Buffer Overflows Incomplete Access Control

Slides:



Advertisements
Similar presentations
Chapter 3 (Part 1) Network Security
Advertisements

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
Building Secure Software Chapter 9 Race Conditions.
SQL Injection and Buffer overflow
Computer Security and Penetration Testing
Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,
2-1 Last time What is our goal in this course? What is security? What is privacy? Who are the adversaries? Assets, vulnerabilities, threats, attacks and.
Lecture 12 Overview.
Secure Software Development SW Penetration Testing Chapter 6 Rasool Jalili & M.S. Dousti Dept. of Computer Engineering Fall 2010.
Fall 2008CS 334: Computer SecuritySlide #1 Program Security Buffer Overflows Incomplete Access Control.
Computer Security and Penetration Testing
Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.
Attacking Applications: SQL Injection & Buffer Overflows.
Program Security Week-2. Programming Fault: When a human makes a mistake, called an error, in performing some software activity, the error may lead to.
Security - Why Bother? Your projects in this class are not likely to be used for some critical infrastructure or real-world sensitive data. Why should.
DEBUGGING. BUG A software bug is an error, flaw, failure, or fault in a computer program or system that causes it to produce an incorrect or unexpected.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
Today’s Agenda  Reminder: HW #1 Due next class  Quick Review  Input Space Partitioning Software Testing and Maintenance 1.
CSCE 548 Integer Overflows Format String Problem.
CPSC 6126 Computer Security Information Assurance.
Buffer overflow and stack smashing attacks Principles of application software security.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 9: Designing Exceptionally.
Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.
Writing Secure Programs. Program Security CSCE Farkas/Eastman - Fall Program Flaws Taxonomy of flaws: how (genesis) when (time) where (location)
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
The purpose of a CPU is to process data Custom written software is created for a user to meet exact purpose Off the shelf software is developed by a software.
Eighth Lecture Exception Handling in Java
Secure Programming Dr. X
Object Lifetime and Pointers
Buffer Overflow Defenses
Mitigation against Buffer Overflow Attacks
CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.
Protecting Memory What is there to protect in memory?
Chapter 7: Identifying Advanced Attacks
Testing Tutorial 7.
Security Testing Methods
Execution with Unnecessary Privileges
/50 /60 /40 /30 A Tale of Two Clients
Faults and fault-tolerance
Protecting Memory What is there to protect in memory?
Software Security Testing
Secure Programming Dr. X
Protecting Memory What is there to protect in memory?
Secure Software Confidentiality Integrity Data Security Authentication
Putting It All Together
Putting It All Together
Chapter 8 – Software Testing
Outline Introduction Characteristics of intrusion detection systems
Logical vulnerabilities
bcb
Verification & Validation
Some Simple Definitions for Testing
CMSC 414 Computer and Network Security Lecture 21
Threads and Memory Models Hal Perkins Autumn 2011
Text Book: Security in Computing
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
Security in Java Real or Decaf? cs205: engineering software
Faults and fault-tolerance
Software Security Lesson Introduction
CSE 451: Operating Systems Spring 2012 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.
Threads and Memory Models Hal Perkins Autumn 2009
Coding Concepts (Standards and Testing)
Algorithm and Ambiguity
Programming Logic and Design Fifth Edition, Comprehensive
CS5123 Software Validation and Quality Assurance
Exceptions 10-May-19.
Chapter 7 Software Testing.
Understanding and Preventing Buffer Overflow Attacks in Unix
Exploring DOM-Based Cross Site Attacks
Presentation transcript:

Buffer Overflows Incomplete Access Control Program Security Buffer Overflows Incomplete Access Control Fall 2006 CS 395: Computer Security

Why Program Security? Because program flaws are the gateway through which many attacks are launched: Intrusion detection, network security (e.g. firewalls) are necessary because computers (and specifically the programs they run) are vulnerable to attack. Because understanding how programs are attacked can help you to write more secure code. Fall 2006 CS 395: Computer Security

Secure Programs How do we define the term secure program? Program that meets specification? Specifications can be incorrect, incomplete, or vague Consider example in text (p. 96) of “locked” computers that all used same keys How do we identify secure programs? # of faults discovered and fixed during design, development, etc? Fall 2006 CS 395: Computer Security

History: Fixing Faults Software engineering research has shown that software that has many faults early on is likely to have many others waiting to be found ``Penetrate and Patch’’: Analysts search for and repair faults Badness: pressure to repair specific fault often causes tunnel vision (failure to consider context) Faults often have non-obvious side effects in places other than immediate area of fault Fixed faults can cause system performance or operation to suffer Fall 2006 CS 395: Computer Security

Secure Programs Often (somewhat vaguely) based on the notion of expectation: does a program behave as the designer and users expect? Program security flaw: unexpected behavior Lots of terminology(vulnerability, flaw, faults, failures, etc) Who cares: only need to know cause (what fault caused the problem) and effect (what failure is visible to user) Fall 2006 CS 395: Computer Security

Intention Textbooks makes big deal out of notion of malicious versus non-malicious Misleading: Buffer overflow is non-malicious? Yes, because the flaw is often the result of an accidental oversight of the programmer No, because a buffer overflow attack can be, well, not good Fall 2006 CS 395: Computer Security

Three Types of Vulnerabilities Buffer Overflow Incomplete Mediation Time-of-check to Time-of-Use (TOCTOU) Errors Fall 2006 CS 395: Computer Security

Buffer Overflow Simply put, trying to squeeze too much stuff into too small a space Defn: a buffer (or array or string) is a space in which data can be held Usually, programmer needs to have declared size of the buffer beforehand (but not always) Also, size cannot always be determined through static analysis (may be run-time decision) Fall 2006 CS 395: Computer Security

Buffer Overflow Is this access out of bounds? Upshot: compiler cannot identify all out-of-bounds accesses Hope that language run-time flags this (if bad). Many don’t (e.g. C) Fall 2006 CS 395: Computer Security

Buffer Overflow Effect of overflow is that data outside buffer is overwritten Exact effect depends on what is overwritten User’s data? User’s program code? System data? System program code? Fall 2006 CS 395: Computer Security

Incomplete Mediation An Example: http://www.somesite.com/subpage/userinput.asp?parm1=(808)5551212&parm2=2009Jan17 This URL causes the execution of code on the server that reads the two parameters parm1 and parm2. There may be code on the client (browser) page that checks validity of parameters. It’s likely also that the values were entered using forms that prohibit certain kinds of entries for various fields But the parameters are packed into the URL line, which is user modifiable. So whatever checks were made are ineffective. Fall 2006 CS 395: Computer Security

Incomplete Mediation The problem: the sensitive data was not completely mediated -- it was placed in an exposed uncontrolled condition A true-life example: http://www.things.com/order.asp?custID=101&part=55&qy=20&price=10&ship=boat&shipcost=5&total=205 http://www.things.com/order.asp?custID=101&part=55&qy=20&price=10&ship=boat&shipcost=5&total=25 original Question: why even transmit price data?! modified Fall 2006 CS 395: Computer Security

TOCTOU Errors Time-of-check to Time-of-Use Errors Synchronization error: basically, exploitable gap between (time condition for accessing object is checked) and (time access actually occurs) Ex: Sculpture costs $100. Buyer counts $100 and places it on table. Seller turns around to write receipt, buyer takes $20 back and hands stack to seller (who assumes there is still $100 in stack) Between time security was checked (counting bills) and object accessed (get sculpture) the condition changed Fall 2006 CS 395: Computer Security