Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lec. Waleed Bin Shahid.  You might have noticed a lot of issues related to software implementation.  The ultimate requirement of developer(s) is to.

Published byMarilyn Houston Modified over 8 years ago

Similar presentations

Presentation on theme: "Lec. Waleed Bin Shahid.  You might have noticed a lot of issues related to software implementation.  The ultimate requirement of developer(s) is to."— Presentation transcript:

1 Lec. Waleed Bin Shahid

2  You might have noticed a lot of issues related to software implementation.  The ultimate requirement of developer(s) is to achieve ◦ A perfect design ◦ Perfect algorithm ◦ Secure coding ◦ Flawless behavior ◦ No runtime errors  Even then there are a lot of implementation vulnerabilities which make a software/program susceptible to attack(s) by hackers.

3  What’s your concept/current knowledge about a buffer?  A buffer is a place which stores data temporarily.  There are a lot of ways data can be stored in a computer. Every storage location is not a buffer. char not_a_buf[8] = “PAKISTAN” YES NO

4  You might have written a variety of programs (suppose in C/C++). These programs include a lot of data, variables, pointers, functions, function calls, function arguments, return calls etc.  What happens when you open a.txt file in a C/C++ program using object of the fstream class. ◦ Myfile.open(“test.txt”); And don’t close the file accordingly? Myfile.close();  Now you restart your machine, Issue resolved?

5  It is a special region of your computer’s memory that stores temporary variables created by each function (including the main() function of a C++ program).  This FILO data structure is managed and optimized by the CPU quite closely.  Every time a function declares a new variable, it is pushed onto the stack. Then every time a function exits, all variables pushed onto the stack by that function, are freed.  Once a stack variable is freed, that region becomes available for other stack variables.

6  An important point to understanding stack is that when a function exits, all of its variables are popped off of the stack and hence lost forever  This means that stack variables are local in nature which is related to a concept of variable scope (e.g. local vs. global)  For instance a common issue in C++ programming is attempting to access a variable that was created on the stack inside some function, from a place in your program outside the scope of that function (e.g. after the function has exited).

7  Stack grows and shrinks as functions push and pop local variables.  There is no need to manage the memory yourself, variables are allocated and freed automatically  Stack variables only exist while the function that created them, is running

8  This is a region of your computer’s memory that is not managed automatically for you and is not tightly managed by the CPU.  Heap comes into use when for example you want to dynamically allocate some memory in a C++ program. You reserve memory in the heap and it is you who frees the heap memory after it has been used  Heap memory is slower to be read from and written to than stack, because one has to use pointers to access heap memory.

9 StackHeap  Very fast access  Don’t have to explicitly de- allocate variables  Space is managed efficiently by CPU  Memory will not become fragmented  Slower access  No guaranteed efficient use of space  Memory may become fragmented over time as blocks of memory are allocated, then freed  You must manage memory, you’re in charge of allocation and freeing

10

11 top of memory Bottom of stack Bottom of memory Top of stack ret c c b b a a Buff_1 Buff_2

12  We must remember that memory can only be addressed in multiples of word size. A word is 4 bytes (32 bits).  So our 5 byte buffer is going to take 8 bytes (2 words) of memory.  The 10 byte buffer is going to take 12 bytes (3 words) of memory  So overflow/crash will occur only when the word limit exceeds  Demo (Code-2)

13  Segmentation fault or access violation is a fault raised by hardware with memory protection, notifying an operating system (OS) about a memory access violation.  Segmentation faults have various causes, and are a common problem in programs written in the C programming language, where they arise primarily due to errors in use of pointers and lack of bound checking.

14  Absence of automatic bounds checking for arrays and pointer access is a major weakness in programming that leads to buffer overflow attacks  A buffer overflow bug is one where the programmer fails to perform adequate bounds check, thus triggering an out-of- bounds memory access that writes beyond the bounds of some memory region  Attackers can use these out-of-bounds memory accesses to corrupt the program’s intended behavior

15  Programming languages such as C have vulnerabilities in them.  For instance, the following most widely used built-in C functions are vulnerable ◦ strcat()//Concatenates two strings ◦ strcpy()//copies into a string ◦ sprintf()//Composes a string with the same test as if with printf ◦ gets() ◦ scanf() ◦ vsprintf() ◦ bcopy()

16 void vulnerable() { char buff [5]; strcpy(buff, “ILovePakistanVery Much”); }  In this example, gets() reads as many bytes of input as are available on standard input, and stores them into buff[]  If the input contains more than 8 bytes of data, then gets() will write past the end of buff, overwriting some other part of memory.  This is a bug. This bug typically causes the program to crash  What might be less obvious is that the consequences can be far worse than that.

17  Imagine, elsewhere in the code, there is a login routine that sets the authenticate flag only if the user proves knowledge of the password.  Unfortunately when the buffer overflows, as in the previous example, it sets a value to the authenticate flag to true (or whatever) and the attacker will gain access to the system.  Demo (Code-3)

18  printf is a function in C used to print data and values of variables on to the console in a formatted way.

19  Use safer languages (Java etc.)  Use of safe libraries  Buffer Overflow protection  Pointer Protection  Executable space protection  ASLR  Check code for bounds checking

20  The choice of programming language can have a profound effect on the occurrence of buffer overflows.  A vast body of software having been written in these languages. C and C++ provide no built-in protection against accessing or overwriting data in any part of memory  More specifically, they do not check that data written to a buffer is within the boundaries of that buffer  The Java and.NET Framework environments also require bounds checking on all arrays  Software engineers must carefully consider the tradeoffs of safety versus performance costs when deciding which language and compiler setting to use

21  It has also long been recommended to avoid standard library functions which are not bounds checked, such as gets, scanf and strcpy, strcat etc.  Functions like strncpy and strncat provide bounds checking

22  Buffer overflow protection is used to detect the most common buffer overflows by checking that the stack has not been altered when a function returns  If it has been altered, the program exits with a segmentation fault.  Stronger stack protection is possible by splitting the stack in two: one for data and one for function returns. This split is present in the Forth language.  Regardless, this is not a complete solution to buffer overflows, as sensitive data other than the return address may still be overwritten

23  Buffer overflows work by manipulating pointers (including stored addresses).  PointGuard was proposed as a compiler-extension to prevent attackers from being able to reliably manipulate pointers and addresses  The approach works by having the compiler add code to automatically XOR-encode pointers before and after they are used  Because the attacker (theoretically) does not know what value will be used to encode/decode the pointer, he cannot predict what it will point to if he overwrites it with a new value

24  Executable space protection is an approach to buffer overflow protection which prevents execution of code on the stack or the heap  An attacker may use buffer overflows to insert arbitrary code into the memory of a program, but with executable space protection, any attempt to execute that code will cause an exception  Newer variants of Microsoft Windows also support executable space protection, called Data Execution Prevention

25  EMET is designed to make it more difficult for an attacker to exploit vulnerabilities of a software and gain access to the system  It supports mitigation techniques that prevent common attack techniques. Primarily related to stack overflows and the techniques used by malware to interact with the OS as it attempts the compromise  It improves resiliency of Windows to the exploitation of buffer overflows  It marks portions of a process’s memory non-executable, making it difficult to exploit memory corruption vulnerabilities

26  Address space layout randomization (ASLR) is a computer security technique involved in protection from buffer overflow attacks  In order to prevent an attacker from reliably jumping to a particular exploited function in memory (for example), ASLR involves randomly arranging the positions of key data areas of a program, including the base of the executable and the positions of the stack, heap, and libraries, in a process's address space.  So, the question arises that when variables of a program are stored in stack, why the addresses are always the same? The answer is that it’s only true when ASLR is not enabled (true for old programs). Before ASLR, the OS would try to load programs at the same address. It was quicker to load the program and allows some optimisation.  ASLR was a major security feature in Windows 7. Then why the problem remains the same? The answer is that ASLR is implemented in Win7, but not enabled for all programs. Only programs that are compiled with ASLR enabled flag. Old compilers didn't know about ASLR (it wasn't implemented until after XP), so that flag isn't set in old programs.

27

Download ppt "Lec. Waleed Bin Shahid.  You might have noticed a lot of issues related to software implementation.  The ultimate requirement of developer(s) is to."

Similar presentations

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Introduction to Memory Management. 2 General Structure of Run-Time Memory.

Introduction to Memory Management. 2 General Structure of Run-Time Memory.
Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.

Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson

CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Prof. Necula CS 164 Lecture 141 Run-time Environments Lecture 8.

Prof. Necula CS 164 Lecture 141 Run-time Environments Lecture 8.
User-Level Memory Management in Linux Programming

User-Level Memory Management in Linux Programming
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
Chapter 15 : Attacking Compiled Applications Alexis Kirat - International Student.

Chapter 15 : Attacking Compiled Applications Alexis Kirat - International Student.
Software and Security Buffer Overflow 1.

Software and Security Buffer Overflow 1.
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
1 1 Lecture 4 Structure – Array, Records and Alignment Memory- How to allocate memory to speed up operation Structure – Array, Records and Alignment Memory-

1 1 Lecture 4 Structure – Array, Records and Alignment Memory- How to allocate memory to speed up operation Structure – Array, Records and Alignment Memory-
CS 536 Spring 20011 Run-time organization Lecture 19.

CS 536 Spring Run-time organization Lecture 19.
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
Run time vs. Compile time

Run time vs. Compile time
1 Run time vs. Compile time The compiler must generate code to handle issues that arise at run time Representation of various data types Procedure linkage.

1 Run time vs. Compile time The compiler must generate code to handle issues that arise at run time Representation of various data types Procedure linkage.

Similar presentations

Ads by Google