Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade

Total Page:16

File Type:pdf, Size:1020Kb

Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade* Crispin Cowan, Perry Wagle, Calton Pu, Steve Beattie, and Jonathan Walpole Department of Computer Science and Engineering Oregon Graduate Institute of Science & Technology** ([email protected]) http://www.cse.ogi.edu/DISC/projects/immunix Abstract the ability to inject and execute attack code. The Buffer overflows have been the most common injected attack code runs with the privileges of the vul- form of security vulnerability for the last ten nerable program, and allows the attacker to bootstrap years. More over, buffer overflow vulnerabilities whatever other functionality is needed to control dominate the area of remote network penetra- (“own” in the underground vernacular) the host com- tion vulnerabilities, where an anonymous Inter- puter. net user seeks to gain partial or total control of For instance, among the five “new” “remote to a host. If buffer overflow vulnerabilities could be effectively eliminated, a very large portion of local” attacks used in the 1998 Lincoln Labs intrusion the most serious security threats would also be detection evaluation, three were essentially social engi- eliminated. In this paper, we survey the various neering attacks that snooped user credentials, and two types of buffer overflow vulnerabilities and were buffer overflows. 9 of 13 CERT advisories from attacks, and survey the various defensive mea- 1998 involved buffer overflows [34] and at least half of sures that mitigate buffer overflow vulnerabili- 1999 CERT advisories involve buffer overflows [5]. An ties, including our own StackGuard method. We informal survey on the Bugtraq security vulnerability then consider which combinations of techniques mailing list [29] showed that approximately 2/3 of can eliminate the problem of buffer overflow respondents felt that buffer overflows are the leading vulnerabilities, while preserving the functional- cause of security vulnerability.1 ity and performance of existing systems. Buffer overflow vulnerabilities and attacks come in 1 Introduction a variety of forms, which we describe and classify in Buffer overflows have been the most common form Section 2. Defenses against buffer overflow attacks similarly come in a variety of forms, which we describe of security vulnerability in the last ten years. More over, in Section 3, including which kinds of attacks and vul- buffer overflow vulnerabilities dominate intheareaof nerabilities these defenses are effective against. The remote network penetration vulnerabilities, where an Immunix project has developed the StackGuard defen- anonymous Internet user seeks to gain partial or total sive mechanism [14, 11], which has been shown to be control of a host. Because these kinds of attacks enable anyone to take total control of a host, they represent one highly effective at resisting attacks without compromis- ing system compatibility or performance [9]. Section 4 of the most serious classes security threats. discusses which combinations of defenses complement Buffer overflow attacks form a substantial portion each other. Section 5 presents our conclusions. of all security attacks simply because buffer overflow vulnerabilitiesaresocommon[15]andsoeasyto 2 Buffer Overflow Vulnerabilities and exploit [30, 28, 35, 20]. However, buffer overflow vul- nerabilities particularly dominate in the class of remote Attacks penetration attacks because a buffer overflow vulnera- The overall goal of a buffer overflow attack is to bility presents the attacker with exactly what they need: subvert the function of a privileged program so that the attacker can take control of that program, and if the pro- *. This work supported in part by DARPA grant F30602-96-1- gram is sufficiently privileged, thence control the host. 0331, and DARPA contract DAAH01-99-C-R206. Typically the attacker is attacking a root program, and immediately executes code similar to “exec(sh)” to get **Of these authors, Crispin Cowan, Steve Beattie, and Perry a root shell, but not always. To achieve this goal, the Wagle are now with Immunix, Inc., and Calton Pu is at attacker must achieve two sub-goals: Georgia Tech. AlsopresentedasaninvitedtalkatSANS2000(System 1.The remaining 1/3 of respondants identified Administration and Network Security), http:// “misconfiguration” as the leading cause of security www.sans.org/newlook/events/sans2000.htm vulnerability. Proceedings of the Foundations of Intrusion Tolerant Systems (OASIS’03) 0-7695-0490-6/99 $17.00 1999 IEEE Previously published in the DARPA Information Survivability Conference and Exposition 2000 Proceedings 1. Arrange for suitable code to be available in the pro- weak or non-existent bounds checking on its input with gram's address space. a goal of corrupting the state of an adjacent part of the 2. Get the program to jump to that code, with suitable program’s state, e.g. adjacent pointers, etc. By over- parameters loaded into registers & memory. flowing the buffer, the attacker can overwrite the adja- cent program state with a near-arbitrary2 sequence of We categorize buffer overflow attacks is in terms of bytes, resulting in an arbitrary bypass of C’s type sys- achieving these two sub-goals. Section 2.1 describes tem3 and the victim program’s logic. how the attack code is placed in the victim program’s address space (which is where the “buffer” part comes The classification here is the kind of program state that the attacker’s buffer overflow seeks to corrupt. In from). Section 2.2 describes how the attacker overflows principle, the corrupted state can be any kind of state. a program buffer to alter adjacent program state (which For instance, the original Morris Worm [37] used a is where the “overflow” part comes from) to induce the buffer overflow against the fingerd program to cor- victim program to jump to the attack code. Section 2.3 ruptthenameofafilethatfingerd would execute. In discusses some issues in combining the code injection techniques from Section 2.1 with the control flow cor- practice, most buffer overflows found in “the wild” seek to corrupt code pointers: program state that points ruption techniques from Section 2.2. at code. The distinguishing factors among buffer over- flow attacks is the kind of state corrupted, and where in 2.1 WaystoArrangeforSuitableCodetoBein the memory layout the state is located. the Program's Address Space Activation Records: Each time a function is called, it There are two ways to arrange for the attack code to lays down an activation record on the stack [1] that be in the victim program’s address space: either inject includes, among other things, the return address that it, or use what is already there. the program should jump to when the function exits, Inject it: The attacker provides a string as input to the i.e. point at the code injected in Section 2.1. Attacks program, which the program stores in a buffer. The that corrupt activation record return addresses over- string contains bytes that are actually native CPU flow automatic variables, i.e. buffers local to the instructions for the platform being attacked. Here function, as shown in Figure 1. By corrupting the the attacker is (ab)using the victim program’s buff- return address in the activation record, the attacker ers to store the attack code. Some nuances on this causes the program to jump to attack code when the method: victim function returns and dereferences the return address. This form of buffer overflow is called a • The attacker does not have to overflow any buff- “stack smashing attack” [14, 30, 28, 35] and consti- ers to do this; sufficient payload can be injected tute a majority of current buffer overflow attacks into perfectly reasonable buffers. Function Pointers: “void (* foo)()”declares • The buffer can be located anywhere: the variable foo which is of type “pointer to func- tion returning void.” Function pointers can be allo- • onthestack(automaticvariables) cated anywhere (stack, heap, static data area) and so • on the heap (malloc’d variables) the attacker need only find an overflowable buffer • in the static data area (initialized or uninitial- adjacent to a function pointer in any of these areas ized) and overflow it to change the function pointer. Some time later, when the program makes a call It is already there: Often,thecodetodowhatthe through this function pointer, it will instead jump to attacker wants is already present in the program’s the attacker's desired location. An example of this address space. The attacker need only parameterize kind of attack appeared in an attack against the the code, and then cause the program to jump to it. superprobe program for Linux. For instance, if the attack code needs to execute “exec(“/bin/sh”)”, and there exists code in Longjmp buffers: C includes a simple checkpoint/roll- libc that executes “exec(arg)” where “arg” is a back system called setjmp/longjmp. The idiom is to string pointer argument, then the attacker need only say “setjmp(buffer)” to checkpoint, and say change a pointer to point to “/bin/sh”andjump “longjmp(buffer)”togobacktothecheck- to the appropriate instructions in the libc library point. However, if the attacker can corrupt the state [41]. of the buffer, then “longjmp(buffer)”will 2.2 Ways to Cause the Program to Jump to the 2.There are some bytes that are hard to inject, such as control Attacker's Code characters and null bytes that have special meaning to I/O All of these methods seek to alter the program’s libraries, and thus may be filtered before they reach the control flow so that the program will jump to the attack program’s memory. code. The basic method is to overflow a buffer that has 3.That this is possible is an indication of the weakness of C’s type system. Proceedings of the Foundations of Intrusion Tolerant Systems (OASIS’03) 0-7695-0490-6/99 $17.00 1999 IEEE Previously published in the DARPA Information Survivability Conference and Exposition 2000 Proceedings ize the code.
Recommended publications
  • "Design Rules, Volume 2: How Technology Shapes Organizations
    Design Rules, Volume 2: How Technology Shapes Organizations Chapter 17 The Wintel Standards-based Platform Carliss Y. Baldwin Working Paper 20-055 Design Rules, Volume 2: How Technology Shapes Organizations Chapter 17 The Wintel Standards-based Platform Carliss Y. Baldwin Harvard Business School Working Paper 20-055 Copyright © 2019 by Carliss Y. Baldwin Working papers are in draft form. This working paper is distributed for purposes of comment and discussion only. It may not be reproduced without permission of the copyright holder. Copies of working papers are available from the author. Funding for this research was provided in part by Harvard Business School. © Carliss Y. Baldwin Comments welcome. Please do not circulate or quote. Design Rules, Volume 2: How Technology Shapes Organizations Chapter 17 The Wintel Standards-based Platform By Carliss Y. Baldwin Note to Readers: This is a draft of Chapter 17 of Design Rules, Volume 2: How Technology Shapes Organizations. It builds on prior chapters, but I believe it is possible to read this chapter on a stand-alone basis. The chapter may be cited as: Baldwin, C. Y. (2019) “The Wintel Standards-based Platform,” HBS Working Paper (November 2019). I would be most grateful for your comments on any aspect of this chapter! Thank you in advance, Carliss. Abstract The purpose of this chapter is to use the theory of bottlenecks laid out in previous chapters to better understand the dynamics of an open standards-based platform. I describe how the Wintel platform evolved from 1990 through 2000 under joint sponsorship of Intel and Microsoft. I first describe a series of technical bottlenecks that arose in the early 1990s concerning the “bus architecture” of IBM-compatible PCs.
    [Show full text]
  • United States V.Microsoft
    United States v. Microsoft 1 United States v. Microsoft United States vs. Microsoft was a set of consolidated civil actions filed against Microsoft Corporation pursuant to the Sherman Antitrust Act on May 18, 1998 by the United States Department of Justice (DOJ) and 20 U.S. states. Joel I. Klein was the lead prosecutor. The plaintiffs alleged that Microsoft abused monopoly power on Intel-based personal computers in its handling of operating system sales and web browser sales. The issue central to the case was whether Microsoft was allowed to bundle its flagship Internet Explorer (IE) web browser software with its Microsoft Windows operating system. Bundling them together is alleged to have been responsible for Microsoft's victory in the browser wars as every Windows user had a copy of Internet Explorer. It was further alleged that this restricted the market for competing web browsers (such as Netscape Navigator or Opera) that were slow to download over a modem or had to be purchased at a store. Underlying these disputes were questions over whether Microsoft altered or manipulated its application programming interfaces (APIs) to favor Internet Explorer over third party web browsers, Microsoft's conduct in forming restrictive licensing agreements with original equipment manufacturer (OEMs), and Microsoft's intent in its course of conduct. Microsoft stated that the merging of Microsoft Windows and Internet Explorer was the result of innovation and competition, that the two were now the same product and were inextricably linked together and that consumers were now getting all the benefits of IE for free. Those who opposed Microsoft's position countered that the browser was still a distinct and separate product which did not need to be tied to the operating system, since a separate version of Internet Explorer was available for Mac OS.
    [Show full text]
  • Utilizing Hardware Monitoring to Improve the Quality of Service and Performance of Industrial Systems
    1 Mälardalen University Press Dissertations No. 270 UTILIZING HARDWARE MONITORING TO IMPROVE THE QUALITY OF SERVICE AND PERFORMANCE OF INDUSTRIAL SYSTEMS Marcus Jägemar 2018 School of Innovation, Design and Engineering 2 Copyright © Marcus Jägemar, 2018 ISBN 978-91-7485-395-7 ISSN 1651-4238 Printed by E-Print AB, Stockholm, Sweden 3 4 5 Antligen!¨ 1 My own translation: Finally! — Gert Fylking, 2000 [107] 1The debater Gert Fylking attended the Nobel literature prize announcement several consecutive years (2000–2002) and exclamated “finally” when the winner was announced. His comment implied that the prize winner was unknown for the people that didn’t belonging to the cultural elite. In this thesis we interpret the quote explicitly, that the thesis is finished at last! 6 7 Abstract HE drastically increased use of information and communications tech- nology has resulted in a growing demand for telecommunication net- T work capacity. The demand for radically increased network capacity coincides with industrial cost-reductions due to an increasingly competitive telecommunication market. In this thesis, we have addressed the capacity and cost-reduction problems in three ways. Our first contribution is a method to support shorter development cycles for new functionality and more powerful hardware. We reduce the development time by replicating the hardware utilization of production systems in our test environment. Having a realistic test environment allows us to run performance tests at early design phases and therefore reducing the overall system develop- ment time. Our second contribution is a method to improve the communication per- formance through selective and automatic message compression. The message compression functionality monitors transmissions continuously and selects the most efficient compression algorithm.
    [Show full text]
  • THE USENET COOKBOOK (Recipes and Food Lore from the Global Village)
    THE USENET COOKBOOK (Recipes and food lorefromthe global village) Acollection by the readers of USENET,from the newsgroup alt.gourmand. Edited by Brian K. Reid Palo Alto, California, U.S.A. decwrl!reid [email protected] Last updated 1989-ish. Typeset 13 September 2012 Copyright © 1989 USENET Community Trust Permission to copywithout fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advan- tage, the USENET copyright notice, title, and publi- cation date appear,and notice is giventhat copying is by permission of the USENET Community Trust. 1 INTRODUCTION(M) INTRODUCTION(M) The newelectronic interdependence recreates the world in the image ofaglobal village. —Marshall McLuhan, 1967 INTRODUCTION This is a community cookbook, from an invisible worldwide electronic community.Likeall community cookbooks, it has the favorite recipes of the members of the community,suitably edited and organized. The USENET Cookbook is a collection of the favorite recipes of USENET readers worldwide. USENET USENET is the network by which Unix computer users talk to each other.Itisaworldwide net, made from computer-to-computer telephone links, linking some 500,000 people at 7,000 sites in 30 countries. Besides serving an obvious technical and scientific purpose, USENET is also a medium for linking worldwide social groups of people who share common interests. As an experiment in interactive electronic publica- tion, some members of USENET decided in 1985 to makeacookbook of favorites from their ‘‘global vil- lage’’. Brian Reid of DEC Western Research in Palo Alto, California, organized the venture and wrote much of the requisite software.
    [Show full text]
  • Opinion : U.S. V. Microsoft Corporation
    <<TheCase: pagination 00-5212 in this PDF Document: may not match 606393 the actua Filed: pagination 06/28/2001 in the printed Page:slip opinion>> 1 United States Court of Appeals FOR THE DISTRICT OF COLUMBIA CIRCUIT Argued February 26 and 27, 2001 Decided June 28, 2001 No. 00-5212 United States of America, Appellee v. Microsoft Corporation, Appellant Consolidated with 00-5213 Appeals from the United States District Court for the District of Columbia (No. 98cv01232) (No. 98cv01233) Richard J. Urowsky and Steven L. Holley argued the causes for appellant. With them on the briefs were John L. <<TheCase: pagination 00-5212 in this PDF Document: may not match 606393 the actua Filed: pagination 06/28/2001 in the printed Page:slip opinion>> 2 Warden, Richard C. Pepperman, II, William H. Neukom, Thomas W. Burt, David A. Heiner, Jr., Charles F. Rule, Robert A. Long, Jr., and Carter G. Phillips. Christopher J. Meyers entered an appearance. Lars H. Liebeler, Griffin B. Bell, Lloyd N. Cutler, Louis R. Cohen, C. Boyden Gray, William J. Kolasky, William F. Adkinson, Jr., Jeffrey D. Ayer, and Jay V. Prabhu were on the brief of amici curiae The Association for Competitive Technology and Computing Technology Industry Association in support of appellant. David R. Burton was on the brief for amicus curiae Center for the Moral Defense of Capitalism in support of appellant. Robert S. Getman was on the brief for amicus curiae Association for Objective Law in support of appellant. Jeffrey P. Minear and David C. Frederick, Assistants to the Solicitor General, United States Department of Justice, and John G.
    [Show full text]
  • Microsoft a History of Anticompetitive Behavior and Consumer Harm
    March 31, 2009 Microsoft A History of Anticompetitive Behavior and Consumer Harm March 31, 2009 TABLE OF CONTENTS I. INTRODUCTION ...............................................................................................................1 II. MICROSOFT’S HISTORY OF ANTICOMPETITIVE CONDUCT .................................3 A. Microsoft’s Campaign To Destroy DR-DOS ..........................................................3 B. Microsoft’s Anticompetitive Per Processor License Fees .......................................5 C. Microsoft’s Retaliation And Price Discrimination Against IBM ............................6 D. Microsoft’s Organized Collective Boycott Against Intel ........................................7 E. Microsoft’s Elimination Of Word Perfect ...............................................................7 F. Microsoft’s Deceptive WISE Software Program.....................................................9 G. Microsoft’s Elimination Of Netscape ....................................................................10 H. Microsoft’s Attempts To Extinguish Java .............................................................14 I. Microsoft’s Elimination Of Rival Media Players ..................................................16 J. Microsoft’s Campaign Against Rival Server Operating Systems..........................18 III. MICROSOFT CONTINUES TO ENGAGE IN ANTICOMPETITIVE CONDUCT ......19 A. Microsoft’s Failure To Comply With The Final Judgment ...................................20 B. Microsoft’s Campaign of Patent FUD against Linux
    [Show full text]
  • Zbwleibniz-Informationszentrum
    A Service of Leibniz-Informationszentrum econstor Wirtschaft Leibniz Information Centre Make Your Publications Visible. zbw for Economics Schrape, Jan-Felix Working Paper Technology and the promise of decentralization: Origins, development, patterns of arguments SOI Discussion Paper, No. 2019-01 Provided in Cooperation with: Institute for Social Sciences, Department of Organizational Sociology and Innovation Studies, University of Stuttgart Suggested Citation: Schrape, Jan-Felix (2019) : Technology and the promise of decentralization: Origins, development, patterns of arguments, SOI Discussion Paper, No. 2019-01, Universität Stuttgart, Institut für Sozialwissenschaften, Abteilung für Organisations- und Innovationssoziologie, Stuttgart This Version is available at: http://hdl.handle.net/10419/194289 Standard-Nutzungsbedingungen: Terms of use: Die Dokumente auf EconStor dürfen zu eigenen wissenschaftlichen Documents in EconStor may be saved and copied for your Zwecken und zum Privatgebrauch gespeichert und kopiert werden. personal and scholarly purposes. Sie dürfen die Dokumente nicht für öffentliche oder kommerzielle You are not to copy documents for public or commercial Zwecke vervielfältigen, öffentlich ausstellen, öffentlich zugänglich purposes, to exhibit the documents publicly, to make them machen, vertreiben oder anderweitig nutzen. publicly available on the internet, or to distribute or otherwise use the documents in public. Sofern die Verfasser die Dokumente unter Open-Content-Lizenzen (insbesondere CC-Lizenzen) zur Verfügung gestellt
    [Show full text]
  • Read the Report
    MERCY CORPS 2000 Annual Report TABLE OF CONTENTS Letter from the Executive Staff 2-3 Central & South Asia 4-11 Balkans 12-17 East & Southeast Asia 18-23 Americas 24-29 Middle East & Caucasus 30-35 Africa 36-39 2000 Finding Solutions 40-45 Global Map 46-47 War. Hunger. Inequality. Acknowledgements 48-57 Making a Difference, Changing the World The Mercy Corps Family Hope. Justice. Commitment. Partners in Mercy Founders Circle Good Samaritan Society Partnership. Resource Partners Financial Report 58 Officers and Board Members 59 In 2000, Mercy Corps changed lives in some of the poorest and most challenged communities on Earth. With our many global family partners, we helped make the world better for those most in need. We renew hope. Editor’s note: This report uses British spelling throughout in recognition of Mercy Corps’ status We find solutions. as a global organisation with headquarters in the United States and Europe, and partners worldwide. We leave behind a legacy of change. cover photo: Eritrean girl. page 1: Refugee children in Homoine, Mozambique. 1 A Letter from the Executive Staff Dear Friends and Partners, Global Emergency Operations team to deliver faster, higher-quality relief assistance worldwide. In addition, we played a leadership role in the Sphere easuring growth and measuring success are two entirely different equations for a project, a major global effort to set standards and thereby improve the humanitarian organisation like Mercy Corps. The former is relatively simple to quality of relief assistance. We also invested in new expertise for overall Mchart. How much assistance did you deliver? How many people did you help? These programme management, civil society, and economic development, while are important numbers, and we are pleased that for the third consecutive year, Mercy Corps has developing new partnerships with the Conflict Management Group and significantly increased the size of its worldwide programmes.
    [Show full text]
  • Wiki Creator Joins Eclipse Foundation, COMPUTERWORLD October 24, 2005
    Wiki Creator Joins Eclipse Foundation, COMPUTERWORLD October 24, 2005 Hoffman, T. (Oct. 24, 2005). Wiki Creator Joins Eclipse Foundation. ComputerWorld. 12/15/2015 Ward Cunningham ­ Wikipedia, the free encyclopedia Ward Cunningham From Wikipedia, the free encyclopedia Howard G. "Ward" Cunningham (born May 26, 1949) is an American computer programmer who developed the Ward Cunningham first wiki. A pioneer in both design patterns and extreme programming, he started programming the software WikiWikiWeb in 1994 and installed it on the website of his software consultancy, Cunningham & Cunningham (commonly known by its domain name, c2.com), on March 25, 1995, as an add­on to the Portland Pattern Repository. He currently lives in Beaverton, Oregon, and is a programmer at New Relic.[1] Previously he was the Co­ Creation Czar for CitizenGlobal.[2] He is Nike's first Code for a Better World Fellow.[3] He has authored a book about wikis, titled The Wiki Way, Cunningham in December 2011. and also invented Framework for Integrated Tests. He Born Howard G. Cunningham was a keynote speaker at the first three instances of the May 26, 1949 WikiSym conference series on wiki research and Michigan City, Indiana, United States practice. Residence Portland, Oregon, United States Occupation Computer programmer Contents Years active 1984–present Known for WikiWikiWeb, the first implementation of a wiki 1 Personal history Call­sign K9OX 2 Ideas and inventions (http://www.qrz.com/db/K9OX) 2.1 Patterns and extreme programming 3 See also 4 References 5 External links Personal history https://en.wikipedia.org/wiki/Ward_Cunningham 1/4 12/15/2015 Ward Cunningham ­ Wikipedia, the free encyclopedia Cunningham was born in Michigan City, Indiana.[4] He received his Bachelor's degree in interdisciplinary engineering (electrical engineering and computer science) and his master's degree in computer science from Purdue University.
    [Show full text]
  • 1. from the People Who Brought You EDLIN
    Why I hate Microsoft "A personal, lengthy, but highly articulate outburst" 1. From the people who brought you EDLIN "640k should be enough for anyone." -- Attr. to Bill Gates, Microsoft CEO, 1981 Gates and Allen, ca. 1968 In 1975 Bill Gates and Paul Allen, who were students at Harvard University at the time, adapted BASIC to run on the popular Altair 8800 computer and sold it to the Altair's manufacturer, MITS. Although BASIC had been developed by Kemeny and Kurtz in 1963, the Altair BASIC interpreter was the first "high language" program to run on the type of computer that would later become known as the microcomputer or home computer. While the BASIC programming language itself was already in the public domain by then, there was no interpreter that could run it on the first microcomputers, and the small microprocessor systems typically developed by hobbyists and researchers were still being programmed in machine code and often operated via switches. Thus Gates and Allen could be said to have created an original product. One might even call it a true innovation. It would be one of their last. Developing BASIC on borrowed time Gates and Allen initially met at Lakeside School (an exclusive private school for rich boys) where Gates became an adept at BASIC on a General Electric Mark II computer. Shortly thereafter they got access to a PDP-10 run by a private company in Seattle. The company offered free time to the Lakeside school kids to see if they could crash the system. Gates proved to be particularly good at doing so.
    [Show full text]
  • In the United States District Court for the District Of
    IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA STATE OF NEW YORK ex. rel. Attorney General ELIOT SPITZER, et al., Plaintiffs, v. Civil Action No. 98-1233 (CKK) MICROSOFT CORPORATION, Defendant. Direct Testimony of John K. Bennett, Ph.D., P.E. Table of Contents I. Introduction 1 II. Background and Qualifications 1 A. Professional Background 1 B. Cases in Which I Have Testified at Trial or by Deposition as an Expert 5 III. Materials Considered 6 IV. Summary of Testimony 7 V. Technical Feasibility of the States’ Remedy and Microsoft’s Remedy 10 . Software Development Issues 10 A. Section 1 of the States’ Remedy is Technically Infeasible 13 1. The States’ Remedy Definition of “Bind” and “Microsoft Middleware Product” Render Section 1 of the States’ Remedy Unworkable 13 2. Section 1 of the States’ Remedy Would Negatively Impact Software Developers and Consumers 22 3. Section 1 of the States’ Remedy Would Severely Impact the Ability to Test Windows Operating System Products, with a Resulting Direct Negative Impact on Consumers 24 4. Section 1 of the States’ Remedy Would Create an Unreasonable Support Burden, Which Would Also Negatively Impact Consumers and OEMs 30 5. Windows XP Embedded Does Not Demonstrate that Section 1 of the States’ Remedy is Feasible 33 6. The Experiments of Dr. Edward Felten Do Not Establish that Section 1 is Technically Feasible 43 7. Dr. Andrew Appel’s Suggested Methods for Microsoft to Comply with Section 1 of the States’ Remedy Fail Upon Close Analysis 47 B. Section 2 of the States’ Remedy is Technically Infeasible 50 1.
    [Show full text]
  • Registered by Australia Post Publication No. NBG6524
    Registered by Australia Post Publication No. NBG6524 The Australian UNIX* systems User Group Newsletter Volume 6 Number I May 1 985 CONTENTS 2 Editorial Advance Notice of Next AUUG Meeting Wollongong Meeting Abstracts UNIX as a Tool for Research in the Steel Industry User-Mode Development of Hardware and Kernel Software 14 From the USENIX Newsletter (;login:) 17 USENET in the Sky 18 A Bit About Eighth Edition UNIX 22 24 The Winter 85 USENIX Conference - First Order Observations The Winter 85 USENIX Conference - E.U.U.G.’s Report 25 USENIX Conference Proceedings Available 28 Past USENIX Distribution Tapes Available 28 A Word Puzzle 35 Netnews 36 AUUG Financial Statement 65 AUUG Membership and Subscription Forms 67 Copyright (c) 1985. AUUGN is the journal of the Australian UNIX systems User Group. Copying without fee is permitted provided that copies are not made or distributed for commercial advantage and credit to the source is given. Abstracting with credit is permitted. No other reproduction is permitted without the prior permission of the Australian UNIX systems User Group. * UNIX is a trademark of AT&T Bell Laboratories. Vol 6 No I AUUGN Editorial Welcome to volume 6 and my apologies for the lateness of this issue. I thought of making all sorts of excuses, but then I thought "why should I~" so I won’t. This issue should be followed by another next month and then we should be back in sync (small UNIX joke there). WANTED: AUUGN Columnists Is there anyone out there that wants to share the fame, wealth and wild living of being a major contributor to this newsletter? Seriously, I am finding the job a little too much for one person and am looking for people, interested in producing a good quality publication, willing to share the load.
    [Show full text]