DOCSLIB.ORG

Vulnerability Detection on Web Browsers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

This document is downloaded from DR‑NTU (https://dr.ntu.edu.sg) Nanyang Technological University, Singapore. Vulnerability detection on web browsers Yu, Haiwan 2019 Yu, H. (2019). Vulnerability detection on web browsers. Doctoral thesis, Nanyang Technological University, Singapore. https://hdl.handle.net/10356/143063 https://doi.org/10.32657/10356/143063 This work is licensed under a Creative Commons Attribution‑NonCommercial 4.0 International License (CC BY‑NC 4.0). Downloaded on 29 Sep 2021 06:20:20 SGT Vulnerability Detection on Web Browsers Yu Haiwan SCHOOL OF PHYSICAL AND MATHEMATICAL SCIENCES 2019 Vulnerability Detection on Web Browsers Yu Haiwan SCHOOL OF PHYSICAL AND MATHEMATICAL SCIENCES A thesis submitted to the Nanyang Technological University in partial fulfilment of the requirement for the degree of Doctor of Philosophy 2019 Statement of Originality I hereby certify that the work embodied in this thesis is the result of original research done by me except where otherwise stated in this thesis. The thesis work has not been submitted for a degree or professional qualification to any other university or institution. I declare that this thesis is written by myself and is free of plagiarism and of sufficient grammatical clarity to be examined. I confirm that the investigations were conducted in accord with the ethics policies and integrity standards of Nanyang Technological University and that the research data are presented honestly and without prejudice. 14-Aug-2019 ............................................ Date Yu Haiwan Supervisor Declaration Statement I have reviewed the content and presentation style of this thesis and declare it is free of plagiarism and of sufficient grammatical clarity to be examined. To the best of my knowledge, the research and writing are those of the candidate except as acknowledged in the Author Attribution Statement. I confirm that the investigations were conducted in accord with the ethics policies and integrity standards of Nanyang Technological University and that the research data are presented honestly and without prejudice. ............................................ Date Assoc Prof. Wu HongJun Authorship Attribution Statement This thesis does not contain any materials from papers published in peer-reviewed journals or from papers accepted at conferences in which I am listed as an author. 14-Aug-2019 ............................................ Date Yu Haiwan Abstract Web browser is the most commonly used software to access the Internet. Any vulnerability in a popular web browser will compromise the security and privacy of its users. With the increasing complexity of modern web browsers, the attack surface of web browser increased dramatically and more vulnerabilities were intro- duced. In this thesis, we developed a fuzzing framework to detect vulnerability in the web browser. Our fuzzing framework is designed for large scale fuzzing of all the popular web browsers running on virtual machines. Our fuzzing framework sup- ports fuzzing with multiple test case generation strategies in a test case generator set, and test case generation strategies can be changed when fuzzer is running. By running this fuzzing framework together with our various vulnerability detec- tion methods, many crashes were found and in total 5 CVEs were assigned to the vulnerabilities being found. In this thesis, we proposed a new type of vulnerability, namely, the memory pressure bugs. This type of vulnerability was triggered by failed memory allocation. Using the existing fuzzing methods, it is extremely hard to trigger this type of bugs. It is also extremely difficult to reproduce this type of bugs since reproducing the crashes requires the identical memory allocation to be failed, while the memory allocations in computer system are hard to predict in general. To trigger this type of bugs, we developed low memory simulation instrumentation tools to aid our fuzzer to detect memory pressure bugs in web browsers. To reproduce this type of bugs, we introduced precise memory pressure in JavaScript code. We solve the problem of premature allocation failure of memory pressure bug by leveraging on the memory fragmentation to reserve memory space for allocation before the target allocation. Three new vulnerabilities of memory pressure bugs were successfully found in the Internet explorer. ix x In this Thesis, we analyzed 5 CVEs we have found and a zero-day vulnerability in Internet explorer. We exclusively disclose the details of these 6 vulnerabilities and proof of concept (POC) to trigger them. Acknowledgements I wish to express my greatest gratitude to my supervisor Prof. Wu HongJun who guided me through four years of my PhD Candidacy. I appreciate his guidance that gives me precious experience in computer security and cryptography. I would like to thank Dr Wei Lei and Dr Wang ChenYu for their guidance on fuzzing and crash analysis. They provide helpful advice to solve problems I have encountered in my research. I will also like to thank Dr Huang Tao and Peng Lunan for help on my research projects. I would like to thank the anonymous examiners of this thesis for their valuable time spent and the comments they provide. Furthermore, I will like to thank my parents who support me both mentally and financially that helps me to overcome the difficulties in my PhD study. Lastly, I would like to thank my wife Li Jingxi, for her sacrifice when I am busy with my research. xi Contents Abstract ix Acknowledgements xi List of Figures xvii Symbols and Acronyms xix 1 Introduction1 1.1 Vulnerability..............................1 1.1.1 Stack Buffer Overflow.....................2 1.1.2 Heap vulnerabilities.......................3 1.1.2.1 Heap out of bound access..............4 1.1.2.2 Use After Free....................4 1.1.2.3 Type confusion....................5 1.1.2.4 Uninitialized memory access.............5 1.2 Mitigations...............................6 1.2.1 StackGuard...........................6 1.2.2 DEP...............................6 1.2.3 Address Space Layout Randomization.............7 1.2.4 Control-flow Integrity......................8 1.3 Exploitation...............................8 1.3.1 Info leak.............................8 1.3.2 Virtual table pointer corruption................9 1.3.3 Return oriented programming................. 10 1.3.4 Heap Spray........................... 10 1.4 Vulnerability Detection......................... 12 1.4.1 Static Analysis......................... 13 1.4.2 Dynamic Analysis........................ 13 1.4.3 Fuzzing............................. 14 1.4.4 Error detecting tools...................... 15 1.5 Thesis Organization........................... 15 1.5.1 Thesis Statement........................ 16 xiii xiv CONTENTS 2 Browsers and their vulnerabilities 17 2.1 Introduction............................... 17 2.2 Browser Structure............................ 18 2.2.1 HTML and Document Object Model............. 18 2.2.2 JavaScript Engine........................ 20 2.2.3 CSS............................... 21 2.3 Browser vulnerabilities and exploit.................. 22 2.3.1 Use-After-Free.......................... 22 2.3.2 Arbitrary read and write.................... 22 2.4 JIT.................................... 23 2.5 Browser mitigations........................... 23 2.5.1 MemGC and Isolated Heap.................. 23 2.6 Browser Vulnerability Discovery.................... 24 3 Generation-based Browser Fuzzer 27 3.1 Introduction............................... 27 3.1.1 Browser Vulnerability Detection................ 27 3.1.1.1 Mutation-based fuzzing............... 28 3.1.1.2 Generation-based fuzzing.............. 28 3.1.2 Motivation............................ 29 3.2 Fuzzing framework........................... 30 3.2.1 Test case generation...................... 30 3.2.1.1 Grammar and Vocabulary.............. 32 3.2.1.2 General purpose DOM................ 34 3.2.1.3 Internet Explorer DOM............... 35 3.2.1.4 JavaScript Engine.................. 36 3.2.2 Fuzzing Server.......................... 37 3.2.3 Error Detection and Reporting................ 38 3.2.4 Crash Archive.......................... 39 3.2.5 Crash POC Minimizer..................... 40 3.3 Implementation............................. 41 3.3.1 Internet Explorer........................ 41 3.3.2 Microsoft Edge......................... 42 3.3.3 Webkit.............................. 43 3.3.4 Chromium and Firefox..................... 44 3.4 Result.................................. 45 4 Memory Pressure Bug 47 4.1 Introduction............................... 47 4.1.1 Potential target for memory pressure bug........... 48 4.1.2 Example of memory pressure bug............... 49 4.1.3 Challenges............................ 50 4.2 Our Approach.............................. 50 CONTENTS xv 4.2.1 Memory pressure instrumentation............... 51 4.2.1.1 PIN Instrumentation................. 52 4.2.1.2 Address Sanitizer................... 53 4.2.2 Minimizing POC........................ 55 4.2.3 Pressurization of the heap................... 57 4.2.4 Impact of allocation size.................... 59 4.2.4.1 Location of target allocation............. 60 4.2.4.2 Controllable allocation................ 61 4.2.4.3 Uncontrollable allocation............... 61 4.3 Implementation and result....................... 64 4.3.1 Open source browsers...................... 64 4.3.2 Internet Explorer........................ 66 4.3.3 Memory Pressurization on Internet Explorer......... 66 4.3.4 Result and Evaluation..................... 67 4.4 Future works and conclusion.....................
Recommended publications
  • Shared Source Licensing Program for the Windows Embedded Compact (Formerly Windows CE) Platform

    Shared Source Licensing Program for the Windows Embedded Compact (Formerly Windows CE) Platform

    9/6/2020 Shared Source Initiative | Licensing Program for the Windows Embedded Compact Platform Search Microsoft.com PRODUCTS STORE DOWNLOADS SUPPORT United States Shared Source Initiative > Windows Embedded Compact Source Licensing Program Shared Source Licensing Program for the Windows® Embedded Compact (formerly Windows CE) Platform Shared Source Licensing Programs Overview Microsoft offers a Shared Source licensing program for the Windows Embedded Compact (formerly Windows CE) platform. This program is applicable to the Windows Embedded Compact and Windows Embedded CE products. The Windows Embedded Shared Source program helps OEMs and developers speed development, reduce troubleshooting and code debugging time, receive assistance in remote device support and gain a deeper technical understanding of Windows Embedded Compact software. Public/Sample Source code is built at no additional cost into the purchased copies of the Windows Embedded Compact Platform Builder toolkit and provides access to nearly 4 million lines of code. Depending on a partner’s needs and qualifications, deeper levels of Shared Source code access (Private and Premium) are available. How to Participate Public/Sample Shared Source Public/Sample Shared Source code is available at no additional cost with each purchased copy of the Windows Embedded Compact 7 Platform Builder toolkit. Private Shared Source Private Shared Source Code is an optional component of the Windows Embedded Compact 7 Platform Builder toolkit that can be installed during the setup process. The toolkit user must electronically accept the terms and conditions of the Shared Source licensing agreement (EULA) before the Private source code can be installed. Premium Derivatives Program Microsoft also offers Premium access to advanced Windows Embedded Compact 7 source code through the Premium Derivatives licensing program.
  • HTTP Cookie - Wikipedia, the Free Encyclopedia 14/05/2014

    HTTP Cookie - Wikipedia, the Free Encyclopedia 14/05/2014

    HTTP cookie - Wikipedia, the free encyclopedia 14/05/2014 Create account Log in Article Talk Read Edit View history Search HTTP cookie From Wikipedia, the free encyclopedia Navigation A cookie, also known as an HTTP cookie, web cookie, or browser HTTP Main page cookie, is a small piece of data sent from a website and stored in a Persistence · Compression · HTTPS · Contents user's web browser while the user is browsing that website. Every time Request methods Featured content the user loads the website, the browser sends the cookie back to the OPTIONS · GET · HEAD · POST · PUT · Current events server to notify the website of the user's previous activity.[1] Cookies DELETE · TRACE · CONNECT · PATCH · Random article Donate to Wikipedia were designed to be a reliable mechanism for websites to remember Header fields Wikimedia Shop stateful information (such as items in a shopping cart) or to record the Cookie · ETag · Location · HTTP referer · DNT user's browsing activity (including clicking particular buttons, logging in, · X-Forwarded-For · Interaction or recording which pages were visited by the user as far back as months Status codes or years ago). 301 Moved Permanently · 302 Found · Help 303 See Other · 403 Forbidden · About Wikipedia Although cookies cannot carry viruses, and cannot install malware on 404 Not Found · [2] Community portal the host computer, tracking cookies and especially third-party v · t · e · Recent changes tracking cookies are commonly used as ways to compile long-term Contact page records of individuals' browsing histories—a potential privacy concern that prompted European[3] and U.S.
  • The Art, Science, and Engineering of Fuzzing: a Survey

    The Art, Science, and Engineering of Fuzzing: a Survey

    1 The Art, Science, and Engineering of Fuzzing: A Survey Valentin J.M. Manes,` HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, and Maverick Woo Abstract—Among the many software vulnerability discovery techniques available today, fuzzing has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of empirical evidence in discovering real-world software vulnerabilities. At a high level, fuzzing refers to a process of repeatedly running a program with generated inputs that may be syntactically or semantically malformed. While researchers and practitioners alike have invested a large and diverse effort towards improving fuzzing in recent years, this surge of work has also made it difficult to gain a comprehensive and coherent view of fuzzing. To help preserve and bring coherence to the vast literature of fuzzing, this paper presents a unified, general-purpose model of fuzzing together with a taxonomy of the current fuzzing literature. We methodically explore the design decisions at every stage of our model fuzzer by surveying the related literature and innovations in the art, science, and engineering that make modern-day fuzzers effective. Index Terms—software security, automated software testing, fuzzing. ✦ 1 INTRODUCTION Figure 1 on p. 5) and an increasing number of fuzzing Ever since its introduction in the early 1990s [152], fuzzing studies appear at major security conferences (e.g. [225], has remained one of the most widely-deployed techniques [52], [37], [176], [83], [239]). In addition, the blogosphere is to discover software security vulnerabilities. At a high level, filled with many success stories of fuzzing, some of which fuzzing refers to a process of repeatedly running a program also contain what we consider to be gems that warrant a with generated inputs that may be syntactically or seman- permanent place in the literature.
  • Freedom: Engineering a State-Of-The-Art DOM Fuzzer

    Freedom: Engineering a State-Of-The-Art DOM Fuzzer

    FreeDom: Engineering a State-of-the-Art DOM Fuzzer Wen Xu Soyeon Park Taesoo Kim Georgia Institute of Technology Georgia Institute of Technology Georgia Institute of Technology [email protected] [email protected] [email protected] ABSTRACT ACM Reference Format: The DOM engine of a web browser is a popular attack surface and Wen Xu, Soyeon Park, and Taesoo Kim. 2020. FreeDom: Engineering a State- has been thoroughly fuzzed during its development. A common of-the-Art DOM Fuzzer. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS ’20), November 9–13, 2020, approach adopted by the latest DOM fuzzers is to generate new Virtual Event, USA. ACM, New York, NY, USA, 16 pages. https://doi.org/10. inputs based on context-free grammars. However, such a generative 1145/3372297.3423340 approach fails to capture the data dependencies in the inputs of a DOM engine, namely, HTML documents. Meanwhile, it is unclear whether or not coverage-guided mutation, which is well-known to 1 INTRODUCTION be effective in fuzzing numerous software, still remains to beeffec- A DOM (Document Object Model) engine is a core component of tive against DOM engines. Worse yet, existing DOM fuzzers cannot every modern web browser, which is responsible for displaying adopt a coverage-guided approach because they are unable to fully HTML documents in an interactive window on an end-user device. support HTML mutation and suffer from low browser throughput. Considering its giant code base and extraordinary complexity, a To scientifically understand the effectiveness and limitations of DOM engine has always been one of the largest bug sources in a web the two approaches, we propose FreeDom, a full-fledged cluster- browser.
  • RSA Adaptive Authentication

    RSA Adaptive Authentication

    RSA Adaptive Authentication (Hosted) Data Gathering Techniques Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA, the RSA Logo and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of RSA trademarks, go to www.rsa.com/legal/trademarks_list.pdf. License agreement This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person. No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability. This software is subject to change without notice and should not be construed as a commitment by EMC. Note on encryption technologies This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption technologies, and current use, import, and export regulations should be followed when using, importing or exporting this product. Distribution Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. EMC believes the information in this publication is accurate as of its publication date.
  • Appendix a the Ten Commandments for Websites

    Appendix a the Ten Commandments for Websites

    Appendix A The Ten Commandments for Websites Welcome to the appendixes! At this stage in your learning, you should have all the basic skills you require to build a high-quality website with insightful consideration given to aspects such as accessibility, search engine optimization, usability, and all the other concepts that web designers and developers think about on a daily basis. Hopefully with all the different elements covered in this book, you now have a solid understanding as to what goes into building a website (much more than code!). The main thing you should take from this book is that you don’t need to be an expert at everything but ensuring that you take the time to notice what’s out there and deciding what will best help your site are among the most important elements of the process. As you leave this book and go on to updating your website over time and perhaps learning new skills, always remember to be brave, take risks (through trial and error), and never feel that things are getting too hard. If you choose to learn skills that were only briefly mentioned in this book, like scripting, or to get involved in using content management systems and web software, go at a pace that you feel comfortable with. With that in mind, let’s go over the 10 most important messages I would personally recommend. After that, I’ll give you some useful resources like important websites for people learning to create for the Internet and handy software. Advice is something many professional designers and developers give out in spades after learning some harsh lessons from what their own bitter experiences.
  • Open Source Mit Vorsicht Zu Geniessen

    Open Source Mit Vorsicht Zu Geniessen

    Achim Patzner, Dr. Walter Speth, active BIT1, Bonn Open Source mit Vorsicht zu geniessen Seit Richard Stallman in den 80ern die Free Software Foundation ins Leben gerufen hat, geistert der Begriff der freien Software durch die Branche und wird allzu oft voreilig als lizenzfrei und/oder kostenfrei missverstanden. Das Gegenteil kann der Fall sein: Die Wahl für eine Open Source Plattform kann Herstellern ein Lizenzmodell aufoktroyieren, das mit den Unternehmenszielen nicht vereinbar ist. Zeit für eine Richtigstellung: Nach der "public domain software" und der bereits genannten "free software" kam im Siegeszug von Linux und mit der Veröffentlichung der Quellen des Netscape-Browsers im Mozilla-Projekt Anfang 1998 die "open source software" und mittlerweile aus dem Hause Microsoft auch noch den Begriff der "shared software" (man hat verstanden, dass derartige Campagnen durchaus Marketing-Charakter tragen). Die Free Software Foundation distanziert sich übrigens vom Begriff "open source Software"2. Allerdings steht gerade dieser Begriff für das kollektive Erstellen von Software-Projekten, aber weniger wegen eines speziellen philosophischen Ansatzes, sondern weil er zu einer Zeit geprägt wurde, in der die hohe Durchdringung der weltweiten Vernetzung die Kommunikation innerhalb der Entwicklergemeinschaft ermöglichte und weil Linux als augenscheinlicher Vertreter für Open-Source-Produkte den Kondensationskern für das Bewusstsein von kostenfreier Software darstellte. Richard Stallman wollte "Freiheit für Software", er wollte aber nicht Software im Sinne von Freibier (so seine eigene Formulierung). Die Freiheit besteht im wesentlichen darin, dass der Hersteller sein geistiges Erzeugnis, die Sourcen verfügbar macht. Deren Nutzung ist allerdings durchaus im rechtlichen Rahmen der mitgelieferten Lizenzvereinbarung zu sehen. Es geht also weder darum, Software - 2 - ohne lizenzrechtliche Einschränkungen nutzen zu können, noch geht es darum, die Anwender mit lizenzfreier Software zu versorgen.
  • Microsoft's Shared Source Initiative As an Alternative to Open

    Microsoft's Shared Source Initiative As an Alternative to Open

    How open is open? Microsoft’s Shared Source Initiative as an Alternative to Open Source Software Anne-Kathrin Kuehnel Department of Law and Criminology, University of Wales Aberystwyth Email: [email protected] Introduction: “Judging a Book by its Cover” There are few certainties in life: everybody is playing football but, in the end, Germany wins. The murderer is always the butler. Or the gardener. It never rains in “Midsomer Murders”. Until recently, one of these used to be “Open Source good, Microsoft bad.” But now, it would appear that times have, indeed, changed and nothing in the software industry is as perceived and traditional wisdom would have it: Microsoft is opening up some of its source code. Over the past few years, Microsoft has promoted a project called “Shared Source Initiative” which allows access to source code to certain customers (e.g. research institutions and independent software vendors) on a restricted basis. Furthermore, it has also introduced some licenses which appear to give unrestricted access to source code and seem to closely resemble ‘traditional’ Open Source licenses. Given that availability of source code is a prime characteristic of Open Source Software it could be argued that Microsoft has embraced the Open Source Software philosophy. And indeed, one of Microsoft’s sharpest critics, Lawrence Lessig, is openly praising Microsoft for its Shared Source Initiative for opening up some of their source code.1 Rumour also has it that Microsoft has at least been thinking about submitting some of their licenses to the Open Source Initiative for certification.2 Does this mean that Microsoft has (finally) seen the light and embraced the Open Source philosophy? If Open Source Software was only defined by the accessibility of source code, the availability of source code would equal open source.
  • Skyfire: Data-Driven Seed Generation for Fuzzing

    Skyfire: Data-Driven Seed Generation for Fuzzing

    Skyfire: Data-Driven Seed Generation for Fuzzing Junjie Wang, Bihuan Chen†, Lei Wei, and Yang Liu Nanyang Technological University, Singapore {wang1043, bhchen, l.wei, yangliu}@ntu.edu.sg †Corresponding Author Abstract—Programs that take highly-structured files as inputs Syntax Semantic normally process inputs in stages: syntax parsing, semantic check- Features Rules ing, and application execution. Deep bugs are often hidden in the <?xml version="1.0" application execution stage, and it is non-trivial to automatically encoding="utf- pass pass pass 8"?><xsl:stylesheet version="1.0" Syntax Semantic Application xmlns:xsl="http://www.w3 .org/1999/XSL/Transform" generate test inputs to trigger them. Mutation-based fuzzing gen- ><xsl:output xsl:use- √ attribute- Parsing Checking Execution erates test inputs by modifying well-formed seed inputs randomly sets=""/></xsl:stylesheet> Parsing Semantic or heuristically. Most inputs are rejected at the early syntax pars- Inputs Crashes ing stage. Differently, generation-based fuzzing generates inputs Errors Violations from a specification (e.g., grammar). They can quickly carry the ! ! X fuzzing beyond the syntax parsing stage. However, most inputs fail to pass the semantic checking (e.g., violating semantic rules), Fig. 1: Stages of Processing Highly-Structured Inputs which restricts their capability of discovering deep bugs. In this paper, we propose a novel data-driven seed generation approach, named Skyfire, which leverages the knowledge in the analysis [8, 9] that identifies those interesting bytes to mutate, vast amount of existing samples to generate well-distributed seed symbolic execution [10, 11, 12] that relies on constraint solving inputs for fuzzing programs that process highly-structured inputs.
  • Enabling Dynamic Analysis of Legacy Embedded Systems in Full Emulated Environment Ta-Lun Yen Txone Iot/ICS Security Research Labs (Trend Micro) $(Whoami)

    Enabling Dynamic Analysis of Legacy Embedded Systems in Full Emulated Environment Ta-Lun Yen Txone Iot/ICS Security Research Labs (Trend Micro) $(Whoami)

    Enabling dynamic analysis of Legacy Embedded Systems in full emulated environment Ta-Lun Yen TXOne IoT/ICS Security Research Labs (Trend Micro) $(whoami) ● @evanslify ● Researcher @ TXOne Networks (Trend Micro), 2019/11-present ● Reverse Engineering, protocol analysis, wireless, hardware 2 2021-07-12 Outline ● Our goals & Background of Windows CE6 ● CE6 Bootloader & power-on initialization ● Inside CE6 Application Loader & Memory management ● Reconstructing extracted binaries to dynamic execution ● Conclusion 3 2021-07-12 Our goal ● Emulate CE6 image from device with QEMU ● We don’t want to buy every hardware for research – We ended up buying one actually (for comparison) ● Serial ports & debugger is not present on every hardware 4 2021-07-12 Background of Windows CE6 5 2021-07-12 Horrors from the ancient ● WinCE hasn’t been actively exploited (yet…) ● However, it runs everywhere – In cars, Parking meters, aircraft IFEs, subway turnstiles, medical devices, power plants... 6 2021-07-12 Difference between {NT, CE} ● Microsoft Shared Source Initiative: (partial) source code ● Loosely adheres to NT APIs and behavior ● Real-time OS 7 2021-07-12 Difference between {NT, CE} ● While having different APIs and behaviors between CE and NT... ● Some exploits and techniques might work on both CE & NT – ...with some efforts, e.g MS17-010 [1] [1] https://www.fracturelabs.com/posts/2017/exploiting-ms17-010-on-windows-embedded-7- devices/ 8 2021-07-12 Current methods to study CE6 firmware ● File extraction – https://github.com/nlitsme/eimgfs (was dumprom)
  • Incorporating the Commons: a Political Economic Analysis

    Incorporating the Commons: a Political Economic Analysis

    INCORPORATING THE COMMONS: A POLITICAL ECONOMIC ANALYSIS OF CORPORATE INVOLVEMENT IN FREE AND OPEN SOURCE SOFTWARE by BENJAMIN J. BIRKINBINE A DISSERTATION Presented to the School of Journalism and Communication and the Graduate School of the University of Oregon in partial fulfillment of the requirements for the degree of Doctor of Philosophy September 2014 DISSERTATION APPROVAL PAGE Student: Benjamin J. Birkinbine Title: Incorporating the Commons: A Political Economic Analysis of Corporate Involvement in Free and Open Source Software This dissertation has been accepted and approved in partial fulfillment of the requirements for the Doctor of Philosophy degree in the School of Journalism and Communication by: Dr. Janet Wasko Chairperson Dr. Biswarup Sen Core Member Dr. Gabriela Martinez Core Member Eric Priest, J.D. Institutional Representative and J. Andrew Berglund Dean of the Graduate School Original approval signatures are on file with the University of Oregon Graduate School. Degree awarded September 2014 ii DISSERTATION ABSTRACT Benjamin J. Birkinbine Doctor of Philosophy School of Journalism and Communication September 2014 Title: Incorporating the Commons: A Political Economic Analysis of Corporate Involvement in Free and Open Source Software Free (libre) and open source software (FLOSS) emerged in the 1980s as a radical alternative to proprietary software. Fighting back against what FLOSS enthusiasts viewed as overly restrictive intellectual property protections placed on proprietary software, FLOSS was designed with the intent of granting users the right to study, modify, adapt, or otherwise tinker with the source code of software. As such, FLOSS users were able to collaborate in producing software that could be distributed freely and widely to others, who could, in turn, make changes to the software.
  • Table of Contents

    Table of Contents

    Table of Contents Preface . ix 1. Open Source Licensing, Contract, and Copyright Law . 1 Basic Principles of Copyright Law 1 Contract and Copyright 3 Open Source Software Licensing 4 Issues with Copyrights and Patents 7 The Open Source Definition 8 Warranties 11 2. The MIT, BSD, Apache, and Academic Free Licenses . 14 The MIT (or X) License 14 The BSD License 15 The Apache License, v1.1 and v2.0 17 The Academic Free License 24 Application and Philosophy 30 3. The GPL, LGPL, and Mozilla Licenses . 34 GNU General Public License 35 GNU Lesser General Public License 49 The Mozilla Public License 1.1 (MPL 1.1) 62 Application and Philosophy 81 4. Qt, Artistic, and Creative Commons Licenses . 85 The Q Public License 85 Artistic License (Perl) 90 Creative Commons Licenses 98 vii 5. Non-Open Source Licenses . 114 Classic Proprietary License 114 Sun Community Source License 120 Microsoft Shared Source Initiative 144 6. Legal Impacts of Open Source and Free Software Licensing . 147 Entering Contracts 148 Statutory Developments Related to Software Contracts 150 The Self-Enforcing Nature of Open Source and Free Software Licenses 151 The Global Scope of Open Source and Free Software Licensing 153 The “Negative Effects” of Open Source and Free Software Licensing 154 Community Enforcement of Open Source and Free Software Licenses 158 Compatible and Incompatible Licensing: Multiple and Cross Licensing 159 7. Software Development Using Open Source and Free Software Licenses . 164 Models of Open Source and Free Software Development 164 Forking 171 Choosing an Open Source or Free Software License 174 Drafting Open Source Licenses 176 Appendix: Creative Commons Attribution-NoDerivs License .