Merve GÜLMEZ

Merve GÜLMEZ

Researcher

Posts

qemu

less than 1 minute read

Published:

How to add an intrustion to qemu:

  • Add an encoding this path qemu/target/riscv/insn32-cheri.decode according to three oeprand or second operand
  • qemu/build/libqemu-riscv64cheri-softmmu.fa.p/decode-insn32.c.inc add here
  • qemu/disas/riscv.c
  • qemu/target/cheri-common/cheri-helper-common.h
  • qemu/target/riscv/insn_trans/trans_cheri.c.inc
  • qemu/target/cheri-common/op_helper_cheri_common.c

How to encode this in the llvm and add its own intrinsic

  • $(HOME)/cheri/llvm-project/llvm/lib/Target/RISCV/RISCVInstrInfoXCheri.td
  • $(HOME)/cheri/llvm-project/clang/lib/CodeGen/CGBuiltin.cpp
  • $(HOME)/cheri/llvm-project/llvm/include/llvm/IR/IntrinsicsCHERICap.td
  • $(HOME)/cheri/llvm-project/clang/include/clang/Basic/Builtins.def

security

less than 1 minute read

Published:

At the beginning of my PhD I at first became interested in the broader area of cybersecurity, but my current line of research really got me into the area of systems security. In particular improving the cyber-resilience and availability low-level systems software against memory corruption attacks. This has required me to develop skills, such as in-depth knowledge of the C and Rust runtimes, as well as assembly programming.

crowdstrike

1 minute read

Published:

The CrowdStrike outage shows that improving software resilience and availability is as important as detecting and mitigating memory-safety vulnerabilities.

LLVM

1 minute read

Published:

I have been learning LLVM for a while; I added a function and variable attribute, new compiler options, wrote a hacky LLVM transformation pass, and deleted my hacky stuff in the backend! I kind of enjoyed it, kind of annoyed; in the end, I think it was good to learn!

Bluspec

less than 1 minute read

Published:

To install the BSC compiler, follow these steps (example for Ubuntu):

Example for Ubuntu

wget https://github.com/B-Lang-org/bsc/releases/download/2023.07/bsc-2023.07-ubuntu-22.04.tar.gz 
cd ~/cheri/bsc-2023.07-debian-12.1 
export PATH="$PATH:/home/cheri/bsc-2023.07-ubuntu-22.04/bin/

It’s likely that you will also need the Bluespec library. It took me a long time to understand what was missing. You need to install this library from the following repository:

https://github.com/B-Lang-org/bsc-contrib/tree/main

CHERI

less than 1 minute read

Published:

Adversarial Examples: A great starting point! These exercises will introduce you to the concept of capabilities and how they can be used to protect against various security threats.

BESSPIN GPE

less than 1 minute read

Published:

Besspin-GFE notes

Intro info

  • You can follow here to install bluspec: https://gulmezmerve.github.io/posts/2024/03/bluspec-1/ (get just bin file)

  • Add to path e.g., export PATH="$PATH:/bsc-2023.07-debian-12.1/bin/ to ~/.bashrc and source it

  • The active development CHERI-Toooba core: https://github.com/CTSRD-CHERI/Toooba

Get BESSPIN GPE

  • git clone git@github.com:gulmezmerve/BESSPIN-GFE.git

  • Follow the https://github.com/gulmezmerve/BESSPIN-GFE?tab=readme-ov-file#update-dependencies

  • BESSPIN GPE: https://github.com/CTSRD-CHERI/BESSPIN-GFE has Toooba as a submodule https://github.com/CTSRD-CHERI/BESSPIN-GFE/tree/cambridge/bluespec-processors/P3. But it is not updated as a submodule. Please get the updated the version..

  • Small note: Info ‘bluespec_p3’ refers to Toooba core:

Compile the code

src_SSITH_P3/
make clean
make
make compile

Generate the bitstreams

cd $GFE_REPO
./setup_soc_project.sh bluespec_p3 
./build.sh bluespec_p3

Utily Report

~/BESSPIN-GFE/vivado/soc_bluespec_p3/soc_bluespec_p3.runs/impl_1/design_1_utilization_placed.rpt

Load the bitstreams to FPGA

- ./pytest_processor.py bluespec_p3

Load elf file to FPGA

Open GDB:

riscv64-unknown-elf-gdb -x bootmem/startup.gdb /home/merve/BESSPIN-GFE/mon_cheri_binaries_malloc/coremark_P2-riscv-bare-metal-CHERI\:0-MONCHERI-0LLVM.elf
oi

To OpenOCD

- openocd -f testing/targets/ssith_gfe.cfg

To run the simulator

cd BESSPIN-GFE/verilator_simulators/run 
cd ..
make simulator PROC=bluespec_p2
cd run
make run_example PROC=bluespec_p2 EXAMPLE=/home/merve/coremark_wbr.elf VERBOSITY=+v4

To get the output from terminal

socat stdin,raw,echo=0 /dev/ttyUSB2,raw,echo=0

RUST

less than 1 minute read

Published:

I worked on macro expansion on Rust for that project: https://arxiv.org/pdf/2306.08127

GDB

3 minute read

Published:

I am studying on low-level security.