Paul Irofti


About me: 
 Resume (RO)
 Experience
 Research
 Education
 Papers
 Notes
 Hobbies
 LinkedIn

Services: 
 Training
 Development
 System Administration
 Security Audits

Contact: 
 [E-mail address]

Making OpenBSD Useful on the Octeon Network Gear

My work on the Octeon port made possible for OpenBSD to run on the D-Link DSR
line of mid-range routers and also improved all supported models through the
drivers I wrote. I'm continuing my work on improving the OpenBSD experience on
the Octeon products by enhancing network support (including advanced switch
support among other things) and adding disk support via USB and CFI.
This presentation summarizes the developments I brought and the obstacles I faced.

Presentation. Video.

GPU Parallel Implementation of the Approximate K-SVD Algorithm
Using OpenCL

Training dictionaries for sparse representations is a time consuming task,
due to the large size of the data involved and to the complexity of the
training algorithms. We investigate a parallel version of the approximate
K-SVD algorithm, where multiple atoms are updated simultaneously, and
implement it using OpenCL, for execution on graphics processing units (GPU).
This not only allows reducing the execution time with respect to the standard
sequential version, but also gives dictionaries with which the training
data are better approximated. We present numerical evidence supporting this
some what surprising conclusion and discuss in detail several implementation
choices and difficulties.

Paper. Presentation.

Dynamic Analysis: Knowing When to Stop

I made a lot of progress on the emulator since my last talk two years ago at
the 12051 Seminar "Analysis of Executables: Benefits and Challenges".
It is now a mature production-ready project and I want to
talk about the problems I faced, focusing on one in particular which is the
stopping problem.

The classic scenario is that an executable gets loaded and emulated until the
executable exit by itself. But there are times when the executable takes
longer to be emulated than you'd want it to or, worse yet, the emulation process
gets hogged somewhere due to anti-debugging techniques or bugs in the actual
program.
That's why most dynamic analysis solutions in the malware industry employ some
sort of watchdog-like mechanism that forces a stop in emulation after a certain
threshold is reached. These solutions involve time-based or emulated
instruction-based thresholds that are either non-deterministic or unfair to
certain machines (be it really fast machines or older, slower ones).

And so, I want to talk about a solution that provides a deterministic
and fair on all systems mechanism of stopping the emulation process.

Presentation.

Porting OpenBSD on the MIPS64-based Octeon Platforms

1 Introduction

2 Machine Memory

3 octrng(4)

4 octrtc(4)

5 brswphy(4)

6 octhci(4)

7 CFI

8 Conclusions

Presentation.

Pinky: A Modern Malware-oriented
Dynamic Information Retrieval Tool

A multifacet tool that aids the entire process of antimalware development
starting from laboratory work and bulk-analysis, to reverse-engineering
investigations of hot samples, to creating mix-and-match dynamic and
context aware signatures, all the way up to the in-field deployment process
of pro-active behaviour-based detection and universal unpacking safety-net.

Whitepaper.

Emulator Design, Traps and Pitfalls

1 Intermediate Representation

2 Translator

3 Compiler

4 Memory Management Unit

5 Virtual File System

6 System Calls

7 Conclusions

Presentation.

On the Linux Compatibility Layer in OpenBSD 5.0

1 Introduction

2 Userland Quick Overview

3 Processes and Threads

4 System Calls

5 Conclusions

Presentation.

OpenBSD's New Suspend and Resume Framework

Suspend and resume support in OpenBSD was almost complete in the 4.8 Release.
During the development, a lot had to be changed - it was a long process,
starting from acpi(4) and apm(4) changes, down into the low level parts of
autoconf(9) and upwards into the device drivers. What started as i386 and amd64
targeted development turned into a machine independent framework that can now
be used by other architectures.
Currently, loongson is one such architecture that is still a work in progress.

Paper. Presentation.

Image Processing Using Wavelet Transformations

The paper talks about image processing using wavelet transforms.
In it I compare multiple analysis and processing methods involving wavelets.
At first I present the wavelet notion and how functions can be described
through it.

The continuous wavelet transform of a function can be turned into a
discrete representation resulting in the discrete wavelet transform.
The problems and deficiencies associated in the development of this kind
of transform lead to new processing methods.

In order to fix these problems and improve the performance of the
discrete wavelet transform, a dual-tree is used instead. The tree is
built out of two discrete wavelet transforms working in parallel.
The tree branches are taken as the real and, respectively, the imaginary
part of a complex wavelet. Thus resulting the complex wavelet transform.

Based on the dual tree structure one can build a double-density dual tree.
This image processing approach combines the complex wavelet transform
with the double density transform. The later is also based on two discrete
wavelet transforms but it has some proprieties which are needed for the
dual tree.

For all of these image processing methods and techniques I implement the
necessary MatLab routines in order to test and experiment with the
different traits and proprieties of these structures.

With the help of filter banks, specific to each structure, I test the
performances in noise reduction for each implementation and I compare
them both numerically and graphically.

Paper (in Romanian).