What are Weird Machines?


The expression "weird machines" was first used in my invited talk at RSS 2009. It referred to state-of-the-art exploitation as finding and programming an execution model (a machine, such as a virtual automaton) within the target via crafted inputs. It was soon extended to other methods of reliably or probabilistically influencing the target's state. A compressed version of that original talk was given at the Chaos Computing Congress 27c3 [slides], [video].

The concept was further elaborated in Exploitation and State Machines by Thomas Dullien / Halvar Flake at Infiltrate 2011, Heap Exploitation Abstraction by Example by Census Labs at OWASP 2012, and others. A historical sketch can be found in From Buffer Overflows to "Weird Machines" by Bratus et al.

Effort is underway to produce formal descriptions of weird machine classes in various computing environments. Thomas Dullien's 2017 paper Weird machines, exploitability, and provable unexploitability is the most notable recent development (see Formalisms below).

The LangSec effort is aimed at describing and eliminating broad classes of input-related bugs and associated weird machines.

Beginnings of formalism

Recent related work

Original Papers

Historical overviews

Strange & radiant machines

(exploits that borrow existing computation in unexpected ways)

PHY layer

See also BabylonPHY.org, DemystiPHY.org.

Embedded Systems

Higher network layers

Intra-OS machines

Other papers on x86


Other Lists