K. Salah1 Buffer Overflow The crown jewel of attacks.

Slides:



Advertisements
Similar presentations
Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Advertisements

Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Buffer Overflow Prevention ”\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e \x89\xe3\x50\x53\x50\x54\x53\xb0\x3b\x50\xcd\x80” Presented to CRAB April.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
DICOTS and StackGuard: Two current approaches to tolerating malicious code Carl Landwehr Mitretek Systems, Inc Colshire Dr. McLean, VA 22102
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
Buffer Overflow By: John Quach and Napoleon N. Valdez.
Teaching Buffer Overflow Ken Williams NC A&T State University.
Preventing Buffer Overflow Attacks. Some unsafe C lib functions strcpy (char *dest, const char *src) strcat (char *dest, const char *src) gets (char *s)
Analysis of the Internet Worm of August 2003 INFORMATION AND COMPUTER SCIENCE DEPARTMENT Dr. K. Salah September 2003.
Teaching Buffer Overflow Ken Williams NC A&T State University.
1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)
Control hijacking attacks Attacker’s goal: – Take over target machine (e.g. web server) Execute arbitrary code on target by hijacking application control.
Lecture 16 Buffer Overflow
Statically Detecting Likely Buffer Overflow Vulnerabilities David Larochelle David Evans University of Virginia Department of Computer Science Supported.
Java Security Updated May Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.
Buffer Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Defenses Author:
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
Lecture 0 Appendix on Implementation Threats Material from Warren Page & Chpt 11, Information Security by Mark Stamp.
Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.
Computer Security and Penetration Testing
Attacking Applications: SQL Injection & Buffer Overflows.
Buffer Overflow Detection Stuart Pickard CSCI 297 June 14, 2005.
Mitigation of Buffer Overflow Attacks
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 10 “Buffer Overflow”.
Buffer Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Defenses Author:
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
Buffer Overflow Attack-proofing by Transforming Code Binary Gopal Gupta Parag Doshi, R. Reghuramalingam The University of Texas at Dallas 11/15/2004.
Overflow Examples 01/13/2012. ACKNOWLEDGEMENTS These slides where compiled from the Malware and Software Vulnerabilities class taught by Dr Cliff Zou.
Buffer Overflow Proofing of Code Binaries By Ramya Reguramalingam Graduate Student, Computer Science Advisor: Dr. Gopal Gupta.
Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.
Lecture 9: Buffer Ovefflows and ROP EEN 312: Processors: Hardware, Software, and Interfacing Department of Electrical and Computer Engineering Spring 2014,
A Tool for Pro-active Defense Against the Buffer Overrun Attack D. Bruschi, E. Rosti, R. Banfi Presented By: Warshavsky Alex.
Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.
Buffer overflow and stack smashing attacks Principles of application software security.
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.
Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
Beyond Stack Smashing: Recent Advances In Exploiting Buffer Overruns Jonathan Pincus and Brandon Baker Microsoft Researchers IEEE Security and.
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Crispin Cowan SANS 2000.
Software Security. Bugs Most software has bugs Some bugs cause security vulnerabilities Incorrect processing of security related data Incorrect processing.
Chapter 10 Buffer Overflow 1. A very common attack mechanism o First used by the Morris Worm in 1988 Still of major concern o Legacy of buggy code in.
CS703 - Advanced Operating Systems By Mr. Farhan Zaidi.
@Yuan Xue Worm Attack Yuan Xue Fall 2012.
Lec. Waleed Bin Shahid.  You might have noticed a lot of issues related to software implementation.  The ultimate requirement of developer(s) is to.
Buffer Overflow Defenses
Mitigation against Buffer Overflow Attacks
Sabrina Wilkes-Morris CSCE 548 Student Presentation
Buffer Overflow Defenses
CSC 495/583 Topics of Software Security Stack Overflows (2)
CMSC 414 Computer and Network Security Lecture 21
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
Security in Java Real or Decaf? cs205: engineering software
Defending against Stack Smashing attacks
Software Security Lesson Introduction
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2009.
Anatomy of the Buffer Overflow
CS5123 Software Validation and Quality Assurance
Understanding and Preventing Buffer Overflow Attacks in Unix
Return-to-libc Attacks
Presentation transcript:

K. Salah1 Buffer Overflow The crown jewel of attacks

K. Salah2 Buffer Overflow Remains the principle method used to exploit software by remotely injecting malicious code Remains the principle method used to exploit software by remotely injecting malicious code It remains to be the “Crown Jewel of Attacks.” It remains to be the “Crown Jewel of Attacks.” Started with Robert Morris worm in 1988 exploiting a buffer overflow vulnerability in fingerd. Started with Robert Morris worm in 1988 exploiting a buffer overflow vulnerability in fingerd. Code Red worm of 2001, exploiting a buffer overflow vulnerability in Mircosoft IIS (Internet Information Server). Code Red worm of 2001, exploiting a buffer overflow vulnerability in Mircosoft IIS (Internet Information Server). The new MS Blaster of 2003, exploiting a buffer overflow vulnerability in MS DCOM/RPC. The new MS Blaster of 2003, exploiting a buffer overflow vulnerability in MS DCOM/RPC. The next attack will be most likely linked to buffer overflow The next attack will be most likely linked to buffer overflow CERT Security Alert by Years– upto the first 2 months of 2002

K. Salah3 A living legend article Best article on the know-how details of the buffer overflow can be found in Phrack Magazine (issue 49) titled, published in 1996: Best article on the know-how details of the buffer overflow can be found in Phrack Magazine (issue 49) titled, published in 1996: “Smashing the Stack for Fun and Profit,” “Smashing the Stack for Fun and

K. Salah4

5  Called Payload “This is a hex representation of some binary executable code”

K. Salah6 Unsafe functions in the standard C Library

K. Salah7 “C gives you a rope to build a bridge and hang yourself” “C gives you a rope to build a bridge and hang yourself”

K. Salah8 Finding buffer overflow Issue requests or arguments with long strings Issue requests or arguments with long strings  Long strings end with “$$$$$” If application crashes, If application crashes,  Search core dump for “$$$$$” to find overflow location  Use reverse engineering Some automated tools exist Some automated tools exist

K. Salah9 Buffer Overflow Countermeasures Validate all arguments or parameters received whenever you write a function. Validate all arguments or parameters received whenever you write a function.  Bounds checking  Performance is compromised!! Use secure functions instead, e.g., strncpy() and strncat() Use secure functions instead, e.g., strncpy() and strncat() Use safe compilers Use safe compilers  Watch out for free compilers!!! Can be made by hackers, for hackers! Test and review your code thoroughly -- the power of code review Test and review your code thoroughly -- the power of code review Keep applying patches Keep applying patches Good site for advisory is CERT at Carnegie Mellon SWE Institute Good site for advisory is CERT at Carnegie Mellon SWE Institute  Can this attack be ever eliminated?

K. Salah10 Protecting the Stack Good number of references is found in: Good number of references is found in:  How? How?  Splitting control stack from data stack Control stack contains return addresses Data stack contains local variables and passed parameters  Use middleware software (libsafe) to intercept calls to library functions known to be vulnerable.  Using StackGuard and StackShield Adding more code at the beginning and end of each function Check to see if ret address is altered and signal a violation  Others  Performance due to overhead is always as issue!

K. Salah11 The Adventure Continues Bypassing the countermeasure for smashing the stack Bypassing the countermeasure for smashing the stack  Crispin Cowan, Steve Beattie, Ryan Finnin Day, Calton Pu, Perry Wagle and Erik Walthinsen. Protecting Systems from Stack Smashing Attacks with StackGuard  In May 2000 issue of Phrack Magazine ( “Bypassing StackGuard and StackShield” by Bulba and Kil3r

K. Salah12 Buffer Overflow in Java and C# More immune to BO vulnerabilities More immune to BO vulnerabilities  Still can happen  JVM is written in C  Possible to confuse type checking  Hostile applets aren’t too hard to write (about 1 new vulnerability per month) “type safe” language with strong type checking “type safe” language with strong type checking Control flow safe: “jumps” must be within the function or do “call/return” Control flow safe: “jumps” must be within the function or do “call/return” Using the JVM and its built-in bytecode verifier Has no support for pointers to manipulate memory addresses Has no support for pointers to manipulate memory addresses Has built-in security managers to define what resources to be accessed Has built-in security managers to define what resources to be accessed Implements “code signing” to verify data origin and integrity Implements “code signing” to verify data origin and integrity

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.