Several weeks ago I received a phone call coming from Juan. Andy was looking for some mate ready to jump in a new opportunity related to high performance networking, hypervisors, packet filtering and LuaJIT. Hey! this mix sounded great so I joined Andy and we went ahead.
Six weeks later, and with Diego joining the project too, one first implementation (Pflua) of the libpcap packet filtering language (pflang), together with the proper testing code and benchmarking (Pflua-bench) went live.
Along those weeks, I hacked in bindings/FFI implementation, performance/benchmarking, testing stuff and kernel-space to user-space code adaptation (Linux BPF JIT wrapped as a dynamic library!). With this post I will share a quick overview of the project and the proper links to explore it in detail.
As you may know, the mission of the National Institute for Communication Technologies (INTECO), located in León (Spain), is to strengthen cybersecurity, trust, and the protection of privacy with respect to services offered within the information society, providing value to the public, businesses, the Spanish Government, the Spanish academic and research network, the information technology sector and strategic sectors in general. It is a huge responsibility though.
Those last weeks I was really busy here in Igalia. We were hacking in Chromium/Blink broadly, attending to BlinkOn 2, held our Assembly, enjoyed one of our summits and so on. On the top of all these things we started to collaborate with the Carnegie Mellon Software Engineering Institute (SEI) around browsers security too. Great news!
On the other hand, Robert commented on the SEI's blog about the importance of having in mind secure coding practices to prevent vulnerabilities while coding, and how the CERT Secure Coding Initiative at the SEI is supporting this approach with completed standards for C and Java. By the way, coding standards for C++, Perl and other languages are under development too.
CERT coding standards are valuable resources for the programmer taking care of Information Security. As Robert highlights, secure coding standards itemize coding errors that are the root causes of current software vulnerabilities, prioritizing them by severity, likelihood of exploitation, and remediation costs. Each rule in the standard includes examples of insecure code, as well as secure alternative implementations.
If you are interested about our collaboration with SEI and the research project to evaluate the costs of producing a CERT-conforming implementation of the Chromium browser you should not skip his post. It introduces the rest of lines and colleagues collaborating in this project too.
In the '90s, a lot of active exploration and research got done around self-replicating code with the aim of pushing software infection limits and crafting some proof of concept virus in PC platforms. In that period malware was primitive and simple, but seminal in papers and applied techniques.
Those days, while reversing malware and reading dead listings for some of the most recent sophisticated and aggresive virus and worms, I needed to implement some support code to verify as the infections were happening and how hosts could be uninfected. I used OCaml to implement some antivirus routines and I spent some time observing the impact and consecuences of using functional programming in this arena.
Along this post I am going to write about virus signature matching, bit string abstractions and the blending of both worlds using OCaml. In order to understand the beauty of pattern matching in this domain, this post will comment on antivirus architectures and signature scanners too. A real Win32 virus will be shredded to explore how functional programming could be used to detect/disinfect malware.
As a result of our work in the Kernel and Virtualization team here in Igalia, Samuel and I were invited to take part at the first conference on control system's technologies used by High Energy Physics facilities. This event was hosted in the National Center of Scientific Research NCSR DEMOKRITOS, the biggest and most acclaimed research center in Greece.
After our talk titled Driving and virtualizing control systems: the Open Source approach used in WhiteRabbit, we joined the round table to discuss about the future of controls for accelerators and detectors. It was great sensing how the open hardware makes its way in this community.
One of the most extended definitions about Continuous integration (CI) is the practice, in software engineering, of merging all developer working copies with a shared mainline several times a day. This approach reduces long periods between build and test runs while simplifying automatic tasks.
Recently, I wrote some lines in Go language to watch like a concurrent Personal Continuous Integration (PCI) code, exporting a REST API over HTTP, could look. Landscape in computing has evolved from desktop computer and client-server architectures to more diverses computing devices and architectures (clusters, cloud, embedded devices ...) Nowadays, running some kind of build bot in your multi-core smartphone or personal device makes sense in some scenarios.
With this post I am releasing my last snippets of code exploring VAX architecture. Those snippets of code contain the required code developed from scratch to bootstrap a simple kernel supporting an interactive shell. Among the goals for programming this simple kernel were checking the minimal bootstrapping code, MMU programming, interrupt handling, I/O (console support) and multitasking on VAX.
The seventh White Rabbit workshop took place in CDTI, the Spanish Centre for Industrial Technological Development in Madrid on 27 and 28 November 2012. If you don't know about this project you might be interested in my last technical entry about White Rabbit project.
In this workshop Igalia reported on FMC TDC experience and some of the new technical ways used to fuel the project while developing and testing low level software using virtualization techniques.
Working in open projects is always a great experience and this time is not an excepction. Along this year we were collaborating and working with CERN, the European Organization for Nuclear Research, in several projects.
One the these projects goes under the name White Rabbit. But, what is White Rabbit? and how we are partnering with some of major European accelerators and research institutions to support it?
They were two days talking about Erlang and OTP framework, an open-source general-purpose programming language and runtime environment developed by Ericsson to build distributed and reliable soft real-time concurrent systems.
In the previous edition, I was among the speakers where I talked about self-replicating computer code, infection techniques and how security software was handling all this stuff.
This year, Ross Anderson was among the speakers. Good news having one world-class security expert talking about cryptology and security. If you don’t know Ross maybe you would like to check his personal web page on Cambridge. Ross is professor of Security Engineering at the Cambridge’s Computer Laboratory where he runs serious and pragmatic research on topics resolving global security issues.
Just blogging a quick post after caming back from Root3d CON in Madrid. This year I have to congratulate speakers again. They shared another year interesting ideas and good technical hacks. I would say this CON speaks loud and clear about the global security scene and the industry around it too. Congrats guys!
Related to technical work I would like to highlight some hot topics covered in talks such as banking attacks, loading malware in Domain Name Servers (DNS), subverting domotic facilities, cracking industrial embedded devices or bouncing along IP videos and on-line weather stations across the globe.
This past weekend I ended my lessons on our Master Software Libre.
If you follow this blog you will know I usually write down the topics I teach along these lessons. It is always good thing getting feedback and getting in touch with persons reading these lines.
By the way, this year our Master runs its fifth edition. I am proud to watch how it is working and how old and new students, teachers, collaborators, community advisors and all our friends build this knowledge community daily.
These lessons were the first ones happening before my usual lessons on Networking, Security Networking and Linux Kernel.
On Physical Security time we worked on well-know physical system security methodologies, together with two new relevant topics: environmental design and design and evaluation of physical protection systems.
It was a lesson covering broad and detailed topics; ranging from designing defensible spaces, where you are able to use different elements and aspects to get natural social control and crime prevention, till a full description of technology and sensor availability to protect different facilities. Security standards or some notes to understand social behaviour (The Bronx study case) were worked out too.
On Cryptography, we walked along its history and development in order to understand cryptographic models and current crytographic systems, free/open software tooling, integration and usual use cases. At the end, everybody got their crypto stuff in place, ready to take part in keysigning parties and next social community events.
Ah! I almost forgot. This year, students will elaborate on the right design to build a safe and secure physical protection system for one embassy.
First patch adds the new PCI PM in order to let the PCI core code handling the PCI-specific details of power translations. It was tested in kernel version 2.6.38, including standby and hibernation support. I would like to thank to Wu Zhangjin. He was kind enough to run this testing.
Second patch implements dynamic framebuffer mode setting support. Previous code works with mode setting in a hard code way. It was tested with SM712 supporting 1024x600x16 as default hardware resolution.
Several months ago I faced an interesting project around eInk technology. Basically, it had several clear goals about porting GNOME technologies to get a better stack that the hardware manufacturer's. You know ... better development tools, better testbed and finally ... better user experience :)
With this project I played with the Hanlin v5 device as a test gadget. If you check the original specs about the product, you will realize the gadget runs a Samsung Arm 9 400MHz processor with SDRAM 32MB and main display eInk Vizplex (5" diagonal, 800x600 and 8 level grayscale) so ... what about getting some proof of concept to check possibilities! ;)
Root3d CON is gone. March 3th, 4th and 5th were hot days in Madrid where CON took place in Castellana Street ... funny watching a lot of grey hats walking along the street where major banks and financial companies are located :) ...
Regarding this second edition live hacking sessions became an usual practice with a lot of members of the community showing their black and white skills in short periods of time.
Far from commercial slots where some well known companies showed their products, services and so on some concrete talks attracted my attention:
This weekend I taught the second part of Security Networking at Master on Free Software. After studying networking foundations, enjoying some practical labs and going on Linux networking stack in depth we finished with practical attacks and defenses as usual.
By the way, I coincided with MSWL students and several students of previous editions at Brussels attending to FOSDEM too. Drinking some beers and chatting about free and open technology was nice. This shot catched some students while sharing their keys at the FOSDEM's keysigning event :)
Maybe you wonder about numbers related this event ... I only can say they are really impressive. You may think about 5000 visitors enjoying for two days of keynotes, speeches and lightning talks covering many FOSS projects. It is a demanding but really gratifying event!
This year I came back to Brussels in order to track some old projects and having a look in emergent and innovative ideas. FOSDEM is always a good place to take the community's pulse and this year was not an exception.
They are here :) ... we will start our distributed cross-compiling experiments based on ARM soon!
"Take the first step in faith. You don't have to see the whole staircase, just take the first step" -- Dr. Martin Luther King, Jr.
Some weeks ago we finished our administration and development module focused on networks and computers. This module is part of our Master on Free Software and I had the pleasure to take part in it again, together with other mates here in Igalia
With regard to Networking, we saw relevant topics such as foundations, administration, tooling, design and security (attack and defense) in depth. All these topics included practical hands-on-lab sessions with selected questions and exercises in order to consolidate theory, doubts and continuous assessment.
Introducing the Kernel land is always a defiant task due to obvious reasons: you are touching hardware here! :) so crossing the border forward and backward between software and hardware is not the perfect place to newcomers and non very experienced developers. Fortunately, I always find passionate and skilled people in my classes and, this year, it was not an exception :) so introducing "bored" stuff about electricity and principles of digital computing with historic milestones was the previous needed stuff to follow the next technical topics. Finally, we surfed the Kernel internals and ran some configuration/compilation in order to see how the things are working currently.
You can check more about teachers, stuff, conferences and so on here!
Just linking this good and recent draft about security assesment of the IPv4. Extract from the introduction:
"There is a clear need for a companion document to the IETF specifications that discusses the security aspects and implications of the protocols, identifies the possible threats, discusses the possible counter-measures, and analyzes their respective effectiveness.
This document is the result of an assessment the IETF specifications of the Internet Protocol (IP), from a security point of view. Possible threats were identified and, where possible, counter-measures were proposed. Additionally, many implementation flaws that have led to security vulnerabilities have been referenced in the hope that future implementations will not incur the same problems".
This kind of events are normally developed in Madrid, where Red Hat (RH) maintains their satellite offices here in Spain, so it was a good opportunity to know about the latest products being marketed and sold by the North Carolina company here at home :)
In brief, this event focused on building virtual data centers (pros and cons) and how some major companies are using this kind of technology.