Software and Software Vulnerabilities. Synopsis Array overflows Stack overflows String problems Pointer clobbering. Dynamic memory management Integer.

Slides:

Advertisements

Similar presentations

Introduction to C Programming

Advertisements

INSTRUCTION SET ARCHITECTURES

CSI 3120, Implementing subprograms, page 1 Implementing subprograms The environment in block-structured languages The structure of the activation stack.

What is a pointer? First of all, it is a variable, just like other variables you studied So it has type, storage etc. Difference: it can only store the.

Nirmalya Roy School of Electrical Engineering and Computer Science Washington State University Cpt S 122 – Data Structures Characters and Strings.

Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.

Chapter Four Data Types Pratt 2 Data Objects A run-time grouping of one or more pieces of data in a virtual machine a container for data it can be –system.

Inline Assembly Section 1: Recitation 7. In the early days of computing, most programs were written in assembly code. –Unmanageable because No type checking,

Chapter 11 C File Processing Acknowledgment The notes are adapted from those provided by Deitel & Associates, Inc. and Pearson Education Inc.

1 Homework Turn in HW2 at start of next class. Starting Chapter 2 K&R. Read ahead. HW3 is on line. –Due: class 9, but a lot to do! –You may want to get.

Pointers A pointer is a variable that contains memory address as its value. A variable directly contains a specific value. A pointer contains an address.

1 Computer System Overview OS-1 Course AA

State Machines Timing Computer Bus Computer Performance Instruction Set Architectures RISC / CISC Machines.

Elementary Data Types Scalar Data Types Numerical Data Types Other

C pointers (Reek, Ch. 6) 1CS 3090: Safety Critical Programming in C.

Arrays and Pointers in C Alan L. Cox

Examining the Code [Reading assignment: Chapter 6, pp ]

Java Security Updated May Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.

University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.

1 - buttons Click “Step Forward” to execute one line of the program. Click “Reset” to start over. “Play,” “Stop,” and “Step Back” are disabled in this.

Introduction to Java Appendix A. Appendix A: Introduction to Java2 Chapter Objectives To understand the essentials of object-oriented programming in Java.

Strings in C. Strings are Character Arrays Strings in C are simply arrays of characters. – Example:char s [10]; This is a ten (10) element array that.

Chapter 8 High-Level Programming Languages (modified by Erin Chambers)

The Data Element. 2 Data type: A description of the set of values and the basic set of operations that can be applied to values of the type. Strong typing:

INTRODUCTION TO PROGRAMMING STRUCTURE Chapter 4 1.

Computer Security and Penetration Testing

OSI and TCP/IP Models And Some Vulnerabilities AfNOG th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.

Chapter 17 Pointers and Arrays. Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display Pointers and Arrays.

Memory Layout and SLC500™ System Addresses. Processor Memory Division An SLC 500 processor's memory is divided into two storage areas. Like two drawers.

IT253: Computer Organization Lecture 3: Memory and Bit Operations Tonga Institute of Higher Education.

CSC 2400 Computer Systems I Lecture 5 Pointers and Arrays.

Chapter 0.2 – Pointers and Memory. Type Specifiers  const  may be initialised but not used in any subsequent assignment  common and useful  volatile.

CNIT 127: Exploit Development Ch 4: Introduction to Format String Bugs.

ECE 264 Object-Oriented Software Development Instructor: Dr. Honggang Wang Fall 2012 Lecture 26: Exam 2 Preview.

FLEX Fast Lexical Analyzer EECS Introduction Flex is a lexical analysis (scanner) generator. Flex is provided with a user input file or Standard.

Asking the USER for values to use in a software 1 Input.

Lecture 3 Classes, Structs, Enums Passing by reference and value Arrays.

How to Use BO Demos. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. How to Use Buffer Overflow Demos (applets)

What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.

8-1 Compilers Compiler A program that translates a high-level language program into machine code High-level languages provide a richer set of instructions.

Part I The Basic Idea software sequence of instructions in memory logically divided in functions that call each other – function ‘IE’ calls function.

Lecture 14 Page 1 CS 236 Online Variable Initialization Some languages let you declare variables without specifying their initial values And let you use.

Copyright © 2006 Pearson Addison-Wesley. All rights reserved This Weeks Topics: Pointers (continued)  Modify C-String through a function call 

Mr. Hudson’s Review Test on Thursday. Topics Arrays Traversing Loops Selections Identifying code throughout a program Type Casting Conversion of numbers.

More About Data Types & Functions. General Program Structure #include statements for I/O, etc. #include's for class headers – function prototype statements.

By Mr. Muhammad Pervez Akhtar

Pointers in C++. Topics Covered  Introduction to Pointers  Pointers and arrays  Character Pointers, Arrays and Strings  Examples.

Sairajiv Burugapalli. This chapter covers three main categories of classic software vulnerability: Buffer overflows Integer vulnerabilities Format string.

PLC ARCHITECTURE – Memory 2 by Dr. Amin Danial Asham.

Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.

Characters and Strings

C++ Programming Lecture 14 Arrays – Part I The Hashemite University Computer Engineering Department (Adapted from the textbook slides)

Announcements You will receive your scores back for Assignment 2 this week. You will have an opportunity to correct your code and resubmit it for partial.

Chapter 16 Pointers and Arrays Pointers and Arrays We've seen examples of both of these in our LC-3 programs; now we'll see them in C. Pointer Address.

Chapter Nine Strings. Char vs String Literals Size of data types: Size of data types: –sizeof(“hello\n”)7 bytes –sizeof(“hello”)6 bytes –sizeof(“X”)2.

Chapter 10 Chapter 10 Implementing Subprograms. Implementing Subprograms  The subprogram call and return operations are together called subprogram linkage.

Computer Science: A Structured Programming Approach Using C1 Objectives ❏ To understand the differences between text and binary files ❏ To write programs.

Chapter 3 Using Variables, Constants, Formatting Mrs. UlshaferSept

Secure Coding Rules for C++ Copyright © 2016 Curt Hill

C++, OBJECT ORIENTED PROGRAMMING

Ken D. Nguyen Department of Computer Science Georgia State University

CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst

I/O in C Lecture 6 Winter Quarter Engineering H192 Winter 2005

IO Overview CSCE 121 J. Michael Moore

Buffer Overflows.

Ken D. Nguyen Department of Computer Science Georgia State University

IO Overview CSCE 121 Strongly influenced by slides created by Bjarne Stroustrup and Jennifer Welch.

Presentation transcript:

Software and Software Vulnerabilities

Synopsis Array overflows Stack overflows String problems Pointer clobbering. Dynamic memory management Integer arithmetic problems Formatted Output Output File I/O Others (the cwe.mitre.org taxonomy)

Arrays Array are data groupings; they are numbered sequentially. The programmer refers to them through a number (constant) or a variable (datum). The trouble is, sometimes the data doesn't have the value you expect..

Array overflows If you are referencing an array, are outside the array, and are modifying the array, you are really modifying something else: among the possibilities are:  Other data,  Instructions,  pointers

Stack overflows A stack is a special kind of array in that it is implemented in an array; the problem may be because you tro to store too much data in the stack.

Strings Strings are sequences of characters. They are either terminated by a special character (common) or their length is indicated somewhere (less common).

String problems String termination Off-by-one errors Buffer and input overflows Code injection Arc injection

Pointers

Pointer clobbering.

Dynamic memory management

Integer arithmetic problems

Formatted Output Output

File I/O

Others (the cwe.mitre.org taxonomy)