Abstract

Mosquito is a secure remote execution framework available via LGPL that combines high-grade cryptography and a small efficient virtual machine on both ends to ensure that intellectual property is protected. It also presents a dynamic environment on a target host that can be reprogrammed on the fly over a secure communications channel to fit the current situation.

The virtual machine was written from scratch for this purpose, with a built in cryptography library, and was optimized for size with an eye towards being able to inject it. The virtual machine's native programming environment is a Scheme-derived Lisp-family language, with an optimizing bytecode compiler. It is also cross-platform using ANSI C and GCC, currently running on OpenBSD, Darwin, Linux, and Win32. Compiled bytecode is portable between these platforms, much like Pascal's P-code.

The comprehensive talk will cover the framework and methodologies that went into creating a secure remote execution environment. The algorithms used to secure communication channels will be discussed. The virtual machine and language themselves will be covered in some detail along with examples. Additionally, there will be a demonstration of writing an exploit in this framework, and using it to inject a virtual machine on a remote host.

Back to MOSVM Reference.