Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security and Penetration Testing

Published byOctavia Ray Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Security and Penetration Testing"ā€” Presentation transcript:

1 Computer Security and Penetration Testing
Chapter 12 Buffer Overflows

2 Objectives Describe buffer overflow List types of buffer overflows
Identify techniques used to cause a buffer overflow Comprehend techniques used to detect buffer overflow conditions Understand methods used in preventing buffer overflows Computer Security and Penetration Testing

3 Buffer Overflows Buffer overflow
Condition common to structured programming languages such as the ā€œCā€ language Happens when input applied to a variable is larger than the memory allotted to that variable When an attacker sends input in excess of the expected range of the value The target system will either crash or execute the malicious code sent by the attacker Computer Security and Penetration Testing

4 Standard Execution of a C program
main function Entry point to the detailed code in the application Responsible for calling other functions Each of which executes a particular task, and may call other functions in turn Functions use variables to store values that may be stored temporarily or permanently Once a function has completed, the program control returns to the calling or invoking function Computer Security and Penetration Testing

5 Standard Execution of a C program (continued)
Buffer overflow bug targets the variables that are used by functions to store values Variables are assigned a fixed memory space to store the data Buffer overflow has a goal of overloading the memory space provided to the variable Extra characters are stored in a memory space that is not assigned to the variable Computer Security and Penetration Testing

6 Computer Security and Penetration Testing

7 Standard Execution of a C program (continued)
Function with an overloaded variable is not able to determine the function that called it Could result in the crashing of the program Hackers are able to manipulate the value provided to the variable So it is stored in a specific memory space to execute some predetermined malicious code Buffer overflows are not always intentional attacks Computer Security and Penetration Testing

8 Standard Execution of a C program (continued)
Avoiding buffer overflows Check to see that no value greater than the memory assigned to the variable is specified for it Define the sequence of steps that the program has to follow in case of a buffer overflow Executable space protection On some specific operating systems, the kernel can be patched in such a way that running processes are not affected by buffer overflow conditions Computer Security and Penetration Testing

9 Types of Buffer Overflows
Buffer overflows can be divided into two categories: stack overflow and heap overflow Computer Security and Penetration Testing

10 Stack Overflow Programs use a memory stack area to store values for variables Stack is intended to ensure that there is sufficient memory space for all functions to operate Occasionally the stack is insufficient to complete the functions and an error is generated Stack stores details regarding the function that called the currently executing function Information can be lost after the stack is corrupted Computer Security and Penetration Testing

11 Stack Overflow (continued)
Hackers write the code for a buffer overflow in such a manner that The code to which a functionā€™s pointers are indicating is code of the hackerā€™s choosing Process of an exploit Hacker searches for a chance to overflow the buffer Hacker determines memory assigned to the variable Hacker specifies a value greater than the maximum capacity of the variable Variable takes the value Computer Security and Penetration Testing

12 Stack Overflow (continued)
Hacker checks for some specific functions to ascertain the possibility of a buffer overflow strcpy scanf fgets wstrcpy wstrncat sprintf gets strcat Computer Security and Penetration Testing

13 Heap Overflows A heap is similar to a stack
Provides memory to the application various functions Provides a permanent memory space Data stored in a heap can be used throughout various functions and commands A heap is randomly accessed because it stores values statically Size of a heap usually grows as new variablesā€™ values are introduced Computer Security and Penetration Testing

14 Heap Overflows (continued)
Computer Security and Penetration Testing

15 Computer Security and Penetration Testing

16 Heap Overflows (continued)
Heap overflow is known as the corruption of the instruction pointer Instruction pointer points to the memory area where the function to be executed is stored Computer Security and Penetration Testing

17 More Methods for Causing a Buffer Overflow
Traditional methods include Providing input values that are greater than the memory allocated for a variable This section details two other methods: Character-set decoding Nybble-to-byte compression Computer Security and Penetration Testing

18 Character-Set Decoding
Uses the characters that are read differently by the computer and acquire larger space Additional bytes of data may cause the input value to exceed the memory limitation of the variable Applicable to situations in which the user specifies a value from an HTML page Becomes a weakness whenever a back-end script reads the code And, after expanding the value, results in a buffer overflow Computer Security and Penetration Testing

19 Character-Set Decoding (continued)
Computer Security and Penetration Testing

20 Computer Security and Penetration Testing

21 Character-Set Decoding (continued)
Size of the stack is computer-dependent Buffer overflow may not happen until a value that exceeds the stack size is specified Buffer overflow may occur when verification for the length of the input value is made at the client-side And the back-end script accepts it without performing checks Double validation Indicates to potential hackers that buffer overflow exploits are not possible on your Web site Computer Security and Penetration Testing

22 Character-Set Decoding (continued)
Computer Security and Penetration Testing

23 Nybble-to-Byte Compression
Compression of data that is passed as input value to variables of the function that might be overflowed Method uses the buffer in a more efficient manner with a higher amount of data Focus is to minimize code size So hackers can double the amount of code in buffer Computer Security and Penetration Testing

24 Buffer Overflows: Detection and Prevention
Identify programming practices and functions that are potentially vulnerable to buffer overflow Computer Security and Penetration Testing

25 Detecting Buffer Overflow
Identify the functions and variables that can lead to buffer overflows Check the reaction of the application whenever a large set of character data is supplied to a variable Function may include length verification And thus return an error message if the data exceeds the expected size Can be a painstaking, tedious process Because all variables that accept values must be checked Computer Security and Penetration Testing

26 Detecting Buffer Overflow (continued)
Precaution should be taken to ensure that the input data is provided in the correct format For interactive Web pages Consider that the hidden data is also a part of the input that is given to the string When specifying the input data It is important to check that no NULL characters (empty fields) are being passed Computer Security and Penetration Testing

27 Preventing Buffer Overflow
After a buffer overflow exploit has been detected The probability of its existence in other applications by the same vendor is higher Bug is typically fixed by programming the functions to perform an input validity check Providing a null terminator will prevent the buffer overflow even If additional values have been specified Computer Security and Penetration Testing

28 Preventing Buffer Overflow (continued)
Consider developing specific programming guideline policies for your organization Having, understanding, and applying secure-coding best practices may not be entirely foolproof Options are available to avoid the use of function calls that are vulnerable to buffer overflows Computer Security and Penetration Testing

29 Preventing Buffer Overflow (continued)
Computer Security and Penetration Testing

30 Preventing Buffer Overflow (continued)
Checks must be made to validate the input values in both the new and old applications Software can be installed to keep a continuous check on a buffer overflow condition Software must be updated with all available security patches Computer Security and Penetration Testing

31 Summary Buffer overflow
Common in structured programming languages Happens when input applied to a variable is larger than the memory allotted to that variable Buffer overflow bug targets the variables that are used by functions to store values Best ways to avoid buffer overflow are programmatic Two main categories of buffer overflow: stack overflow and heap overflow Computer Security and Penetration Testing

32 Summary (continued) Three steps in traditional process of buffer overflow: Hacker searches for a chance to overflow the buffer Hacker determines memory assigned to the variable Hacker specifies a value greater than the maximum capacity of the variable Two less-traditional methods Character-set decoding Nybble-to-byte compression Computer Security and Penetration Testing

33 Summary (continued) To identify the functions and variables that can lead to buffer overflow, the reaction of the application has to be checked If a buffer overflow exploit has been detected, the probability of its existence in other applications by the same vendor is high Buffer overflow can be prevented by programming the functions to perform an input validity check Computer Security and Penetration Testing

Download ppt "Computer Security and Penetration Testing"

Similar presentations

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson

CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Java Card Technology Ch07: Applet Instructors: Fu-Chiung Cheng ( 鄭ē¦ē‚Æ ) Associate Professor Computer Science & Engineering Computer Science & Engineering.

Java Card Technology Ch07: Applet Instructors: Fu-Chiung Cheng ( 鄭ē¦ē‚Æ ) Associate Professor Computer Science & Engineering Computer Science & Engineering.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Stack-Based Buffer Overflows Attacker ā€“ Can take over a system remotely across a network. local malicious users ā€“ To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker ā€“ Can take over a system remotely across a network. local malicious users ā€“ To elevate their privileges and gain.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
Chapter 15 : Attacking Compiled Applications Alexis Kirat - International Student.

Chapter 15 : Attacking Compiled Applications Alexis Kirat - International Student.
By Brian Vees. ļ‚Ø SQL Injection ļ‚Ø Username Enumeration ļ‚Ø Cross Site Scripting (XSS) ļ‚Ø Remote Code Execution ļ‚Ø String Formatting Vulnerabilities.

By Brian Vees. ļ‚Ø SQL Injection ļ‚Ø Username Enumeration ļ‚Ø Cross Site Scripting (XSS) ļ‚Ø Remote Code Execution ļ‚Ø String Formatting Vulnerabilities.
Chapter 10.

Chapter 10.
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
METU Department of Computer Eng Ceng 302 Introduction to DBMS Disk Storage, Basic File Structures, and Hashing by Pinar Senkul resources: mostly froom.

METU Department of Computer Eng Ceng 302 Introduction to DBMS Disk Storage, Basic File Structures, and Hashing by Pinar Senkul resources: mostly froom.
Chapter 11 Operating Systems

Chapter 11 Operating Systems
Copyright Ā© 2007 Ramez Elmasri and Shamkant B. Navathe Chapter 13 Disk Storage, Basic File Structures, and Hashing.

Copyright Ā© 2007 Ramez Elmasri and Shamkant B. Navathe Chapter 13 Disk Storage, Basic File Structures, and Hashing.
Assembly ×Ŗ×Øגול 8 פונקציו×Ŗ וה×Ŗקפ×Ŗ buffer.. Procedures (Functions) A procedure call involves passing both data and control from one part of the code to.

Assembly ×Ŗ×Øגול 8 פונקציו×Ŗ וה×Ŗקפ×Ŗ buffer.. Procedures (Functions) A procedure call involves passing both data and control from one part of the code to.
SQL Injection and Buffer overflow

SQL Injection and Buffer overflow
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Computer Security and Penetration Testing

Computer Security and Penetration Testing

Similar presentations

Ads by Google