Monte carlo methods in graphics and hacking
-
Upload
himanshu-goel -
Category
Engineering
-
view
91 -
download
3
Transcript of Monte carlo methods in graphics and hacking
Computer GraphicsGLOBAL ILLUMINATION AND THE RENDERING EQUATION
But first, lets see some imagesCAN YOU TELL THE DIFFERENCE?
Original from CCD Photometric Camera Rendered Image - Path Tracing
What’s Path Tracing?
Need to understand two important terms first:
Global Illumination
The Rendering Equation
Light can roughly be described as having two components:
Diffuse Lighting – Light hits a surface and scatters in various directions
Specular Lighting – Bounces almost directly back
However, light bounces around a lot, often off of multiple surfaces
before entering our retina. This creates a sort of ambient lighting, this
is called Global Illumination in the graphics industry.
The Rendering Equation
By James Kajiya
Describes every possible light-surface interaction (simplified version):
𝐿𝑜 𝑝, 𝜔𝑜 = Ω𝑓𝑟 𝑝, 𝜔𝑖 , 𝜔𝑜 ∗ 𝐿𝑖 𝑝, 𝜔𝑖 𝑛 ∙ 𝜔𝑖𝑑𝜔𝑖
𝐿𝑂 is a function which defines the amount of energy emitted by the
surface (outgoing radiance)
𝐿𝑖 represents the energy received by the surface (incoming radiance)
𝑓𝑟 here represents the Bi-directional Reflection Distribution Function
(BRDF)
Every light surface interaction is the sum of all the energy received
over all the points on its surface
Why Monte Carlo methods? 𝐿𝑖 depends on the 𝐿𝑜 of all other
surfaces – Recursive integral – cannot be solved analytically
The Rendering Equation
By James Kajiya
𝐿𝑜 𝑝, 𝜔𝑜 = Ω𝑓𝑟 𝑝, 𝜔𝑖 , 𝜔𝑜 ∗ 𝐿𝑖 𝑝, 𝜔𝑖 𝑛 ∙ 𝜔𝑖𝑑𝜔𝑖
Integral of the incoming radiant energy from all directions (thus a
sphere) at a point.
𝜙 represents the radiant flux – The total energy emitted by a light
source – in more technical terms, the area under the spectral
distribution
𝐿(𝑝, 𝜔) is also called the radiance or the radiant flux per unit area
𝑛 ∙ 𝜔𝑖 is the dot product and is used to account for the angle at
which the energy strikes the surface
Introducing Path Tracing and Ray
Tracing
Models the physical interaction of light in the real world.
Ray tracing –
A ray of ‘light’ is emitted straight from the camera(for speed reasons)
Ray is traversed across the ‘scene’ until it intersects an object
The BRDF is evaluated to determine the color and direction of the ray
The ray is bounced off of the object
Repeat until a number of bounces have happened or the ray intersects
a light source, set final ray color as the color of the pixel if it intersects a
light source, else set it to black
Introducing Path Tracing and Ray
Tracing
Path Tracing-
Improvement over ray tracing
Uses Monte Carlo techniques to evaluate the full rendering equation
At every intersection, multiple rays are emitted in all directions
All are traversed through the scene.
All rays but one are randomly killed
“Russian Roulette”
Repeated multiple times per pixel
color values are averaged
Similar to performing a random tree search
Path Tracing
Speed –
Horrible performance, can take hours for extremely simple images on a
modern computer
However, ‘embarrassingly parallel’ – multiple rays can be traversed at
the same time independently of each other.
Enter the GPU – Graphics Processing Unit, a highly parallel stream vector
processing unit – basically a personal supercomputer.
Modern GPUs can run thousands of threads in parallel, achieving numbers in
the millions of rays per second on ray tracing.
Path tracing is only recently becoming feasible in real time with new
hardware and branching improvements.
Realtime Path Tracing Demo
Video – Brigade Renderer:
https://www.youtube.com/watch?v=BpT6MkCeP7Y
Real time (60 frames per second) path tracing at 720p:
GPU = 2 NVIDIA GTX Titans
Was the most powerful GPU at the time the video was made
However, simple renders can be done in real time on a modern mid
range GPU
Path tracer rendering the Cornell Box in real time on an AMD Radeon
275X in a custom rendering framework
System security analysisTHE ART OF FUZZING AND THE CUTTING EDGE APPLICATION OF MONTE CARLO METHODS
Fuzzing – What is it?
The art of finding serious security flaws in software without human
intervention
More like without human interference
Naïve technique – generate random input and try to crash the
program being fuzzed
Very slow
Fuzzing – What is it?
Bleeding Edge Technique –
A combination of symbolic analysis, genetic algorithms and Monte Carlo methods
Symbolic analysis – essentially determining the flow of a program by assigning symbols to parts in order to produce a graph of the possible branches the program can make
Genetic algorithms are used to mutate the sample data
Monte Carlo Tree Search like methods are used to determine vulnerable routes given the success rates from the genetic algorithm
The success condition in this case is to crash the application
The advantage of MCTS lies in that it acts like a black box and does not require any information besides the conditions for success and the rules
Ideal for fuzzing, where the fuzzing target is also like a black box.
Fuzzing – What is it?
The Monte Carlo fuzzing algorithm significantly increases fuzzing
speed
Regular fuzzing is now common place in all high security applications
The WebKit Browser Engine
Is present on every device that can show web pages
Android, iOS, Chrome, Safari
Security is critical – One serious vulnerability can compromise billions of devices
The Linux Kernel/BSD/Anything that’s Unix based
Present on virtually everything that doesn’t run Windows
Android, iOS, OSX, Linux distros, Routers, Cars, Video game consoles, DVD players, TVs, Servers, even Toasters! The list is growing every day
A serious vulnerability is even more dangerous
Informational Entropy
How secure is secure?
Monte Carlo methods rely on random sampling
More accurate as more uniform randomness
Entropy – Measure of much information something contains
Encryption – Disguising information so it appears random
Strength of a cryptosystem measured by the ratio between the
entropy of the plaintext and the entropy of the ciphertext
Perform Monte Carlo integration with data to be examined as
random variable and compare to known value of the intergral
Demo
Sources – Computer Graphics
2 years of real time interactive graphics research and photorealistic
game engine development
Alamia, Marco. "Article - Physically Based Rendering." Coding Labs. Coding Labs. Web. 31 Mar. 2015.
Kajiya, James. "The Rendering Equation." The Rendering Equation.
SIGGRAPH Proceeding 1986, 18 Aug. 1986. Web. 31 Mar. 2015.
The defining paper of computer graphics
"The Cornell Box." The Cornell Box. Cornell University Program of
Computer Graphics, 2 Jan. 1998. Web. 31 Mar. 2015.
Sources - Fuzzing
4 years of research on black box security analysis and exploitation
"Clusterfuzz - Chrome's Fuzzing Infrastructure." Clusterfuzz - Chrome's Fuzzing Infrastructure. Google. Web. 31 Mar. 2015.
Valotta, Rosario. "Taking Browsers Fuzzing To The Next "DOM" Level." DeepSec. DeepSec, 1 Jan. 2012. Web. 31 Mar. 2015.
Kerrisk, Michael. "LCA: The Trinity Fuzz Tester." [LWN.net]. LWN, 6 Feb. 2013. Web. 31 Mar. 2015.
Godefroid, Patrice. "Random Fuzzing for Security: Blackbox vs Whitebox Fuzzing." ACM. ACM, 1 Jan. 2007. Web. 31 Mar. 2015.
"NetBSD Toaster with the TS-7200 ARM9 SBC." NetBSD Toaster with the TS-7200 ARM9 SBC. Technologic Systems. Web. 31 Mar. 2015.
The Computer toaster is real!
Sources - Fuzzing
Spinellis, Diomidis, Vassilios Karakoidas, and Panagiotis Louridas.
"Comparative Language Fuzz Testing Programming Languages vs.
Fat Fingers." Comparative Language Fuzz Testing. ACM, 1 Oct. 2012. Web. 31 Mar. 2015.
Walker, John. "Pseudorandom Number Sequence Test Program."
Pseudorandom Number Sequence Test Program. Fourmilab, 28 Jan.
2008. Web. 05 Apr. 2015.