Internship in CompSec 🧑‍💻

I have been an intern at CompSec since last December, and I would like to share what I have learned during my time here.

Software Security

I first solved various problems given as assignments in the class called Software Security. You can find details of the assignments and my solutions here.

First, I solved three pwnable-like problems about stack overflow and heap overflow. Since it wasn’t my first time solving pwnable problems, it didn’t take much time for me to solve them.

---

The second assignment was to implement an integer overflow checker using LLVM.I had to check if integer overflow occurred in the given C code, and if the overflowed value flowed into the argument of malloc using an LLVM pass. Before I started this assignment, I had no knowledge of LLVM, so I had to first study its architecture. The documents provided in the assignment were very helpful:

• LLVM Architecture
• Writing an LLVM Pass

With this assignment, I could learn about how LLVM works, and how to write a LLVM pass.

---

Next two assignments were to implement a compare coverage feature for AFL to make it bypass strong constraints much faster.

First assignment was to implement the LLVM pass that transforms the target program to benefit AFL using the idea of CompareCoverage. I had to insert an additional code transformation logic using AFL’s llvm-mode.

Second assignment was to do the same thing, but by taking binary-based transformation, using the AFL’s QEMU-mode. To finish this assignment, I had to understand how AFL works (coverage measurements) and what QEMU is, and how to modify it using TCG. Documents below helped me a lot:

• How AFL works - Coverage measurement & Detecting new behaviors
• Documentation/TCG/frontend-ops

Xv6

After finishing the assignments above, I studied how OS works by implementing some features in Unix-like simple OS, Xv6.

I had a general understanding of computer systems from my System Programming class, but most of the kernel’s functions were not covered. Thanks to Xv6, I was able to comprehend how the kernel works and how it interacts with user space. Detailed code can be found in my Xv6 repository.

Main features that I developed in Xv6 are as follows:

• Basic system calls: trace, sysinfo system calls
• Page table: pgacess system call that prints which page has been accessed
• Trap: backtrace function that shows a list of the functions that were called before the error happened, sigalarm & sigreturn system calls
• Copy-on-Write: Implemented a Copy-on-Write feature in Xv6.
• Multithreading: Implemented a context switch mechanism for user-level threading system.
• Networking: Implemented functions for the network driver to transmit and receive packets.
• File System: symlink system call & Increased the maximum size of an xv6 file.
• mmap: mmap, munmap system call

kvm-hello-world

I studied hypervisor by exploring kvm-hello-world, a simple example program demonstrating the use of the KVM API provided by the Linux kernel. To deepen my understanding, I followed the assignments of a lecture I found on Google: Build your own hypervisor using the KVM API.

First, to understand the structure of kvm-hello-world, I answered several questions in the page above. You can check the answers I wrote here.

Next, I added some new hypercalls according to the instructions. The hypercalls I added are:

• printVal printing the 32-bit value given as argument to the screen.
• getNumExits returning the number of exits incurred by the guest since it started.
• display printing the string given as argument to the screen, incurring only one guest exit.
• File system hypercalls: open, read, write

By understanding how the KVM API works, I could know how to operate KVM - how to set up virtual machines and how to communicate with them. I also learned that KVM is an essential part of cloud computing and virtualization technologies.

Reading papers

After studying topics related to computer systems, such as operating systems, hypervisors, and fuzzers, I began reading papers on software security. Many papers from Compsec focus on fuzzing or confidential computing using Intel SGX, so I started there. The papers I am reading or plan to read in the future can be found in my notion page.

Conclusion

Through my internship at CompSec, I was able to gain a lot of knowledge and experience related to operating systems, hypervisors, fuzzing, and confidential computing. Although my internship has not yet ended, I feel that I have gained a lot of knowledge and experience that will be useful in the future. I plan to stay with CompSec until at least this summer. I’m looking forward to gaining more experiences during this internship. 😎 Also, I’d like to express my gratitude to everyone at Compsec for helping me have such a wonderful experience. ❤️