Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.

Published byDuane Murphy Modified over 8 years ago

Similar presentations

Presentation on theme: "Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011."— Presentation transcript:

1 Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011

2  The most common security vulnerability  Root cause › Unsafe programming languages  What areas of process memory are vulnerable to a buffer overflow? › Stack › Heap › Code/Data

3  A specific type of buffer overflow attack  How does it work? › During a function call, the return address is pushed on the stack › An attacker overflows a buffer (local variable) › The return address on the stack is overwritten to point to an existing function or to injected code › During the function return the instruction pointer is set to the new value stored on the stack, not the original stored value

4 This code snippet caused the Morris Worm (1988) char buf[20]; gets(buf);

5 void foo(char *input) { //make a local working copy char buf[1024]; strcpy(buf, input); }

6  Usually only get one chance › Usually makes the program crash after the buffer is overflowed › Remote attacker doesn’t know the exact address location of the injected attack code  NOP Sled helps create a window of opportunity

7  How does the stack normally operate during a function call/return?  Describe how an attacker can inject code on the stack  What is a NOP sled and how/why is it used in a stack smashing attack?  What are the requirements for the format of the injected code?

8  Write correct code › Avoid vulnerable functions › Audit code – use analysis tools › Fuzz testing  Non-executable buffers › Kernel patches make the stack non-executable  Array bounds checking › Compile time or run-time checks › Use a type-safe language  Code pointer integrity checking › Detect when a pointer is corrupted › StackGuard and PointerGuard  Address space randomization (ASLR)

9  How does it work?  What is a canary? › Terminator canary › Random canary › XOR canary

10  What are the approaches to defend against a buffer overflow attack? › What are the pros/cons of each?  Is a buffer overflow only useful for a remote attack?  (True or False) Making the stack non- executable makes a stack smashing attack impossible?  (True or False) If your web server is written in Java, it is not vulnerable to a stack smashing attack?  What is the principle of least privilege and how does it relate to buffer overflow attacks?

11  Three main integer manipulations that can lead to security vulnerabilities › Overflow and underflow › Signed vs. unsigned errors › Truncation  Reviewing Code for Integer Manipulation Vulnerabilities › http://msdn2.microsoft.com/en- us/library/ms972818.aspx http://msdn2.microsoft.com/en- us/library/ms972818.aspx

Download ppt "Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011."

Similar presentations

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.

Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.
Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?

Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson

CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
DIEHARDER: SECURING THE HEAP. Previously in DieHard…  Increase Reliability by random positioning of data  Replicated Execution detects invalid memory.

DIEHARDER: SECURING THE HEAP. Previously in DieHard…  Increase Reliability by random positioning of data  Replicated Execution detects invalid memory.
K. Salah1 Buffer Overflow The crown jewel of attacks.

K. Salah1 Buffer Overflow The crown jewel of attacks.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.

Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Software and Security Buffer Overflow 1.

Software and Security Buffer Overflow 1.
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.

Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.
Windows XP SP2 Stack Protection Jimmy Hermansson Johan Tibell.

Windows XP SP2 Stack Protection Jimmy Hermansson Johan Tibell.
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.

Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.

Similar presentations

Ads by Google