ABSTRACT

Compiled Python bytecode (PYC) has become an essential part of network switches, routers, and other network infrastructure devices. Our analysis shows that its integrity is implicitly trusted in multiple designs that make use of Python code at the top of the operational software, such as the management and control pane of enterprise network switches. At the same time, the integrity of PYC files is not covered under the traditional chain-of-trust models, due to complex interactions with the CPython loader, byte compiler, and other Python runtime components. We explore the risks inherent in including PYC and Python runtimes in the de factotrusted code basis of commercial enterprise equipment and offer a comprehensive framework for understanding emergent behaviors in these designs

BIOS

Sergey Bratus is the Dartmouth College Distinguished Professor in Cyber Security, Technology, and Society and an Associate Professor of Computer Science. In 2018--2024 he served as a Program Manager at DARPA's Information Innovation Office (I2O), where he created multiple fundamental research programs in cybersecurity, resilience, and sustainment of critical software.

Larry Hernandez is a PhD student at Dartmouth, joining academia after over a decade of industry experience. Previously he participated as principal investigator in the DARPA Cyber Fast Track program, contributed to the NSA SELinux project, and performed reverse engineering and security assessments for customers in finance, IT and defense. Current research focus is the science of reverse engineering and rapid software-hardware understanding.