12/13/04Craig E. Ward, CMSI 6011 Implications of Programming Language Selection on the Construction of Secure Software Systems A presentation of the paper.

Slides:



Advertisements
Similar presentations
Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.
Advertisements

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
The Java Programming Language
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus Microsoft Research Brandon Baker Microsoft Carl Hartung CSCI 7143:
Outline Java program structure Basic program elements
Lecture 16 Buffer Overflow
Java Security Updated May Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.
Java Software Solutions Lewis and Loftus Chapter 2 1 Copyright 1997 by John Lewis and William Loftus. All rights reserved. Software Concepts -- Introduction.
Principles of Computer Programming (using Java) Review Haidong Xue Summer 2011, at GSU.
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer Brett Hodges April 8, 2010.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Computer Security and Penetration Testing
C Programming language
Algorithm Programming Bar-Ilan University תשס"ח by Moshe Fresko.
Lecture 2 Object Oriented Programming Basics of Java Language MBY.
Basic Java Syntax CSE301 University of Sunderland Harry R Erwin, PhD.
Mitigation of Buffer Overflow Attacks
Lecture :2 1.  DEFENTION : Java is a programming language expressly designed for use in the distributed environment of the Internet. It was designed.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 10 “Buffer Overflow”.
Hello.java Program Output 1 public class Hello { 2 public static void main( String [] args ) 3 { 4 System.out.println( “Hello!" ); 5 } // end method main.
CNIT 127: Exploit Development Ch 4: Introduction to Format String Bugs.
Defining and Converting Data Copyright Kip Irvine, 2003 Last Update: 11/4/2003.
© Janice Regan, CMPT 300, May CMPT 300 Introduction to Operating Systems Memory: Relocation.
Buffer Overflow Attack-proofing by Transforming Code Binary Gopal Gupta Parag Doshi, R. Reghuramalingam The University of Texas at Dallas 11/15/2004.
Buffer Overflow Proofing of Code Binaries By Ramya Reguramalingam Graduate Student, Computer Science Advisor: Dr. Gopal Gupta.
Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.
What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.
Java Basics Opening Discussion zWhat did we talk about last class? zWhat are the basic constructs in the programming languages you are familiar.
Lecture 13 Page 1 CS 236 Online Major Problem Areas for Secure Programming Certain areas of programming have proven to be particularly prone to problems.
Buffer overflow and stack smashing attacks Principles of application software security.
Duke CPS From C++ to Java l Java history: Oak, toaster-ovens, internet language, panacea l What it is ä O-O language, not a hybrid (cf. C++)
Sairajiv Burugapalli. This chapter covers three main categories of classic software vulnerability: Buffer overflows Integer vulnerabilities Format string.
A Survey on Runtime Smashed Stack Detection 坂井研究室 M 豊島隆志.
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.
1988 Morris Worm … estimated 10% penetration 2001 Code Red … 300,00 computers breached 2003 Slammer/Sapphire … 75,00 infections in 10 min Zotob …
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
1988 Morris Worm … estimated 10% penetration 2001 Code Red … 300,00 computers breached 2003 Slammer/Sapphire … 75,00 infections in 10 min Zotob …
Beyond Stack Smashing: Recent Advances In Exploiting Buffer Overruns Jonathan Pincus and Brandon Baker Microsoft Researchers IEEE Security and.
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Crispin Cowan SANS 2000.
Chapter 10 Buffer Overflow 1. A very common attack mechanism o First used by the Morris Worm in 1988 Still of major concern o Legacy of buggy code in.
CS703 - Advanced Operating Systems By Mr. Farhan Zaidi.
RealTimeSystems Lab Jong-Koo, Lim
 It is a pure oops language and a high level language.  It was developed at sun microsystems by James Gosling.
1 Problem Solving  The purpose of writing a program is to solve a problem  The general steps in problem solving are: Understand the problem Dissect the.
Sung-Dong Kim, Dept. of Computer Engineering, Hansung University Java - Introduction.
Variables Bryce Boe 2012/09/05 CS32, Summer 2012 B.
Design issues for Object-Oriented Languages
Secure Programming Dr. X
Overflows Mark Shtern.
Major Problem Areas for Secure Programming
Mitigation against Buffer Overflow Attacks
Buffer Overflow Buffer overflows are possible because C doesn’t check array boundaries Buffer overflows are dangerous because buffers for user input are.
Secure Programming Dr. X
Protection and OS Structure
Secure Software Development: Theory and Practice
High Coverage Detection of Input-Related Security Faults
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
An overview of Java, Data types and variables
Software Security Lesson Introduction
Focus of the Course Object-Oriented Software Development
CS5123 Software Validation and Quality Assurance
FIGURE Illustration of Stack Buffer Overflow
Presentation transcript:

12/13/04Craig E. Ward, CMSI 6011 Implications of Programming Language Selection on the Construction of Secure Software Systems A presentation of the paper for CMSI 601 Graduate Seminar, Loyola Marymount University

12/13/04Craig E. Ward, CMSI 6012 Agenda Introduction Approach to selecting Programming Languages Vulnerabilities Four vulnerabilities will be presented Conclusions Questions and Comments

12/13/04Craig E. Ward, CMSI 6013 Programming Languages More than just one type Imperative Object-oriented Interpreted Virtual machine byte code Functional

12/13/04Craig E. Ward, CMSI 6014 Programming Languages LanguageVersionPlatform Java1.4.2Mac OS X CGCC 3.3Mac OS X, Cygwin C++GCC 3.3Mac OS X Perl5.8Mac OS X Standard MLMoscow ML 2.01Windows XP, Mac OS X

12/13/04Craig E. Ward, CMSI 6015 Vulnerabilities Range from general to specific General vulnerabilities that present problems for all programming languages Vulnerabilities that present risks to just a particular programming language Vulnerabilities that effect particular implementation of a programming language

12/13/04Craig E. Ward, CMSI 6016 Vulnerabilities List a group of similar vulnerabilities Use one to illustrate the group Some vulnerabilities could fit into more- than-one group so these groupings are not absolute.

12/13/04Craig E. Ward, CMSI 6017 General Vulnerabilities Malicious Input Race Conditions

12/13/04Craig E. Ward, CMSI 6018 Malicious Input Programs that blindly accept input from external sources are vulnerable to exploits Especially problematic if this input is executed Input should be sanitized using a white list

12/13/04Craig E. Ward, CMSI 6019 Malicious Input C (and C++) The library routine system() is dangerous Java Runtime.exec() almost as dangerous Perl Some protection with taint mode (if you turn it on) ML OS.Process.system() is dangerous too

12/13/04Craig E. Ward, CMSI Overflow Vulnerabilities Integer Overflow Format String Vulnerabilities Stack Overflow Heap Overflow

12/13/04Craig E. Ward, CMSI Integer Overflow Attempting to store an integer larger than will fit in the allocated space Most overflows wrap; some saturate Can be used to break protections around bad C library routines

12/13/04Craig E. Ward, CMSI Integer Overflow C/C++ Loss of precision from automatic conversions Overflow from calculation Change of sign Java Signed only Compiler prevents loss of precision from assignments

12/13/04Craig E. Ward, CMSI Integer Overflow Perl Scalars interpreted at runtime as integer, float, string ML No automatic conversions or casts Throws exception on overflow

12/13/04Craig E. Ward, CMSI Object Vulnerabilities Java Inner Classes Class compare by name

12/13/04Craig E. Ward, CMSI Java Inner Classes Nested classes given access to outer class members JVM does not recognize a difference between regular and inner classes To give appearance of access by inner classes, accessed members given package scope

12/13/04Craig E. Ward, CMSI Java Inner Classes public class Flag { class InnerFlag { public void incFlag() { flag++; } public void showFlag() { System.out.println("The hidden flag is " + flag); } public Flag(int flag) { this.flag = flag * 5; } private int flag; }

12/13/04Craig E. Ward, CMSI Java Inner Classes Compiled from "Flag.java" public class Flag extends java.lang.Object{ private int flag; public Flag(int); static int access$008(Flag); static int access$000(Flag); } Compiled from "Flag.java" class Flag$InnerFlag extends java.lang.Object{ private final Flag this$0; Flag$InnerFlag(Flag); public void incFlag(); public void showFlag(); }

12/13/04Craig E. Ward, CMSI Java Inner Classes C++ does not automatically give nested classes access to outer class Perl does not enforce any encapsulation Everyone expected to play nice ML does not have inner classes or notion of friend class. Uses signatures. Is Java wrong for being orthogonal?

12/13/04Craig E. Ward, CMSI Narrow Vulnerabilities Pointer Subterfuge Arc Injection C++ VPTR Exploit

12/13/04Craig E. Ward, CMSI Pointer Subterfuge A counterattack to preventative measures on some Unix systems Exploit targets Linux on IA32 StackGuard canary before return address If stack overwritten, canary would change StackShield return address stack If return address different from saved, abort

12/13/04Craig E. Ward, CMSI Pointer Subterfuge Characteristics of a protected program that cause protection to fail: A pointer located next to a buffer A misused library routine that can overflow into the pointer A second copy that uses the pointer without the pointer being initialized wu-ftpd 2.5 mapped_path bug

12/13/04Craig E. Ward, CMSI Pointer Subterfuge Use the overflowed pointer to change the return address without damaging the canary Use the overflowed pointer to change list of exit routines to trick StackShield Use the overflowed pointer to change address of copy function to system

12/13/04Craig E. Ward, CMSI Conclusions Security is important and must be considered when choosing a programming language. Speed isnt everything. No programming language is completely safe Object orientation only minimally helps Functional programming may help Use static analysis tools designed for the language you are using

12/13/04Craig E. Ward, CMSI Questions or Comments?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.