Presentation is loading. Please wait.

Presentation is loading. Please wait.

15-213 Introduction to Computer Systems. Stacks and Buflab Recitation 3 Monday September 21th, 2009.

Published byTamsin Harrell Modified over 8 years ago

Similar presentations

Presentation on theme: "15-213 Introduction to Computer Systems. Stacks and Buflab Recitation 3 Monday September 21th, 2009."— Presentation transcript:

1 15-213 Introduction to Computer Systems

2 Stacks and Buflab Recitation 3 Monday September 21th, 2009

3 Today Schedule DataLab and Bomblab Questions Buflab and Stacks Buffer Overflow Example Exam Review

4 Schedule Today: Datalab handed back Tomorrow: Exam Review. Bring specific questions. Tomorrow, 11:59 PM: Bomblab due and Buflab available. Thursday: Exam Tuesday, Oct. 6: Buflab due

5 Questions about Datalab or Bomblab?

6 Buflab

7 Apply a series of five stack buffer overflow attacks on an executable file in order to modify the stack and change program behavior. Disclaimer: The purpose of this lab is to help you learn about the runtime operations of programs and understand the nature of this form of security weakness so that you can avoid it in your code. There are criminal statutes against using any form of attack to gain unauthorized access to any system resources. Commercial code is (usually) much more secure than the code in the lab.

8 Buflab No penalty for wrong answers. You will need to know how the stack is set up and how it operates. Review the lecture slides and the textbook. Use GDB and objdump -d

9

10 Examples of Buffer Overflow Attacks The Morris Worm: Launched Nov. 2, 1988.  Exploited vulnerabilities in Unix.  Intended to merely gauge the size of the Internet, but caused infected computers to become unstable.  Infected approximately 10% of the 60,000 computers connected to the Internet, causing at least $10M in damage.  Prompted DARPA to fund the creation of the CERT Coordination Center at CMU.  Robert Morris, who created the worm, was sentenced to three years probation, 400 hours community service, and a $10,000 fine. (Source: http://en.wikipedia.org/wiki/Morris_worm)

11 Examples of Buffer Overflow Attacks The SQL Slammer Worm: Launched Jan. 25, 2003  Exploited a bug in Microsoft's SQL Server and Desktop Engine database products.  90% of vulnerable machines were infected within ten minutes.  Caused significant slowdowns globally, and even caused Internet services in all of South Korea to shut down for hours. (Source: http://en.wikipedia.org/wiki/SQL_Slammer)

12 A very simple example of a Stack Buffer Overflow Attack: buf.c

13 Exam on Thursday Open book and open note, but you won't have time to look up every answer. Study past exams and know how to answer the questions, but remember that this exam may differ from past exams. Exam Review tomorrow: Question and Answer, so bring SPECIFIC questions. Any questions now?

14 Recap Schedule DataLab and Bomblab Questions Buflab and Stacks Buffer Overflow Example Exam Review

Download ppt "15-213 Introduction to Computer Systems. Stacks and Buflab Recitation 3 Monday September 21th, 2009."

Similar presentations

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.

Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.
Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.

Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.
Lecture 13 Malicious Software modified from slides of Lawrie Brown.

Lecture 13 Malicious Software modified from slides of Lawrie Brown.
RECITATION - 09/20/2010 BY SSESHADR Buflab. Agenda Reminders  Bomblab should be finished up  Exam 1 is on Tuesday 09/28/2010 Stack Discipline Buflab.

RECITATION - 09/20/2010 BY SSESHADR Buflab. Agenda Reminders  Bomblab should be finished up  Exam 1 is on Tuesday 09/28/2010 Stack Discipline Buflab.
Lecture 1 Intro Databases and Information Systems DT210 S McKeever 1.

Lecture 1 Intro Databases and Information Systems DT210 S McKeever 1.
IT 240 Intro to Desktop Databases Introduction. About this course Design a database: Entity Relation (ER) modeling and normalization techniques Create.

IT 240 Intro to Desktop Databases Introduction. About this course Design a database: Entity Relation (ER) modeling and normalization techniques Create.
Welcome to EECS 354 Network Penetration and Security.

Welcome to EECS 354 Network Penetration and Security.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Computer Networks. Why Computer Networks Consider computers in ancient times, say the 1970s –To communicate, two computers separated by a distance had.

Computer Networks. Why Computer Networks Consider computers in ancient times, say the 1970s –To communicate, two computers separated by a distance had.
Welcome to CS 450 Internet Security: A Measurement-based Approach.

Welcome to CS 450 Internet Security: A Measurement-based Approach.
CSE331: Introduction to Networks and Security Lecture 31 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 31 Fall 2002.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
CS252: Systems Programming Ninghui Li Final Exam Review.

CS252: Systems Programming Ninghui Li Final Exam Review.
Date: 11/21/13 Thursday - Day 1 UNIT 3 “The Dynamic Earth” Go over Unit 3 Exam File Labs HOMEWORK: UNIT 4 SQs HW p. 3 due tomorrow!

Date: 11/21/13 Thursday - Day 1 UNIT 3 “The Dynamic Earth” Go over Unit 3 Exam File Labs HOMEWORK: UNIT 4 SQs HW p. 3 due tomorrow!
Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
EECS 354 Network Security Introduction. Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how.

EECS 354 Network Security Introduction. Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how.
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2015.

CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2015.
Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.

Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.

Similar presentations

Ads by Google