Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sabrina Wilkes-Morris CSCE 548 Student Presentation

Similar presentations


Presentation on theme: "Sabrina Wilkes-Morris CSCE 548 Student Presentation"— Presentation transcript:

1 Sabrina Wilkes-Morris CSCE 548 Student Presentation
BUFFER OVERFLOW Sabrina Wilkes-Morris CSCE 548 Student Presentation

2 Technical Overview What is a Buffer Overflow
Technical Overview What is a Buffer Overflow? A buffer overflow occurs when data written to a buffer also corrupts data values in memory address adjacent to the destination buffer due to insufficient bounds checking. (1)

3 Well known Buffer Overflow Exploits
The Morris Worm Code Red Code Red II Remote Buffer overflow in sendmail SQL Slammer Nachi-A worm

4 The Morris Worm One of the first buffer overflow attacks which attracted widespread attention due to its spectacular success was Robert Morris's Internet Worm (2). Released in 1988 Exploited the buffer overflow Worm Infected thousands

5 Buffer Overflow Attack
1. Install the attack code 2. Copy the data into the buffer 3. The buffer overflows 4. Attack execution

6 Example (3) #include <stdio.h> Void DontDoThis(char* input) {
char buf [16]; printf(“%s\n”, buf); } Int main(int argc, char* argv[]) // So we’re not checking arguments //What do you expect from an app that uses strcpy? DontDoThis(argv[1]); Return 0;

7 Sample Buffer Overflow Attack (4)

8 Sample Buffer Overflow Attack (5)

9 Buffer Overflow Effects
Software or system crash Attacker gains access Worm installed

10 Prevention Techniques
Programming Language Use of safe libraries Disabling Stack Execution Compiler Techniques Loop Arrays Analysis Tools

11 Detection Methods - Analysis Tools
App Verifier Coverity Fortify Klocwork ProPolice No eXecute (NX)

12 Conclusion Buffer overflows will probably never be completely eradicated. Programmers and developers will have to continue to maximize their defenses. Most compiler and operating system defenses are still not enough to combat buffer overflows. Tools such as Coverity, Fortify and Klocwork can be run to analyze security defects in C/C++ code. Additional measures such as stack protection and nonexecutable stack and heap can improve the defense against Buffer overflows.

13 References 1. https://en.wikipedia.org/wiki/Buffer_overflow buffer.
2. Wilander, John, and Mariam Kamkar. "A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention." NDSS. Vol Howard, Michael, David LeBlanc, and John Viega. 24 deadly sins of software security: programming flaws and how to fix them. McGraw-Hill, Inc., 2009. 4 5.

14 Questions?


Download ppt "Sabrina Wilkes-Morris CSCE 548 Student Presentation"

Similar presentations


Ads by Google