Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.

Published byAngelina Cannon Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do."— Presentation transcript:

1 Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do we study it? Difficult to say how a program will behave on a given system by simply looking at a program and the programmers intentions. Need formal methods for reasoning about the behaviour of systems.

2 C I A Confidentiality Ability to hide data. (e.g. Encryption) Most obvious security idea → Attacked most often. Integrity Ability to ensure that the data is accurate. (e.g. Quantum cryptography) Availability Data is accessible to authorised viewers at all times. If its too inconvenient to use, it wont be! A widely used idea in Security Analysis. (Note : The ideas of security analysis go beyond encryption. )

3 Types of Security Attacks. Software Exploits. Careless programming / obscure interactions. Buffer overflows (Alex will be talking about these). Insecure communications (e.g. FTP, American Satellite). Timing Attacks. Slow systems. Password checking SMART Cards Denial of Service Attacks. Aim is to crash target program / system. Aimed at a particular piece of software Repeated requests → Resource starvation.

4 What are the solutions? Better Programming. Helps us to counter timing attacks. Test the systems. Formally using logics. π-Calculus, λ-Calculus. Brute force. There isn’t always a solution / problems can take time to appear. Needham-Schroeder was in use for 18 years

5 Buffer Overflow.c (1) #include /* global variables */ int count, address; int * ptr;

6 Buffer Overflow.c (1) #include /* global variables */ int count, address; int * ptr; void funct(void) { printf("This function is never called...\n"); }

7 Buffer Overflow.c (2) void fill_buffer() { int buffer[10]; ptr = buffer; }

8 Buffer Overflow.c (2) void fill_buffer() { int buffer[10]; ptr = buffer; for(count = 0; count < 12; count++) { *ptr = address; ptr++; }

9 Buffer Overflow.c (3) int main(void) { address = (int) &funct; fill_buffer(); return 0; }

10 Buffer Overflow.c (3) int main(void) { address = (int) &funct; fill_buffer(); return 0; } Output: This function is never called... Segmentation Fault

11 Stack organisation During a function call ??

12 Stack organisation During a function call ?? 000 FFF Stack grows down- wards

13 Stack organisation During a function call ?? Return address 000 FFF Stack grows down- wards

14 Stack organisation During a function call ?? Return address ?? 000 FFF Stack grows down- wards

15 Stack organisation During a function call ?? Return address ?? buffer[10] 000 FFF Stack grows down- wards

16 Stack organisation During a function call ?? Return address ?? buffer[10] ?? 000 FFF Stack grows down- wards

17 Stack organisation During a function call ?? Return address ?? buffer[10] ?? 000 FFF Stack grows down- wards ptr count = 0

18 Stack organisation During a function call ?? Return address ?? buffer[10] ?? 000 FFF Stack grows down- wards Pointer (ptr) copies upwards ptr count = 0

19 Stack organisation During a function call ?? Return address ?? buffer[10] ?? 000 FFF Stack grows down- wards Pointer (ptr) copies upwards ptr count = 1

20 Stack organisation During a function call ?? Return address ?? buffer[10] ?? 000 FFF Stack grows down- wards Pointer (ptr) copies upwards ptr count = 2

21 Stack organisation During a function call ?? Return address ?? buffer[10] ?? 000 FFF Stack grows down- wards Pointer (ptr) copies upwards ptr count = 3

22 Stack organisation During a function call ?? Return address ?? buffer[10] ?? 000 FFF Stack grows down- wards Pointer (ptr) copies upwards ptr count = 4

23 Stack organisation During a function call ?? Return address ?? buffer[10] ?? 000 FFF Stack grows down- wards Pointer (ptr) copies upwards ptr count = 5

24 Stack organisation During a function call ?? Return address ?? buffer[10] ?? 000 FFF Stack grows down- wards Pointer (ptr) copies upwards ptr count = 6

25 Stack organisation During a function call ?? Return address ?? buffer[10] ?? 000 FFF Stack grows down- wards Pointer (ptr) copies upwards ptr count = 7

26 Stack organisation During a function call ?? Return address ?? buffer[10] ?? 000 FFF Stack grows down- wards Pointer (ptr) copies upwards ptr count = 8

27 Stack organisation During a function call ?? Return address ?? buffer[10] ?? 000 FFF Stack grows down- wards Pointer (ptr) copies upwards ptr count = 9

28 Stack organisation During a function call ?? Return address ?? buffer[10] ?? 000 FFF Stack grows down- wards Pointer (ptr) copies upwards ptr count = 10

29 Stack organisation During a function call ?? Return address ?? buffer[10] ?? 000 FFF Stack grows down- wards Pointer (ptr) copies upwards ptr count = 11

30 Stack organisation During a function call ?? Return address ?? buffer[10] ?? 000 FFF Stack grows down- wards Pointer (ptr) copies upwards ptr count = 12

31 Stack organisation During a function call ?? Return address ?? buffer[10] 000 FFF Stack grows down- wards Pointer (ptr) copies upwards ptr count = 12

32 Stack organisation During a function call ?? Return address ?? 000 FFF Stack grows down- wards Pointer (ptr) copies upwards ptr count = 12

33 Stack organisation During a function call ?? Return address 000 FFF Stack grows down- wards Pointer (ptr) copies upwards ptr count = 12

34 Stack organisation During a function call ?? Return address 000 FFF Pointer (ptr) copies upwards ptr return;

35 Stack organisation During a function call ?? Return address 000 FFF Pointer (ptr) copies upwards ptr return;

36 Stack organisation During a function call ?? Return address 000 FFF Pointer (ptr) copies upwards ptr return;

37 Stack organisation During a function call ?? Return address 000 FFF Pointer (ptr) copies upwards ptr return; 0x8048410

38 Stack organisation During a function call ?? Return address return; 0x8048410

39 Stack organisation During a function call return; 0x8048410

40 Stack organisation During a function call return; 0x8048410

41 Stack organisation During a function call return; 0x8048410

42 Stack organisation During a function call return; 0x8048410

43 Stack organisation During a function call return; 0x8048410 void funct(void) { printf("This function is never called...\n"); }

44 Real Buffer Overflow Attacks You can’t write the functions yourself! strcpy() provides a similar opportunity Provide an unsuitably long input string Learn the stack organisation Write malicious code into the buffer itself Point the return address at your code Program executes code, then crashes

45 Solutions? Various approaches exist Security Analysis relatively successful One successful technique uses “canaries” But we’re not going to explain them here See the project report for more information Also, links available (now) on the website

46 The End Please ask lots of questions now... Not about canaries though…

47 A Badly Written Password Checker PassChecker(str given, str password){ If (length(given) != length(password)){ return 0; } for (i = 0; i < length(password); i++){ if{given[i] != password[i]){ return 0; } return 1; }

Download ppt "Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do."

Similar presentations

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Vulnerabilities in Embedded Harvard Architecture Processors Presented By: Michael J. Hohnka Cyber Vulnerabilities Lead Cyber Innovation Division Communications,

Vulnerabilities in Embedded Harvard Architecture Processors Presented By: Michael J. Hohnka Cyber Vulnerabilities Lead Cyber Innovation Division Communications,
CSE331: Introduction to Networks and Security Lecture 30 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 30 Fall 2002.
Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.

Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson

CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Prototyping of Real-time Component Based Systems by the use of Timed Automata Trevor Jones Lancaster University, UK

Prototyping of Real-time Component Based Systems by the use of Timed Automata Trevor Jones Lancaster University, UK
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
1 Loops. 2 Often we want to execute a block of code multiple times. Something is always different each time through the block. Typically a variable is.

1 Loops. 2 Often we want to execute a block of code multiple times. Something is always different each time through the block. Typically a variable is.
Informática II Prof. Dr. Gustavo Patiño MJ 16- 18 24-09-2013.

Informática II Prof. Dr. Gustavo Patiño MJ
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Stack buffer overflow http://en.wikipedia.org/wiki/Stack_buffer_overflow.

Stack buffer overflow
12/2/05CS591-F2005, UCCS Frank Gearhart 1 Why doesn’t “gets()” get it? Or more formally: An investigation into the use of the buffer overflow vulnerability.

12/2/05CS591-F2005, UCCS Frank Gearhart 1 Why doesn’t “gets()” get it? Or more formally: An investigation into the use of the buffer overflow vulnerability.
Computer Security Buffer Overflow lab Eu-Jin Goh.

Computer Security Buffer Overflow lab Eu-Jin Goh.
Even More C Programming Pointers. Names and Addresses every variable has a location in memory. This memory location is uniquely determined by a memory.

Even More C Programming Pointers. Names and Addresses every variable has a location in memory. This memory location is uniquely determined by a memory.
1 Pointers, Dynamic Data, and Reference Types Review on Pointers Reference Variables Dynamic Memory Allocation –The new operator –The delete operator –Dynamic.

1 Pointers, Dynamic Data, and Reference Types Review on Pointers Reference Variables Dynamic Memory Allocation –The new operator –The delete operator –Dynamic.
1 Procedural Concept The main program coordinates calls to procedures and hands over appropriate data as parameters.

1 Procedural Concept The main program coordinates calls to procedures and hands over appropriate data as parameters.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Similar presentations

Ads by Google