CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst

Slides:



Advertisements
Similar presentations
Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Advertisements

Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.
Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
K. Salah1 Buffer Overflow The crown jewel of attacks.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Teaching Buffer Overflow Ken Williams NC A&T State University.
Windows XP SP2 Stack Protection Jimmy Hermansson Johan Tibell.
Teaching Buffer Overflow Ken Williams NC A&T State University.
Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.
Lecture 16 Buffer Overflow
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Buffer overflows.
Computer Security and Penetration Testing
Buffer Overflows : An In-depth Analysis. Introduction Buffer overflows were understood as early as 1972 The legendary Morris Worm made use of a Buffer.
Mitigation of Buffer Overflow Attacks
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 10 “Buffer Overflow”.
CSCD 303 Essential Computer Security Spring 2013 Lecture 17 Buffer Overflow Attacks.
Buffer Overflow CS461/ECE422 Spring Reading Material Based on Chapter 11 of the text.
Buffer Overflow Attack-proofing by Transforming Code Binary Gopal Gupta Parag Doshi, R. Reghuramalingam The University of Texas at Dallas 11/15/2004.
Buffer Overflow Proofing of Code Binaries By Ramya Reguramalingam Graduate Student, Computer Science Advisor: Dr. Gopal Gupta.
Buffer Overflow Group 7Group 8 Nathaniel CrowellDerek Edwards Punna ChalasaniAxel Abellard Steven Studniarz.
Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.
Lecture 9: Buffer Ovefflows and ROP EEN 312: Processors: Hardware, Software, and Interfacing Department of Electrical and Computer Engineering Spring 2014,
What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.
A Tool for Pro-active Defense Against the Buffer Overrun Attack D. Bruschi, E. Rosti, R. Banfi Presented By: Warshavsky Alex.
Part I The Basic Idea software sequence of instructions in memory logically divided in functions that call each other – function ‘IE’ calls function.
Lecture 13 Page 1 CS 236 Online Major Problem Areas for Secure Programming Certain areas of programming have proven to be particularly prone to problems.
Buffer overflow and stack smashing attacks Principles of application software security.
Sairajiv Burugapalli. This chapter covers three main categories of classic software vulnerability: Buffer overflows Integer vulnerabilities Format string.
A Survey on Runtime Smashed Stack Detection 坂井研究室 M 豊島隆志.
Buffer Overflows Taught by Scott Coté.-. _ _.-. / \.-. ((___)).-. / \ /.ooM \ / \.-. [ x x ].-. / \ /.ooM \ -/ \ /-----\-----/---\--\ /--/---\-----/-----\ / \-
Information Security - 2. A Stack Frame. Pushed to stack on function CALL The return address is copied to the CPU Instruction Pointer when the function.
Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.
1988 Morris Worm … estimated 10% penetration 2001 Code Red … 300,00 computers breached 2003 Slammer/Sapphire … 75,00 infections in 10 min Zotob …
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Crispin Cowan SANS 2000.
Chapter 10 Buffer Overflow 1. A very common attack mechanism o First used by the Morris Worm in 1988 Still of major concern o Legacy of buggy code in.
Secure Programming Dr. X
Overflows Mark Shtern.
Mitigation against Buffer Overflow Attacks
Buffer Overflow Buffer overflows are possible because C doesn’t check array boundaries Buffer overflows are dangerous because buffers for user input are.
Sabrina Wilkes-Morris CSCE 548 Student Presentation
Protecting Memory What is there to protect in memory?
The Hardware/Software Interface CSE351 Winter 2013
Protecting Memory What is there to protect in memory?
Secure Programming Dr. X
Protecting Memory What is there to protect in memory?
CSC 495/583 Topics of Software Security Stack Overflows (2)
CMSC 414 Computer and Network Security Lecture 21
Software Security Lesson Introduction
Format String.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2011.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2009.
Buffer Overflows.
Understanding and Preventing Buffer Overflow Attacks in Unix
CNT4704: Analysis of Computer Communication Network Special Topic: Buffer Overflow II: Defense Techniques Cliff Zou Fall 2011.
Presentation transcript:

CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2016

Buffer Overflow A common security vulnerability Root cause Unsafe programming languages The problem would disappear if we would write correct code What areas of process memory are vulnerable to a buffer overflow? Stack Heap Code/Data

Stack Smashing Attack A specific kind of buffer overflow attack How does it work? During a function call, the return address is pushed on the stack An attacker overflows a buffer (local variable) The return address on the stack is overwritten to point to an existing function or to injected code During the function return the instruction pointer is set to the new return address value stored on the stack, not the original return address that was pushed on the stack as the function was called

Vulnerable Code Examples This code snippet caused the Morris Worm (1988) char buf[20]; gets(buf);

Vulnerable Code Examples void foo(char *input) { //make a local working copy char buf[1024]; strcpy(buf, input); }

Limitations Usually there is only one write operation that is vulnerable The attacker has one operation to overwrite the return address The stack frame is usually corrupted so that the program crashes sometime after the buffer is overflowed But the attack may be executed before the crash occurs Remote attacker doesn’t know the exact address location of the injected attack code NOP Sled helps create a window of opportunity

Questions on Stack Smashing How does the stack normally operate during a function call/return? Where is the stack in memory? How do the base pointer (ebp) and stack pointer (esp) work? How are local variables placed on the stack? Describe how an attacker can inject code on the stack What is a NOP sled and how/why is it used in a stack smashing attack? What are the requirements for the format of the injected code?

Defenses Write correct code Non-executable buffers Avoid vulnerable functions Audit code – use analysis tools Fuzz testing Non-executable buffers Kernel patches make the stack non-executable Array bounds checking Compile time or run-time checks Use a type-safe language Code pointer integrity checking Detect when a pointer is corrupted Canaries and pointer checking Address space randomization (ASLR)

Canary How does a canary prevent a stack smashing attack? Canary types Terminator canary Random canary XOR canary

Questions What are the approaches to defend against a buffer overflow attack? What are the pros/cons of each? Is a buffer overflow only useful for a remote attack? (True or False) Making the stack non-executable makes a stack smashing attack impossible? (True or False) If your web server is written in Java, it is not vulnerable to a stack smashing attack? What is the principle of least privilege and how does it relate to buffer overflow attacks?

Integer Manipulation Vulnerabilities Three main integer manipulations that can lead to security vulnerabilities Overflow and underflow Signed vs. unsigned errors Truncation Reviewing Code for Integer Manipulation Vulnerabilities http://msdn2.microsoft.com/en-us/library/ms972818.aspx

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.