Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.

Slides:



Advertisements
Similar presentations
ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.
Advertisements

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Part III Counter measures The best defense is proper bounds checking but there are many C/C++ programmers and some are bound to forget  Are there any.
DIEHARDER: SECURING THE HEAP. Previously in DieHard…  Increase Reliability by random positioning of data  Replicated Execution detects invalid memory.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
CS 153 Design of Operating Systems Spring 2015 Lecture 19: Page Replacement and Memory War.
Software and Security Buffer Overflow 1.
Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Maziéres, Dan Boneh
1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.
Norman SecureSurf Protect your users when surfing the Internet.
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
A survey of Buffer overflow exploitation on HTC touch mobile phone Advanced Defense Lab CSIE NCU Chih-Wen Ou.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Lecture 0 Appendix on Implementation Threats Material from Warren Page & Chpt 11, Information Security by Mark Stamp.
Computer Security and Penetration Testing
BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES By: Eric Chien and Peter Szor Presented by: Jesus Morales.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and.
OSI and TCP/IP Models And Some Vulnerabilities AfNOG th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
Administrative: Objective: –Tutorial on Risks –Phoenix recovery Outline for today.
Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,
Mitigation of Buffer Overflow Attacks
1 Application Security: Electronic Commerce and Chapter 9 Copyright 2003 Prentice-Hall.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
Exploitation possibilities of memory related vulnerabilities
Network Programming and Network Security Lane Thames Graduate Research Assistant.
Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.
CNIT 127: Exploit Development Ch 8: Windows Overflows Part 2.
Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code Jeff Seibert, Hamed Okhravi, and Eric Söderström Presented.
Lecture 13 Page 1 CS 236 Online Major Problem Areas for Secure Programming Certain areas of programming have proven to be particularly prone to problems.
Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.
Buffer overflow and stack smashing attacks Principles of application software security.
On the Effectiveness of Address-Space Randomization Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, Dan Boneh.
Dilip Dwarakanath.  The topic I’m about to present was taken from a paper titled “Apple iOS 4 Security Evaluation” written by Dino A Dai Zovi.  Dino.
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.
CNIT 127: Exploit Development Ch 8: Windows Overflows Part 1.
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
Beyond Stack Smashing: Recent Advances In Exploiting Buffer Overruns Jonathan Pincus and Brandon Baker Microsoft Researchers IEEE Security and.
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Crispin Cowan SANS 2000.
Week-14 (Lecture-1) Malicious software and antivirus: 1. Malware A user can be tricked or forced into downloading malware comes in many forms, Ex. viruses,
@Yuan Xue Worm Attack Yuan Xue Fall 2012.
Secure Programming Dr. X
Mitigation against Buffer Overflow Attacks
Remix: On-demand Live Randomization
Sabrina Wilkes-Morris CSCE 548 Student Presentation
Protecting Memory What is there to protect in memory?
CSC 495/583 Topics of Software Security Stack Overflows
Protecting Memory What is there to protect in memory?
Secure Programming Dr. X
Protecting Memory What is there to protect in memory?
CSC 495/583 Topics of Software Security Stack Overflows (2)
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
/GS Switch in Visual Studio
Software Security Lesson Introduction
Format String.
CSC 495/583 Topics of Software Security StackGuard & Format String Bug
Security.
Operating System Concepts
Understanding and Preventing Buffer Overflow Attacks in Unix
Format String Vulnerability
Presentation transcript:

Group 9

Exploiting Software

The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the software running on the users computer to do something that was not intended by the developer. A Drive-by-Download is a great example to understand Exploiting Software

What is a Drive-by-Download? A common attack that is designed and implemented to infect a users browser. Starts with a cybercriminal placing malicious content on a web server. Subsequently when a user visits the website, of the infected web server, their browser becomes immediately infected. Usually happens one of two ways: The cybercriminal runs the entire server and lures people in by lucrative ads that give false promises such as a free iPhone. The cybercriminal takes over a legitimate website and infects all users that visit the site.

Buffer Overflow Attacks

History of Buffer Overflow Attacks Known as one of the most important exploitation techniques in the history of computer security. It was used by Robert Morris Jr. in 1988 to write the very first Internet worm Buffer Overflow Attacks are still broadly used today, in fact many researchers such as Van der Veen believe that they will be in use for many more years to come.

What is a Buffer Overflow? A Buffer Overflow occurs when a program is writing some data to the buffer and then overwrites the buffers boundary. This causes the data to be overwritten onto adjacent memory locations. In most cases the program is intended to be completely harmless, but has root and/or administrator privileges. This allows any cybercriminal, that is planning an exploitation, the same privileges when exploiting the software of the program.

What happens if there is a Buffer Overflow? When a Buffer Overflow happens it can be extremely detrimental to the computer and its security. Examples of this include: Corrupting Data Crashing the Program Allowing the Execution of Malicious Code

Visual Representation of a Buffer Overflow ‘(a)’ denotes the situation in which the main program is running ‘(b)’ shows the Virtual address space after the Procedure has been called ‘(c)’ shows us the Buffer Overflow

What happens in a Buffer Overflow Attack? The cybercriminal in a Buffer Overflow Attack is able to overwrite function pointer and return addresses This allows the attacker to inject code and have it executed within your program This is the major exploitation of a Buffer Overflow

How to combat Buffer Overflow Attacks There are three major Protection Mechanism that were designed to combat and prevent Buffer Overflow Attacks: Stack Canaries Data Execution Prevention Address Space Layout Randomization

Protection Mechanisms

Stack Canaries Canaries are used an early warning system to notify the user when something is out of the ordinary. Based on the use of Canaries in mines to detect carbon monoxide. 1. Stack Canaries work by using the compiler to insert code to save a random canary value to the stack any place where the program makes a function call. 2. When there is a return from the function call the compiler once again inserts code to check the canary value. 3. If the value changes then we know something is wrong and the program proceeds to crash

Flaws in the Stack Canary Protection Mechanism Cybercriminals can overwrite an existing exception handler structure in the stack and then point it to the attackers code. This obviously allows the execution of the attackers code.

Data Execution Protection The major issue with Buffer Overflow attacks is that a cybercriminal can inject code in your exploited program and have it executed. Data Execution Prevention works to limit this problem by preventing the bytes provided by the attacker to be executed. This is done by ensuring that data segments are writable, but not executable and similarly that text segments are executable, but not writable. This is known as “W XOR X” which signifies that memory is either executable or writeable, but not both.

Address Space Layout Randomization Another major cause of Buffer Overflow Attacks is that the addresses are fixed allowing for easy exploitation. Address Space Layout randomization works by aiming to randomize the addresses of the called functions and data every time the program is run. This in theory makes it much harder for the cybercriminal to attack the system.

Flaws in Address-Space Layout Randomization ASLR is randomized, but not randomized enough. Often times ASLR implementations will still have code in fixed locations. “If you know one function, you know them all”, if an attacker knows just one code address, more likely than not it will be easy to find other code addresses.

Protection Mechanisms Summary It is important to note that all of the Protection Mechanisms we discussed have flaws and will not always protect against Buffer Overflow Attacks. Researcher Van der Veen believes that Buffer Overflow Attacks ultimately cannot be avoided and more than likely will remain with us for the rest of time.