|
|
About
|
BASS, a Benchmarking suite for evaluating Architectural Security Systems, is a
collection of vulnerable programs and scripts for automatically generating
exploits across different machines and multiple architectures. The BASS suite
of benchmarks has been designed to simplify the security evaluation of proposed
architectural security solutions while increasing the thoroughness of evaluation by
ensuring attack dimension diversity. A few of the advantages of the BASS
framework are:
- Automatically generating machine specific exploits
- Compatible with both x86 Linux and Alpha Linux
- Designed to run on native machines/full system simulators
- Modular in design for easy swapping of key functions (e.g. encryption)
- Programs take input in a scriptable format for easy deterministic simulation
- Vulnerable programs provide basic functionality so a normal database can be built
- Optional "DEBUG_MODE" preprocessor displays key memory throughout attack
- Code well documented for use in educational environments
- Easy, standardized interface for compiling, generating, and executing exploits
- Exploits designed for diversity across multiple dimensions including vulnerability class,
attack style, end result, memory location, code injection, and payload location
|
|
|
Documentation
|
|
|
|
Acknowledgements
|
This work is supported by a National Science Foundation Graduate Research Fellowship and the Microsoft Research Trustworthy Computing Award No. 14707.
|
|
|
Quick Start Commands
|
The
following commands can be used within the individual benchmark directories.
To compile the benchmark for your architecture with any deps:
make
To compile the benchmark for your architecture /w any deps and memory watching:
make debugmode
To remove all binaries:
make clean
To automatically generate attack command capabable of being added to a script:
./generate.sh
To automatically generate attack command and execute attack:
./runme.sh
|
|
|
Current
Version
|
The
current version of the bass
is version 1.0.0:
File Name: bass-1.0.0.tar.gz
File Size: 32467 Bytes
MD5: 347525503f35e475728510e2b15a50a3
|
|
|
Current
Benchmark Status
|
| Benchmark |
Vulnerable Program |
Attack Type |
Verified On |
01
(readme) |
lottery |
buffer overflow
bss memory section
functional pointer overwrite
modify instruction flow |
x86 Linux
Alpha Linux
m5 |
02
(readme) |
lottery |
buffer overflow
bss memory section
variable overwrite
modify bank account |
x86 Linux
Alpha Linux
m5 |
03
(readme) |
message_wall |
buffer overflow
heap memory section
file pointer overwrite
add root account |
x86 Linux
Alpha Linux
m5 |
04
(readme) |
small_finger |
buffer overflow
stack memory
overwrite return address
shellcode injection (stack)
spawn root shell |
x86 Linux
Alpha Linux |
05
(readme) |
secure_log |
format string
data memory
read variable
read cryptographic key |
x86 Linux
Alpha Linux
m5 |
06
(readme) |
secure_log |
format string
data memory
overwrite variable
modify cryptographic key |
x86 Linux
Alpha Linux
m5 |
07
(readme) |
secure_log |
format string
dtor memory
overwrite deconstructor
shellcode injection (environment)
spawn root shell |
x86 Linux
Alpha Linux |
|
|
|
Download
|
BASS
is released freely under the GNU GPL and may be downloaded,
executed, copied, and modified without limitation
by the end user. No user may place any
restrictions on the use of this software, including
as modified by the user.
BASS is provided as is, with no warranty of
any kind, express or implied. The user of the program
accepts full responsibility for the application of
the program and the use of any results produced.
While
registration is optional, we ask
that you fill out as much of the information
below as possible, so that we can have an
estimate as to the number and sector of end
users of BASS. No collected
information will be used for any purpose other
than statistical analysis of the BASS.
|
|
| |
|
|
|
|
|
