Wednesday, October 17, 2018

DEC{}DE 2018: Connected Threat Intelligence Experience

We were lucky to be invited again in this year's security conference sponsored by Trend Micro, DECODE 2018.  The event was held at the Makati Shangri-La Hotel last October 11, 2018. This year's theme is Connected Threat Intelligence. I liked the talk by Andrew MacPherson on Graphing and Grey Data as well as Prof. Stefano Zanero's talk.





ROOTCON 12 Experience

I attended the ROOTCON 12 hacking conference held at the Taal Vista Hotel last September 27-28, 2018.  Although I've been dreaming of attending the conference for a while, it was only this year that I was able to save some money for this event. As expected, the event was great and I enjoyed all the technical talks. I also got to meet some  security professionals from various industries. Lastly, I got a cool badge. The slides for the talks are available here.





Thursday, September 20, 2018

WCTP 2018 Experience

We attended the Workshop on Computation: Theory and Practice 2018 last September 17-18, 2018 at the UP BGC. The workshop consisted of paper presentations from researchers in Japan(TITECH, Osaka U) and the Philippines (UP, ADMU, DLSU). Although the workshop is in its 8th year, this was the first time I attended. Researches are in the areas of machine learning, reactive systems, computer networks, reactive systems, security, and data analytics. Although most of the presentations came from academic institutions, there was a presentation from an industrial research lab (Cobena). I learned a lot from this workshop and hopefully I will be able to submit a paper next year.


Sunday, September 9, 2018

Citation and References

During the early days of my career as instructor,  I did not pay much attention to the concepts of copyright and licenses. However, I realized that an understanding of these concepts is important to prevent complications in the future. (See previous post)

Side note:
--
Copyright - safeguards the ownership of an intellectual property
License - document that lets someone use the intellectual property
--

Now, as an assistant professor, I need to prepare materials for teaching and research which include the following:
  • course syllabus
  • course website
  • handouts
  • exams
  • quizzes
  • presentations
  • research papers
  • programs/software
  • blog
  • grant proposals
  • audio/video
  • figures/photos
  • letters
  • computer programs
In preparing these, I use resources that are published online, either by their authors or by third party publishers. These resources are by default copyrighted and thus permission from the authors should be obtained first. However, obtaining permissions may be a tedious task, thus authors indicate the license (such as Creative Commons) to these materials. At the least, authors of these materials should be properly acknowledged.

For research papers and grant proposals, there is usually a standard to follow. In my field, which is Computer Science, the ACM Citation Styles and Reference Formats [1] is widely used. This guideline can also be applied in course websites, course syllabus, blogs, and handouts. A "References" section is placed at the end of these materials which contains the list of other materials cited. In presentations, borrowed images and pictures must also be cited. At the minimum, the following information are needed for a reference entry (d-a-t-t-u):
  • date/year of publication
  • author/publisher (can be a person, organization, legal entity)
  • title
  • type  
  • url/source

Examples:

[1] Joseph Anthony C. Hermocilla. 2018. CMSC 137: Data Communicatons and Networking (First Sem 2018-2019).  Retrieved September 9, 2018 from https://jachermocilla.org/teaching/137/2018-1/.
 
[2] McMillan, T. 2009. Fantail vector [JPG Image]. Retrieved September 9, 2018 from http://www.kiwiwise.co.nz/photo/fantail-vector.

[3] Marie Betel B. de Robles, Joseph Anthony C. Hermocilla, and Miyah D. Queliste. 2017. Buffer Overflow Exploitation on 64-bit Linux Systems [Google Slides Presentation]. Retrieved September 9, 2018 from http://srg.ics.uplb.edu.ph/resources/presentations.

[4] Joseph Anthony C. Hermocilla. 2018. Homework 3: Environment  Variables, Processes, and Threads [PDF Handout]. Retrieved September 9, 2018 from https://jachermocilla.org/teaching/125/2017-2/hw3.pdf

[5] Joseph Anthony C. Hermocilla. 2018. Homework 3: Environment  Variables, Processes, and Threads [Printed Handout].


Some authors find it cumbersome to cite because the information needed are not readily available. It seems that the best way then is to provide a "Reference as:" or "Citation:" element or section in your own materials which include the minimum information, d-a-t-u, above.

References:
  • [1]ACM, Inc. 2018. Citation Styles and Reference Formats. Retrieved September 9, 2018 from https://www.acm.org/publications/authors/reference-formatting.

Sunday, August 26, 2018

Intellectual Property Protection in UPLB

(Last Update: 10 February 2021)

I tried to extract the relevant portions of the guidelines which, in my opinion, apply to our institute.

References:
  1. Types of intellectual properties (UPLB)
  2. Governing policies on intellectual property in UP
  3. RA 8239
  4. UP-IPR-Policy
  5. https://ttbdo.up.edu.ph/policies/copyright-guidelines/

(Text directly lifted from above sources)
 
Most research outputs in UPLB are in the form of inventions, utility models, industrial designs, computer programs, as well as literary, scholarly, and artistic works. Under the IP Code, inventions are protected by patents; utility models and industrial designs by their registration; and computer programs, literary, scholarly, and artistic works by copyright.[1]

Copyright

Copyright is the exclusive and legally secured right given to creators or authors for their literary and artistic works to prohibit or authorize the reproduction or copying of the work. It allows the creator to derive economic or financial reward from the use of his works by others and to claim authorship of a work and to have that authorship recognized.[1][3]

As a general rule, copyright of all works shall remain with the creator, except in cases of institutional or collaborative works. When copyright must be assigned to the university, creators shall disclose the existence and assign the copyright to the university.[2]

Institutional Work

The University shall have exclusive ownership over institutional works[2]. Institutional works include:
  1. works that are produced through research and development funded by any Philippine government agency or instrumentality, or government-owned and -controlled corporation from government appropriations and those source from government managed official development assistance funds.
  2. works supported by a specific allocation of university funds of substantial university resources other than the usual salary and resources made available to every faculty, researcher, student or staff;
  3. commissioned works or those works created at the direction and control of the university through its officials or designates for a specific project or purpose;
  4. works whose authorship cannot be attributed to one or a discrete number of authors despite the application of processes prescribed; and
  5. works whose authorship cannot be attributed to one or a discrete number of authors because it is the result of simultaneous or sequential contributions over time by multiple authors.
Collaborative works

In the absence of any contractual stipulation to the contrary, if the works is the result of collaborative efforts between the University, an outside entity and the creator/s, the copyright shall be jointly owned by the university, the creator/s and the outside entity.[2][4]

Waiver of ownership of copyright by the university

In case of institutional works and works of joint ownership with the University, the university through its designated officials may waive copyright in favor of the creator if all of the following conditions are met[2]:
  • the waiver would enhance the transfer of technology or improve the access of the works by the public in general;
  • the waiver does not violate any existing contractual obligation and to the third parties; and
  • the participation of the University in the work is acknowledged by the creator in all publications of the work, whether local or international.
If the University is unable or has not decided to publish or exhibit the works within one year from its disclosure, its copyright is automatically waived in favor of the creator. The one-year period may also be waived by the University at the request of the creator if the work is to be published in a reputable international or local journal relevant to the academic discipline to which the work belongs. The contribution of the University shall be duly acknowledged in all publications or exhibitions of the work.


(RA 8293, Part IV: The Law on Copyright)[3]

Section 177. Copyright or Economic Rights. -
Subject to the provisions of Chapter VIII, copyright or economic rights shall consist of the exclusive right to carry out, authorize or prevent the following acts:

177.1. Reproduction of the work or substantial portion of the work;

177.2. Dramatization, translation, adaptation, abridgment, arrangement or other transformation of the work;

177.3. The first public distribution of the original and each copy of the work by sale or other forms of transfer of ownership;

177.4. Rental of the original or a copy of an audiovisual or cinematographic work, a work embodied in a sound recording, a computer program, a compilation of data and other materials or a musical work in graphic form, irrespective of the ownership of the original or the copy which is the subject of the rental; (n)

177.5. Public display of the original or a copy of the work;

177.6. Public performance of the work; and

177.7. Other communication to the public of the work. (Sec. 5, P. D. No. 49a)

Section 178. Rules on Copyright Ownership. -
Copyright ownership shall be governed by the following rules:

178.1 Subject to the provisions of this section, in the case of original literary and artistic works, copyright shall belong to the author of the work;

178.2. In the case of works of joint authorship, the co-authors shall be the original owners of the copyright and in the absence of agreement, their rights shall be governed by the rules on co-ownership. If, however, a work of joint authorship consists of parts that can be used separately and the author of each part can be identified, the author of each part shall be the original owner of the copyright in the part that he has created;

178.3. In the case of work created by an author during and in the course of his employment, the copyright shall belong to:

(a) The employee, if the creation of the object of copyright is not a part of his regular duties even if the employee uses the time, facilities and materials of the employer.

(b) The employer, if the work is the result of the performance of his regularly-assigned duties, unless there is an agreement, express or implied, to the contrary.

178.4. In the case of a work commissioned by a person other than an employer of the author and who pays for it and the work is made in pursuance of the commission, the person who so commissioned the work shall have ownership of the work, but the copyright thereto shall remain with the creator, unless there is a written stipulation to the contrary;

Section 185. Fair Use of a Copyrighted Work.
185.1. The fair use of a copyrighted work for criticism, comment, news reporting, teaching including multiple copies for classroom use, scholarship, research, and similar purposes is not an infringement of copyright. Decompilation, which is understood here to be the reproduction of the code and translation of the forms of the computer program to achieve the inter-operability of an independently created computer program with other programs may also constitute fair use. In determining whether the use made of a work in any particular case is fair use, the factors to be considered shall include:

(a) The purpose and character of the use, including whether such use is of a commercial nature or is for non-profit educational purposes;

(b) The nature of the copyrighted work;

(c) The amount and substantiality of the portion used in relation to the copyrighted work as a whole; and

(d) The effect of the use upon the potential market for or value of the copyrighted work.

185.2. The fact that a work is unpublished shall not by itself bar a finding of fair use if such finding is made upon consideration of all the above factors.

Section 187. Reproduction of Published Work.
187.1. Notwithstanding the provision of Section 177, and subject to the provisions of Subsection 187.2, the private reproduction of a published work in a single copy, where the reproduction is made by a natural person exclusively for research and private study, shall be permitted, without the authorization of the owner of copyright in the work.

187.2. The permission granted under Subsection 187.1 shall not extend to the reproduction of:

(a) A work of architecture in the form of building or other construction;

(b) An entire book, or a substantial part thereof, or of a musical work in graphic form by reprographic means;

(c) A compilation of data and other materials;

(d) A computer program except as provided in Section 189; and

(e) Any work in cases where reproduction would unreasonably conflict with a normal exploitation of the work or would otherwise unreasonably prejudice the legitimate interests of the author. (n)

Section 189. Reproduction of Computer Program.
189.1. Notwithstanding the provisions of Section 177, the reproduction in one (1) back-up copy or adaptation of a computer program shall be permitted, without the authorization of the author of, or other owner of copyright in, a computer program, by the lawful owner of that computer program: Provided, That the copy or adaptation is necessary for:

(a) The use of the computer program in conjunction with a computer for the purpose, and to the extent, for which the computer program has been obtained; and

(b) Archival purposes, and, for the replacement of the lawfully owned copy of the computer program in the event that the lawfully obtained copy of the computer program is lost, destroyed or rendered unusable.

189.2. No copy or adaptation mentioned in this Section shall be used for any purpose other than the ones determined in this Section, and any such copy or adaptation shall be destroyed in the event that continued possession of the copy of the computer program ceases to be lawful.

189.3. This provision shall be without prejudice to the application of Section 185 whenever appropriate. (n)

Section 193. Scope of Moral Rights.
The author of a work shall, independently of the economic rights in Section 177 or the grant of an assignment or license with respect to such right, have the right:

193.1. To require that the authorship of the works be attributed to him, in particular, the right that his name, as far as practicable, be indicated in a prominent way on the copies, and in connection with the public use of his work;

193.2. To make any alterations of his work prior to, or to withhold it from publication;

193.3. To object to any distortion, mutilation or other modification of, or other derogatory action in relation to, his work which would be prejudicial to his honor or reputation; and

193.4. To restrain the use of his name with respect to any work not of his own creation or in a distorted version of his work. (Sec. 34, P.D. No. 49)

Saturday, August 11, 2018

Using Kali Linux behind Whonix in VirtualBox

 After adding Kali Linux and Whonix in VirtualBox, do the following:
(Updated: 23 January 2019)
  1. Start Whonix VM
  2. Update Whonix VM
  3. Run Whonix Check
  4. Change Network Settings of Kali to "Internal Network". Choose Whonix.
  5. Boot Kali and change the network settings. (No need to set this since the gateway has a DHCP server. Just update /etc/resolv.conf in Kali)
    1. #ifconfig eth0 10.152.152.11
    2. #route add default gw 10.152.152.10
  6. Open check.torproject.org in a browser in Kali 
Note that the same technique can be used with other operating systems, such as Windows XP.

Wednesday, July 25, 2018

Midyear AY 2017-2018

This midyear we hosted two practicum students, Quinn and Bianca, to work on the data processing part of Project Odette. Project Odette is part of Miyah's thesis which aims to develop an automatic surface vehicle(ASV) for lake water quality sensing. I re-learned a few technologies during the period including the following:
  • NodeJS
  • Git/Github
  • ReactJS
  • ExpressJS
  • REST API
  • MySQL/PHPMyAdmin
  • Docker and Docker Compose
  • Android Programming/Android Studio
  • Google Map API 
  • Nginx/Reverse Proxy
I realized that I am more productive when working in a team, especially if the members are talented and motivated. I was also impressed by Miyah's project management skills. As with any software dev projects, the main challenge is the continuous change in requirements. Agile methodologies are highly recommended for these kinds of projects.

Friday, June 29, 2018

Enable non-live migration in Openstack Juno on Ubuntu 14.04

Simply change the shell of the nova user to /bin/bash

$sudo usermod -s /bin/bash nova

Tuesday, April 17, 2018

Memory and Linux Processes

Physical Memory and Virtual Memory

The CPU of the computer is responsible for executing instructions (machine code). These instructions, as well as the data used by these instructions, should be placed in the physical memory (which is on the actual memory chip).  Each byte in the physical memory is accessed through a physical address. The physical address is placed in the memory address register (MAR) when writing or reading to/from memory. The size of the MAR and address bus determine the range of addresses that can be used. For example, if MAR is 32 bits, then addresses from 0 to 0xFFFFFFFF (up to 4GB) can be accessed.

Image result for Memory Address Register image
(https://archive.cnx.org/contents/6876272b-9b8f-463c-848b-1d388dccf776@1/module-5)


Modern computer architectures however provide a virtual or logical memory view to the CPU. The CPU accesses each byte through a virtual or logical address. The range of virtual addresses is usually the same as the range of the physical addresses, although the actual amount of physical memory may be less or more than the addressable range.

Virtual addresses must eventually be translated to physical addresses to access instructions and data from the physical memory. This translation/mapping is technically called address binding. The translation is performed by the Memory Management Unit (MMU) hardware component. Schemes such as segmentation and/or paging are often used to support different features and needs, such as protection . The operating system also performs some operations related to this address translation by invoking specialized CPU instructions.


(https://upload.wikimedia.org/wikipedia/commons/thumb/d/dc/MMU_principle_updated.png/325px-MMU_principle_updated.png)


Application programmers need only to concern themselves with the virtual memory. Kernel developers, however, need to be concerned with both virtual and physical memory as part of implementing the memory management component of the operating system.

Having a virtual memory view provides flexibility, especially in multiprogramming and timesharing operating systems. It allows a process to "believe" that it has exclusive and full access to the entire physical memory, even though it does not. Also, virtual memory allows processes to access code and data that are in secondary storage (disk) as if they are in physical memory through a scheme called swapping.

Process Memory Map in Linux (Ubuntu 16.04 x86_64, GCC 5.4.0)

When writing C programs, variables are used to hold data and functions are used to implement operations. The variables and functions have names, which are symbolic. In compiler design, names are generally called symbols. Consider a payroll program, the variable named age can be used to hold the age of an employee. Also, the function named compute_salary can be used to perform the operation of computing the salary of an employee.

When a C program is compiled and linked, the variables and functions are converted to memory locations/addresses(in virtual memory) and machine code(object code) respectively.  Variable names and function names become memory addresses and are stored in a symbol table. The result of this conversion is stored in an executable file (aka program binary image). The executable file is what is usually run. Executable file format is usually dependent on the operating system. In Linux for example, ELF is the standard format for executable files.

Running a program actually means the loader reading the executable file and creating a process for it. When the executable file is loaded by the operating system for execution, for example via the exec() system call in Linux, the operating system allocates a portion of memory in an area dedicated for user processes.  The data and instructions are read from the executable file and placed in the allocated memory in locations which are also specified(in the symbol table) from  the executable file. Again, it is emphasized that the memory locations being referred to here is in virtual memory. Once the data and instructions are in memory, a new process control block(PCB) is created representing the process. The allocated memory becomes the process' memory map or address space and is usually a field in the PCB. The process is then scheduled for execution.

A process' memory map is divided into sections which serve different purposes. A typical memory map is shown below. The text section for instructions, the data section for initialized data, the bss section for uninitialized data, the stack section for function calls (and traditionally, parameters), and the heap section for dynamically allocated memory (via the function malloc()). Some of these sections are already defined during the compilation and linking process. Although it appears below that the memory is contiguous in virtual memory, it may not be the case in the corresponding physical memory.

(https://www.hackerearth.com/practice/notes/memory-layout-of-c-program/)
The example C program below will illustrate in what section of a process' memory map the different symbols are placed. Download binding.c, create an object file and executable file [1]. Run the executable several times and observe which variables change in address. The variables are so named to show in which section they will reside.

Compile time (output is object file):
$ gcc -fno-common -c -o binding.o binding.c

Link time (output is executable file):
$ gcc -fno-common -o binding.exe binding.c

Run time (a process is created) :
$ ./binding.exe

Next, examine the symbol table of the object file and the executable file. The first column refers to the assigned address and the fourth column refers to the assigned section.
$ objdump -t binding.o 
$ objdump -t binding.exe

Compare the entries for some of the symbols in the object file and executable file. Which file contains an address for the symbol, the object file or the executable file?
$ objdump -t binding.o | grep data_global_initialized_nonzero
$ objdump -t binding.exe | grep data_global_initialized_nonzero 

$ objdump -t binding.o | grep -w bss_global
$ objdump -t binding.exe | grep -w bss_global

$ objdump -t binding.o | grep -w text_func
$ objdump -t binding.exe | grep -w text_func

Can the symbols that start with stack_ and those stored in the heap be found?No. The stack section and heap section are allocated at run time.

Let us look where each of the sections start in memory and the symbols in each section.
$ objdump -t binding.exe | grep -w .text
$ objdump -t binding.exe | grep -w .data
$ objdump -t binding.exe | grep -w .bss

We will now use GDB to examine the process address space at run time. GDB will allow us to examine the state of the execution by allowing us to run one instruction at a time. (Try to compare the addresses at link time and at run time. Are they the same?)
$ gdb ./binding.exe
(gdb) set disassembly-flavor intel
(gdb) b main+99
(gdb) r
(gdb) disas main
(gdb) info proc mapping
   
Study the memory map. Notice that there is no heap section yet. This is because no call to malloc() has been made yet.
(gdb) ni +6
(gdb) disas main
(gdb) info proc mapping

The heap section is now present. Let us look for the variables in the sections.
(gdb) find 0x601000,+0x1000,"JACH_IN_DATA"
(gdb) find 0x601000,+0x1000,"JACH_IN_BSS"
(gdb) find 0x602000,+0x21000,"JACH_IN_HEAP"
(gdb) find 0x7ffffffde000,+0x21000,"JACH_IN_STACK_LOCAL"

How about the parameter?Is it in the stack?
(gdb) find 0x7ffffffde000,+0x21000,"JACH_IN_STACK_PARAM"

The string is not in the stack! It is in the text section! Traditionally however, parameters are pushed to the stack.
(gdb) find 0x400000,+0x1000,"JACH_IN_STACK_PARAM"

Finally, run the process to completion.
(gdb) c
(gdb) quit 

Conclusion

This post discussed some concepts in memory management in relation to C programs and Linux processes.

Figure 1. Sample Memory Map (no heap section yet)