leave a comment

Rowhammer Pine64

Posted on April 29, 2018 by daveti

Rowhammer attacks have been well known, and gotten a lot of publications already. However, we notice that most rowhammers happened on x86 architecture due to the easy access to clflush from the user space. ARM architecture (both ARMv7 and ARMv8) … Continue reading

Posted in Linux Distro, OS, Security | Tagged , , , , , | Leave a comment

Running Multics on Linux (Fedora 27)

Posted on January 17, 2018 by daveti

This post follows the “Multics Simulator Instructions”[1] (with some tweaks) to setup Multics simulator dps8m and run Multics on my Fedora 27. Other Linux distro (Ubuntu/Debian/Raspbian) may need some changes but basically work the same way. Experience the cutting-edge secure … Continue reading

Posted in OS, Security | Tagged , , , | 1 Comment

Some notes on the Monotonic Counter in Intel SGX and ME

Posted on November 10, 2017 by daveti

SGX sealing is vulnerable to rollback attacks as the enclave is not able to tell if the sealed data is the latest or a old copy. To mitigate this attack, monotonic counter (MC) has been introduced in Intel SGX SDK … Continue reading

Posted in Security | Tagged , , , | 12 Comments

A PoC of DoS attack in Elixir Actor Model

Posted on September 29, 2017 by daveti

The naive way of using the Actor model in Elixir is using “receive” in a loop, which is then “spawn”d as a Erlang process. Unfortunately, a potential DoS attack could happen if the pattern matching is not coded carefully with … Continue reading

Posted in Programming, Security, Static Code Analysis | Tagged , , , , | Leave a comment