Cybersecurity has traditionally been pushed forward through practical research and exploits without a deeper understanding or language to discuss the fundamental concepts and aspects of exploits. This repo is a place to collect links and papers discussing "weird machines" and techniques to mitigate them such as language-theoretic security and formal verification of software.
Start with the two following papers:
- Exploit Programming: From Buffer Overflows to “Weird Machines” and Theory of Computation
- Weird Machines, Exploitability, and Provable Unexploitability
- Mismorphism: The Heart of the Weird Machine
- Backdoors: Definition, Deniability & Detection
- Exploits as Insecure Compilation
- Escalate Exploitability for More Secure Software Systems
- Towards Exploitability Assessment for Linux Kernel Vulnerabilities
- Proving un-exploitability of parsers
- Weird Machines as Insecure Compilation
- 'Weird Machine' patterns