CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Software Security.

Slides:



Advertisements
Similar presentations
Introduction to Memory Management. 2 General Structure of Run-Time Memory.
Advertisements

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
By Skyler Onken.  Who am I?  What is Fuzzing?  Usual Targets  Techniques  Results  Limitations  Why Fuzz?  “Fuzzing the Web”?  Desired Solution.
USING EMET TO DEFEND AGAINST TARGETED ATTACKS PRESENTED BY ROBERT HENSING – SENIOR CONSULTANT – MICROSOFT CORPORATION MICHAEL MATTES – SENIOR CONSULTANT.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
August 1, 2006 XP Security. August 1, 2006 Comparing XP and Security Goals XP GOALS User stories No BDUF Refactoring Continuous integration Simplicity.
August 1, 2006 Software Security. August 1, 2006 Essential Facts Software Security != Security Features –Cryptography will not make you secure. –Application.
Chapter 15 : Attacking Compiled Applications Alexis Kirat - International Student.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research
Lecture 16 Buffer Overflow
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.
Secure Software Development Chris Herrick 01/29/2007.
CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Software Security Testing.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 4 Finding Network Vulnerabilities By Whitman, Mattord, & Austin© 2008 Course Technology.
May 2, 2007St. Cloud State University Software Security.
August 1, The Software Security Problem August 1, 2006.
Exploitation: Buffer Overflow, SQL injection, Adobe files Source:
Honeypot and Intrusion Detection System
Computer Security and Penetration Testing
BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES By: Eric Chien and Peter Szor Presented by: Jesus Morales.
Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and.
OSI and TCP/IP Models And Some Vulnerabilities AfNOG th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.
1 Internet Browsing Vulnerabilities and Security ECE4112 Final Lab Ye Yan Frank Park Scott Kim Neil Joshi.
Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 10 “Buffer Overflow”.
CNIT 127: Exploit Development Ch 4: Introduction to Format String Bugs.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
CSCE 548 Integer Overflows Format String Problem.
Buffer Overflow Group 7Group 8 Nathaniel CrowellDerek Edwards Punna ChalasaniAxel Abellard Steven Studniarz.
Lecture 9: Buffer Ovefflows and ROP EEN 312: Processors: Hardware, Software, and Interfacing Department of Electrical and Computer Engineering Spring 2014,
A Tool for Pro-active Defense Against the Buffer Overrun Attack D. Bruschi, E. Rosti, R. Banfi Presented By: Warshavsky Alex.
Retina Network Security Scanner
Shellcode Development -Femi Oloyede -Pallavi Murudkar.
Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code Jeff Seibert, Hamed Okhravi, and Eric Söderström Presented.
On the Effectiveness of Address-Space Randomization Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, Dan Boneh.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Covert Channels.
Sairajiv Burugapalli. This chapter covers three main categories of classic software vulnerability: Buffer overflows Integer vulnerabilities Format string.
Buffer Overflows Taught by Scott Coté.-. _ _.-. / \.-. ((___)).-. / \ /.ooM \ / \.-. [ x x ].-. / \ /.ooM \ -/ \ /-----\-----/---\--\ /--/---\-----/-----\ / \-
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.
GHOST 2.0: What you need to know about the glibc getaddrinfo vulnerability (CVE ) Johannes B. Ullrich, Ph.D, SANS
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
Chapter 10 Buffer Overflow 1. A very common attack mechanism o First used by the Morris Worm in 1988 Still of major concern o Legacy of buggy code in.
Exploitation Development and Implementation PRESENTER: BRADLEY GREEN.
By: Chuqing He. Android Overview - Purchased by Google in First Android Phone was sold in Oct Linux-based - Holds 75% of the worldwide.
@Yuan Xue Worm Attack Yuan Xue Fall 2012.
Vulnerability / Cybersecurity Research Discussion Dwayne Melancon, CISA Chief Technology Officer and VP of Research & Development.
Protecting Memory What is there to protect in memory?
Udaya Shyama Pallathadka Ganapathi Bhat CSCE 548 Student Presentation
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
CIT 380: Securing Computer Systems
CSC 495/583 Topics of Software Security Stack Overflows (2)
Secure Software Development: Theory and Practice
CIT 480: Securing Computer Systems
James Walden Northern Kentucky University
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
Software Security Lesson Introduction
Understanding and Preventing Buffer Overflow Attacks in Unix
Outline Introduction Memory protection Buffer overflows
Presentation transcript:

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Software Security

CIT 380: Securing Computer SystemsSlide #2 Topics 1.Why Software? 2.Vulnerability Databases 3.Buffer Overflows 4.Integer Overflows 5.Attack Techniques 6.Metasploit

CIT 380: Securing Computer SystemsSlide #3 The Problem is Software “Malicious hackers don’t create security holes; they simply exploit them. Security holes and vulnerabilities – the real root cause of the problem – are the result of bad software design and implementation.” John Viega & Gary McGraw

CIT 380: Securing Computer SystemsSlide #4 Why is Software Security poor? 1.Security is seen as something that gets in the way of software functionality. 2.Security is difficult to assess and quantify. 3.Security is often not a primary skill or interest of software developers. 4.Time spent on security is time not spent on adding new and interesting functionality.

CIT 380: Securing Computer SystemsSlide #5 The Trinity of Trouble Complexity –Continually increasing. –Windows 3.1 (3mloc) to Windows XP (40mloc) Extensibility –Plugins. –Mobile code. Connectivity –Network access. –Wireless networking.

CIT 380: Securing Computer SystemsSlide #6 Software Complexity 5-50 bugs per/kloc 8 –5/kloc: rigorous quality assurance testing (QA) –50/kloc: typical feature testing SystemLines of Code MS Word 952 million MS Windows 3.13 million Boeing 7777 million Space Shuttle10 million Netscape17 million MS Windows XP40 million

CIT 380: Securing Computer SystemsSlide #7 Vulnerabilities Vulnerability: A defect in software that allows security policy to be violated. –Confidentiality –Integrity –Availability Exploit: A program that exercises a vulnerability.

CIT 380: Securing Computer SystemsSlide #8 Vulnerability Databases Collect vulnerability reports. –Vendors maintain databases with patches for their own software. –Security firms maintain databases of vulnerabilities that they’ve discovered. Well known vulnerability databases –CERT –CVE –NVD –OSVDB

CIT 380: Securing Computer SystemsSlide #9 Why Vulnerability Databases? Know about vulnerabilities to software that you have deployed so you can mitigate them. Learn about vulnerability trends. If a JPG library bug is discovered, does the same type of bug exist in GIF or PNG libraries? Learn about security problems to prevent when you’re programming.

CIT 380: Securing Computer SystemsSlide #10 CVE: Common Vulnerabilities and Exposures Problem: Different researchers and vendors call vulnerabilities by different names. Solution: CVE, a dictionary that provides –A common public name for each vulnerability. –A common standardized description. –Allows different tools / databases to interoperate.

CIT 380: Securing Computer SystemsSlide #11 CVE Name: CVE Status: Entry Description: Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure." References VULNWATCH: PNG Deflate Heap Corruption Vulnerability BUGTRAQ: PNG Deflate Heap Corruption Vulnerability EEYE:AD MS:MS XF:ie-png-bo(10662) BID:6216 OVAL:oval:org.mitre.oval:def:393

CIT 380: Securing Computer SystemsSlide #12 NVD: National Vulnerability DB Collects all publicly available government vulnerability resources. HTML and XML output at Uses CVE naming scheme. Links to industry and govt reports. Provides CVSS severity numbers. Links to OVAL repository.

CIT 380: Securing Computer SystemsSlide #13 Buffer Overflows A program accepts too much input and stores it in a fixed length buffer that’s too small. char A[8]; short B; AAAAAAAABB AAAAAAAABB overflows0 gets(A);

CIT 380: Securing Computer SystemsSlide #14 The Stack Stack is LIFO. Every function call allocates a stack frame. Return address is address where function was called from and will return to. Buffer 1 (Local Variable 1) Buffer 2 (Local Variable 2) Return Address Function Arguments Writes go up

CIT 380: Securing Computer SystemsSlide #15 Smashing the Stack Program accepts input into local variable 1. Attacker sends too much data for buffer, overwriting the return address. Attacker data contains machine code for shell. Return address overwritten with address of machine code. When function returns, attacker’s code is executed. Machine code exec(/bin/bash) Buffer 2 (Local Variable 2) Pointer to machine code. Function Arguments Writes go up

CIT 380: Securing Computer SystemsSlide #16 NOP Slide Attacker includes NOPs in front of executable code in case address isn’t precise. If pointer points at NOPs, execution will continue to machine code. IDS attempt to detect buffer overflows by looking for long strings of NOPs (x90). NOP Machine code exec(/bin/bash) Buffer 2 (Local Variable 2) Pointer to machine code. Function Arguments Writes go up

CIT 380: Securing Computer SystemsSlide #17 Integer Overflow An integer overflow is when integer operations produce a value that exceeds the computer’s maximum integer value, causing the value to “wrap around” to a negative value or zero.

CIT 380: Securing Computer SystemsSlide #18 32-bit Integer Quiz 1.What two non-zero integers x and y satisfy the equation x * y = 0? 2.What negative integer (-x) has no corresponding positive integer (x)? 3.List two integers x and y, such that x + y < 0.

CIT 380: Securing Computer SystemsSlide #19 Quiz Answers * = 0 or 256 * = 0 or any x * y = =

CIT 380: Securing Computer SystemsSlide #20 Are Integer Overflows Important? Broward County November 2004 election –Amendment 4 vote was reported as tied. –Software from ES&S Systems reported a large negative number of votes. –Discovery revealed that Amendment 4 had passed by a margin of over 60,000 votes.

CIT 380: Securing Computer SystemsSlide #21 Fuzz Testing Black-box input based testing technique. –Uses random data. –Easily automated. –If application crashes or hangs, it fails. Results of 1995 study 9. –15-43% of utilities from commerical UNIX systems failed. –9% of Linux utilities failed. –6% of GNU utilities failed. –50% of X-Windows utilities failed.

CIT 380: Securing Computer SystemsSlide #22 Metasploit Modular exploit system –Exploit collection: over 100 exploits. –Payloads: machine code to run –Command line and web interfaces. Payloads –Bind shell: opens shell backdoor on port. –Reverse shell: send shell back to attacker. –Windows VNC: remote desktop access. –Create user: add new administrative user.

Metasploit CIT 380: Securing Computer SystemsSlide #23

CIT 380: Securing Computer SystemsSlide #24 Using Metasploit 1.Select an exploit use exploit_name 2.Enter the target set RHOST ip_address_of_target 3.Select the payload set payload payload_name set LHOST ip_address_of_your_host 4.Run exploit

CIT 380: Securing Computer SystemsSlide #25 Advantages of Metasploit Ease of use –One interface to many exploits. Flexibility –Can choose whatever payload you need. Faster development time –Payloads already written. Reliability –Framework and payloads are well tested.

CIT 380: Securing Computer SystemsSlide #26 Uses of Metasploit Vulnerability verification –Scanners report possible vulnerabilities. –Metasploit will give you remote access. IDS/IPS testing –Test IDS/IPS with real exploit code. Penetration testing –Easy to develop custom exploits for pen testing. Convincing management –Remote access is more convincing than a report.

CIT 380: Securing Computer SystemsSlide #27 References 1.Matt Bishop, Introduction to Computer Security, Addison-Wesley, Simson Garfinkel, Gene Spafford, and Alan Schartz, Practical UNIX and Internet Security, 3 rd edition, O’Reilly & Associates, Mark Graff and Kenneth van Wyk, Secure Coding: Principles & Practices, O’Reilly, Greg Hoglund and Gary McGraw, Exploiting Software: How to Break Code, Addison-Wesley, Michael Howard, David LeBlanc, and John Viega, 19 Deadly Sins of Software Security, McGraw-Hill Osborne, Michael Howard, David LeBlanc, Writing Secure Code, 2 nd edition, Microsoft Press, Michael Howard and Steve Lipner, The Security Development Lifecycle, Microsoft Press, Gary McGraw, Software Security, Addison-Wesley, John Viega and Gary McGraw, Building Secure Software, Addison-Wesley, David Wheeler, Secure Programming for UNIX and Linux HOWTO, HOWTO/index.html, HOWTO/index.html

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.