Buffer Overflows. Buffers. Administrative. COMP 435 Fall 2017 Prof. Cynthia Sturton. Buffers
Size: px
Start display at page:

Download "Buffer Overflows. Buffers. Administrative. COMP 435 Fall 2017 Prof. Cynthia Sturton. Buffers"

Transcription

1 dministrative Buffer Overflows COMP 435 Fall 2017 Prof. Cynthia Sturton Exam Mon., Nov. 6 Covers material since last exam, including today s lecture Review in OH Fri., Nov. 3, FB 354 Poster group info due tomorrow (or lose points!) Group sign-up using google form OR instr-435-cs@cs.unc.edu to be grouped ssignment 3 due Wed., Nov. 8 Can work on it after the exam New this time: Sakai will stay open for resubmissions 2 Buffers Buffers char sample[10]; int i; for (i=0; i<=9; i++) sample[i] = ;

2 Buffers Buffers in Memory char sample[10]; int i; for (i=0; i<=9; i++) sample[i] = ; sample[10] = B ;? x x Buffers in Memory Terminology B... 0x x Buffer Overflow Buffer Overrun Buffer Overflow ttack Smashing 7 8

3 Buffer Overflow ttack 1988 Morris Worm Buffer Overflow ttack 2014 Heartbleed 9 10 Code & Data User Code & Data User B Code & Data Operating System Proc 1 Code Proc 1 Data Proc 2 Code Proc 2 Data Memory Layout 11 Heap Local Data Local Code System Data System Code Memory Layout: one process 12

4 Procedure p1 { call p2; Local Vars Return Instruction Pointer Procedure p1 { call p2; Local Vars Return Instruction Pointer int p2(char *input){ char buffer[100]; strcpy(buffer, input); return 0; Procedure p2 Procedure p1 { call p2; Local Vars Return Instruction Pointer Saved Base Pointer p1 buffer p

5 n ttack int p2(char *input){ char buffer[100]; strcpy(buffer, input); return 0; input 0xCFECFECFECFE...00FFEE Procedure p1 { call p2; Local Vars (Return Instruction Pointer) 0X00FFEE (Saved Base Pointer) 0xCFE (buffer) 0xCFECF ECFECF E p1 p2 Compromised dd a secret value to the stack Check value before returning Defense: Canary Procedure p1 { call p2; Local Vars (Return Instruction Pointer) 0X00FFEE (Saved Base Pointer) 0xCFE p1 Compromised (buffer) 0xCFECF ECFECF E p

6 ttack Defense: W xor X Guess Canary Regions of memory can be either writable or executable Point to existing code in the system ttack: Return to LibC Procedure p1 { call p2; Points to elsewhere in memory Local Vars (Return Instruction Pointer) 0X00FFEE (Saved Base Pointer) 0xCFE (buffer) 0xCFECF ECFECF E p1 p2 Compromised 23 24

7 ttack: Return oriented programming Current State Point to gadgets within the existing code We have trained the attackers very well! TLS Heartbeat Client Server Heartbleed heartbeat request: 3 bytes, cat heartbeat reply: cat 27 28

8 TLS Heartbleed ttack Server Bug introduced to code repository Dec 2011 History of Heartbleed heartbeat request: 64 Kbytes, cat Published for comment Feb 2012 Included and enabled by default in OpenSSL March 2012 heartbeat reply: cat0xcfepasswordkeys First discovered March Current State Integer Overflows Buffer overflow and overruns are the major source of vulnerabilities in SW int *vulnerable(int *array, int len) { int *myarray; myarray = malloc(len * sizeof(int)); if (myarray == NULL) { return -1; for (i = 0; i < len; i++) { myarray[i] = array[i]; return myarray; 31 32

9 Overflow Countermeasures Bounds Checking Bounds Checking Input validation & sanitization Use safe utilities Manual code review Static analysis Dynamic analysis Least privilege Sandboxing Input Validation & Sanitization Input Validation & Sanitization Use a template (919) Use a template (919) Templates prescribe good behavior 35 36

10 Templates are Difficult Input Validation & Sanitization (919) The length of buffer writes should be dictated by buffer size, not by user-provided input Input Validation & Sanitization Use Safe Utilities strcpy vs strncpy Never trust user-supplied input char str1[]= "hello"; char str2[6]; /* copy to terminating null \0 */ strcpy (str2, str1); /* copy only 6 chars */ strncpy (str2, str1, 6); 39 40

11 Use Safe Utilities Least Privilege strcpy vs strncpy strcmp vs strncmp sprintf vs snprintf Subject should have access to fewest number of objects necessary to do its work Least Privilege Sandboxing Code should have only the permissions needed Limits the damage done by compromise Contain sections of code within a specified address range 43 44

12 The choice of language plays a role as well Programming Language Type Safety Memory Safety In-class Exercise 45 46

Similar documents

Betriebssysteme und Sicherheit Sicherheit. Buffer Overflows

Betriebssysteme und Sicherheit Sicherheit. Buffer Overflows Betriebssysteme und Sicherheit Sicherheit Buffer Overflows Software Vulnerabilities Implementation error Input validation Attacker-supplied input can lead to Corruption Code execution... Even remote exploitation

More information

CSCE 548 Building Secure Software Buffer Overflow. Professor Lisa Luo Spring 2018

CSCE 548 Building Secure Software Buffer Overflow. Professor Lisa Luo Spring 2018 CSCE 548 Building Secure Software Buffer Overflow Professor Lisa Luo Spring 2018 Previous Class Virus vs. Worm vs. Trojan & Drive-by download Botnet & Rootkit Malware detection Scanner Polymorphic malware

More information

Software Security II: Memory Errors - Attacks & Defenses

Software Security II: Memory Errors - Attacks & Defenses 1 Software Security II: Memory Errors - Attacks & Defenses Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab1 Writeup 3 Buffer overflow Out-of-bound memory writes (mostly sequential) Allow

More information

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 2

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 2 CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 2 Announcements First project is on the web Due: Feb. 1st at midnight Form groups of 2 or 3 people If you need help finding a group,

More information

Homework 3 CS161 Computer Security, Fall 2008 Assigned 10/07/08 Due 10/13/08

Homework 3 CS161 Computer Security, Fall 2008 Assigned 10/07/08 Due 10/13/08 Homework 3 CS161 Computer Security, Fall 2008 Assigned 10/07/08 Due 10/13/08 For your solutions you should submit a hard copy; either hand written pages stapled together or a print out of a typeset document

More information

CMPSC 497 Buffer Overflow Vulnerabilities

CMPSC 497 Buffer Overflow Vulnerabilities Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 Buffer Overflow

More information

Secure Programming I. Steven M. Bellovin September 28,

Secure Programming I. Steven M. Bellovin September 28, Secure Programming I Steven M. Bellovin September 28, 2014 1 If our software is buggy, what does that say about its security? Robert H. Morris Steven M. Bellovin September 28, 2014 2 The Heart of the Problem

More information

Buffer overflows (a security interlude) Address space layout the stack discipline + C's lack of bounds-checking HUGE PROBLEM

Buffer overflows (a security interlude) Address space layout the stack discipline + C's lack of bounds-checking HUGE PROBLEM Buffer overflows (a security interlude) Address space layout the stack discipline + C's lack of bounds-checking HUGE PROBLEM x86-64 Linux Memory Layout 0x00007fffffffffff not drawn to scale Stack... Caller

More information

Lecture 4 September Required reading materials for this class

Lecture 4 September Required reading materials for this class EECS 261: Computer Security Fall 2007 Lecture 4 September 6 Lecturer: David Wagner Scribe: DK Moon 4.1 Required reading materials for this class Beyond Stack Smashing: Recent Advances in Exploiting Buffer

More information

CSE 565 Computer Security Fall 2018

CSE 565 Computer Security Fall 2018 CSE 565 Computer Security Fall 2018 Lecture 14: Software Security Department of Computer Science and Engineering University at Buffalo 1 Software Security Exploiting software vulnerabilities is paramount

More information

Buffer overflow background

Buffer overflow background and heap buffer background Comp Sci 3600 Security Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Address Space and heap buffer

More information

UMSSIA LECTURE I: SOFTWARE SECURITY

UMSSIA LECTURE I: SOFTWARE SECURITY UMSSIA LECTURE I: SOFTWARE SECURITY THINKING LIKE AN ADVERSARY SECURITY ASSESSMENT Confidentiality? Availability? Dependability? Security by Obscurity: a system that is only secure if the adversary doesn

More information

Lecture 1: Buffer Overflows

Lecture 1: Buffer Overflows CS5431 Computer Security Practicum Spring 2017 January 27, 2017 1 Conficker Lecture 1: Buffer Overflows Instructor: Eleanor Birrell In November 2008, a new piece of malware was observed in the wild. This

More information

Topics in Software Security Vulnerability

Topics in Software Security Vulnerability Topics in Software Security Vulnerability Software vulnerability What are software vulnerabilities? Types of vulnerabilities E.g., Buffer Overflows How to find these vulnerabilities and prevent them? Classes

More information

C Characters and Strings

C Characters and Strings CS 2060 Character handling The C Standard Library provides many functions for testing characters in ctype.h. int isdigit(int c); // is c a digit (0-9)? int isalpha(int c); // is c a letter? int isalnum(int

More information

Secure Software Development: Theory and Practice

Secure Software Development: Theory and Practice Secure Software Development: Theory and Practice Suman Jana MW 2:40-3:55pm 415 Schapiro [SCEP] *Some slides are borrowed from Dan Boneh and John Mitchell Software Security is a major problem! Why writing

More information

ECS 153 Discussion Section. April 6, 2015

ECS 153 Discussion Section. April 6, 2015 ECS 153 Discussion Section April 6, 2015 1 What We ll Cover Goal: To discuss buffer overflows in detail Stack- based buffer overflows Smashing the stack : execution from the stack ARC (or return- to- libc)

More information

CMSC 414 Computer and Network Security

CMSC 414 Computer and Network Security CMSC 414 Computer and Network Security Buffer Overflows Dr. Michael Marsh August 30, 2017 Trust and Trustworthiness You read: Reflections on Trusting Trust (Ken Thompson), 1984 Smashing the Stack for Fun

More information

We will focus on Buffer overflow attacks SQL injections. See book for other examples

We will focus on Buffer overflow attacks SQL injections. See book for other examples We will focus on Buffer overflow attacks SQL injections See book for other examples Buffer overrun is another common term Buffer Overflow A condition at an interface under which more input can be placed

More information

Introduction to Operating Systems Prof. Chester Rebeiro Department of Computer Science and Engineering Indian Institute of Technology, Madras

Introduction to Operating Systems Prof. Chester Rebeiro Department of Computer Science and Engineering Indian Institute of Technology, Madras Introduction to Operating Systems Prof. Chester Rebeiro Department of Computer Science and Engineering Indian Institute of Technology, Madras Week 08 Lecture 38 Preventing Buffer Overflow Attacks Hello.

More information

Buffer Overflows. A brief Introduction to the detection and prevention of buffer overflows for intermediate programmers.

Buffer Overflows. A brief Introduction to the detection and prevention of buffer overflows for intermediate programmers. Buffer Overflows A brief Introduction to the detection and prevention of buffer overflows for intermediate programmers. By: Brian Roberts What is a buffer overflow? In languages that deal with data structures

More information

Exploits and gdb. Tutorial 5

Exploits and gdb. Tutorial 5 Exploits and gdb Tutorial 5 Exploits and gdb 1. Buffer Vulnerabilities 2. Code Injection 3. Integer Attacks 4. Advanced Exploitation 5. GNU Debugger (gdb) Buffer Vulnerabilities Basic Idea Overflow or

More information

This time. Defenses and other memory safety vulnerabilities. Everything you ve always wanted to know about gdb but were too afraid to ask

This time. Defenses and other memory safety vulnerabilities. Everything you ve always wanted to know about gdb but were too afraid to ask This time We will continue Buffer overflows By looking at Overflow Defenses and other memory safety vulnerabilities Everything you ve always wanted to know about gdb but were too afraid to ask Overflow

More information

Software and Web Security 1. Root Cause Analysis. Abstractions Assumptions Trust. sws1 1

Software and Web Security 1. Root Cause Analysis. Abstractions Assumptions Trust. sws1 1 Software and Web Security 1 Reflections on using C(++) Root Cause Analysis Abstractions Assumptions Trust sws1 1 There are only two kinds of programming languages: the ones people complain about and the

More information

CSE 127: Computer Security. Memory Integrity. Kirill Levchenko

CSE 127: Computer Security. Memory Integrity. Kirill Levchenko CSE 127: Computer Security Memory Integrity Kirill Levchenko November 18, 2014 Stack Buffer Overflow Stack buffer overflow: writing past end of a stackallocated buffer Also called stack smashing One of

More information

EURECOM 6/2/2012 SYSTEM SECURITY Σ

EURECOM 6/2/2012 SYSTEM SECURITY Σ EURECOM 6/2/2012 Name SYSTEM SECURITY 5 5 5 5 5 5 5 5 10 50 1 2 3 4 5 6 7 8 9 Σ Course material is not allowed during the exam. Try to keep your answers precise and short. You will not get extra points

More information

BUFFER OVERFLOW DEFENSES & COUNTERMEASURES

BUFFER OVERFLOW DEFENSES & COUNTERMEASURES BUFFER OVERFLOW DEFENSES & COUNTERMEASURES CMSC 414 FEB 01 2018 RECALL OUR CHALLENGES How can we make these even more difficult? Putting code into the memory (no zeroes) Finding the return address (guess

More information

2 Sadeghi, Davi TU Darmstadt 2012 Secure, Trusted, and Trustworthy Computing Chapter 6: Runtime Attacks

2 Sadeghi, Davi TU Darmstadt 2012 Secure, Trusted, and Trustworthy Computing Chapter 6: Runtime Attacks Runtime attacks are major threats to today's applications Control-flow of an application is compromised at runtime Typically, runtime attacks include injection of malicious code Reasons for runtime attacks

More information

Module: Safe Programming. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Module: Safe Programming. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security CSE543 - Introduction to Computer and Network Security Module: Safe Programming Professor Trent Jaeger 1 1 Avoiding Vulnerabilities How do we write programs to avoid mistakes that lead to vulnerabilities?

More information

CS 222: Pointers and Manual Memory Management

CS 222: Pointers and Manual Memory Management CS 222: Pointers and Manual Memory Management Chris Kauffman Week 4-1 Logistics Reading Ch 8 (pointers) Review 6-7 as well Exam 1 Back Today Get it in class or during office hours later HW 3 due tonight

More information

Stack Vulnerabilities. CS4379/5375 System Security Assurance Dr. Jaime C. Acosta

Stack Vulnerabilities. CS4379/5375 System Security Assurance Dr. Jaime C. Acosta 1 Stack Vulnerabilities CS4379/5375 System Security Assurance Dr. Jaime C. Acosta Part 1 2 3 An Old, yet Still Valid Vulnerability Buffer/Stack Overflow ESP Unknown Data (unused) Unknown Data (unused)

More information

Announcements. assign0 due tonight. Labs start this week. No late submissions. Very helpful for assign1

Announcements. assign0 due tonight. Labs start this week. No late submissions. Very helpful for assign1 Announcements assign due tonight No late submissions Labs start this week Very helpful for assign1 Goals for Today Pointer operators Allocating memory in the heap malloc and free Arrays and pointer arithmetic

More information

CSE 565 Computer Security Fall 2018

CSE 565 Computer Security Fall 2018 CSE 565 Computer Security Fall 2018 Lecture 15: Software Security II Department of Computer Science and Engineering University at Buffalo 1 Software Vulnerabilities Buffer overflow vulnerabilities account

More information

CS 161 Computer Security

CS 161 Computer Security Wagner Spring 2014 CS 161 Computer Security Midterm 1 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be reported

More information

Security and Privacy in Computer Systems. Lecture 5: Application Program Security

Security and Privacy in Computer Systems. Lecture 5: Application Program Security CS 645 Security and Privacy in Computer Systems Lecture 5: Application Program Security Buffer overflow exploits More effective buffer overflow attacks Preventing buffer overflow attacks Announcement Project

More information

Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Review

Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Review Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka September 24, 2011. 1 Introduction to the topic

More information

CSc 466/566. Computer Security. 20 : Operating Systems Application Security

CSc 466/566. Computer Security. 20 : Operating Systems Application Security 1/68 CSc 466/566 Computer Security 20 : Operating Systems Application Security Version: 2014/11/20 13:07:28 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2014 Christian

More information

Software Security Buffer Overflows more countermeasures. Erik Poll. Digital Security Radboud University Nijmegen

Software Security Buffer Overflows more countermeasures. Erik Poll. Digital Security Radboud University Nijmegen Software Security Buffer Overflows more countermeasures Erik Poll Digital Security Radboud University Nijmegen Recap last week Recurring security problems in C(++) code buffer overflows bugs with pointers

More information

CS 161 Computer Security

CS 161 Computer Security Paxson Spring 2011 CS 161 Computer Security Discussion 1 January 26, 2011 Question 1 Buffer Overflow Mitigations Buffer overflow mitigations generally fall into two categories: (i) eliminating the cause

More information

Buffer overflow prevention, and other attacks

Buffer overflow prevention, and other attacks Buffer prevention, and other attacks Comp Sci 3600 Security Outline 1 2 Two approaches to buffer defense Aim to harden programs to resist attacks in new programs Run time Aim to detect and abort attacks

More information

Black Hat Webcast Series. C/C++ AppSec in 2014

Black Hat Webcast Series. C/C++ AppSec in 2014 Black Hat Webcast Series C/C++ AppSec in 2014 Who Am I Chris Rohlf Leaf SR (Security Research) - Founder / Consultant BlackHat Speaker { 2009, 2011, 2012 } BlackHat Review Board Member http://leafsr.com

More information

Language Security. Lecture 40

Language Security. Lecture 40 Language Security Lecture 40 (from notes by G. Necula) Prof. Hilfinger CS 164 Lecture 40 1 Lecture Outline Beyond compilers Looking at other issues in programming language design and tools C Arrays Exploiting

More information

Software Security: Buffer Overflow Defenses

Software Security: Buffer Overflow Defenses CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Defenses Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin,

More information

On The Effectiveness of Address-Space Randomization. H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh Stanford University CCS 2004

On The Effectiveness of Address-Space Randomization. H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh Stanford University CCS 2004 On The Effectiveness of Address-Space Randomization H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh Stanford University CCS 2004 Code-Injection Attacks Inject malicious executable code

More information

Architecture-level Security Vulnerabilities

Architecture-level Security Vulnerabilities Architecture-level Security Vulnerabilities Björn Döbel Outline How stacks work Smashing the stack for fun and profit Preventing stack smashing attacks Circumventing stack smashing prevention The Battlefield:

More information

Buffer Overflow Attacks

Buffer Overflow Attacks Buffer Overflow Attacks 1. Smashing the Stack 2. Other Buffer Overflow Attacks 3. Work on Preventing Buffer Overflow Attacks Smashing the Stack An Evil Function void func(char* inp){ } char buffer[16];

More information

Machine-Level Programming V: Unions and Memory layout

Machine-Level Programming V: Unions and Memory layout Machine-Level Programming V: Unions and Memory layout Slides adapted from Bryant and O Hallaron Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 1 FAQ Call conventions

More information

CSCE 548 Building Secure Software Integers & Integer-related Attacks & Format String Attacks. Professor Lisa Luo Spring 2018

CSCE 548 Building Secure Software Integers & Integer-related Attacks & Format String Attacks. Professor Lisa Luo Spring 2018 CSCE 548 Building Secure Software Integers & Integer-related Attacks & Format String Attacks Professor Lisa Luo Spring 2018 Previous Class Buffer overflows can be devastating It occurs when the access

More information

CS 361S - Network Security and Privacy Spring Homework #2

CS 361S - Network Security and Privacy Spring Homework #2 CS 361S - Network Security and Privacy Spring 2014 Homework #2 Due: 11am CDT (in class), April 17, 2014 YOUR NAME: Collaboration policy No collaboration is permitted on this assignment. Any cheating (e.g.,

More information

COMP3441 Lecture 7: Software Vulnerabilities

COMP3441 Lecture 7: Software Vulnerabilities COMP3441 Lecture 7: Software Vulnerabilities Ron van der Meyden (University of New South Wales Sydney, Australia) April 22, 2013 Overview Buffer overflow attacks SQL injection attacks Defensive measures

More information

EE 355 Lab 4 - Party Like A Char Star

EE 355 Lab 4 - Party Like A Char Star 1 Introduction In this lab you will implement a "hangman" game where the user is shown blanks representing letter of a word and then tries to guess and fill in the letters with a limited number of guesses

More information

Lec06: DEP and ASLR. Taesoo Kim

Lec06: DEP and ASLR. Taesoo Kim 1 Lec06: DEP and ASLR Taesoo Kim Scoreboard 2 NSA Codebreaker Challenges 3 4 Administrivia Congrats!! We've completed the half of labs! Due: Lab06 is out and its due on Oct 5 at midnight NSA Codebreaker

More information

Lecture 05 Integer overflow. Stephen Checkoway University of Illinois at Chicago

Lecture 05 Integer overflow. Stephen Checkoway University of Illinois at Chicago Lecture 05 Integer overflow Stephen Checkoway University of Illinois at Chicago Unsafe functions in libc strcpy strcat gets scanf family (fscanf, sscanf, etc.) (rare) printffamily (more about these later)

More information

Beyond Stack Smashing: Recent Advances in Exploiting. Jonathan Pincus(MSR) and Brandon Baker (MS)

Beyond Stack Smashing: Recent Advances in Exploiting. Jonathan Pincus(MSR) and Brandon Baker (MS) Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus(MSR) and Brandon Baker (MS) Buffer Overflows and How they Occur Buffer is a contiguous segment of memory of a fixed

More information

Create a Program in C (Last Class)

Create a Program in C (Last Class) Create a Program in C (Last Class) Input: three floating point numbers Output: the average of those three numbers Use: scanf to get the input printf to show the result a function to calculate the average

More information

Basic Buffer Overflows

Basic Buffer Overflows Operating Systems Security Basic Buffer Overflows (Stack Smashing) Computer Security & OS lab. Cho, Seong-je ( 조성제 ) Fall, 2018 sjcho at dankook.ac.kr Chapter 10 Buffer Overflow 2 Contents Virtual Memory

More information

Memory Safety (cont d) Software Security

Memory Safety (cont d) Software Security Memory Safety (cont d) Software Security CS 161: Computer Security Prof. Raluca Ada Popa January 17, 2016 Some slides credit to David Wagner and Nick Weaver Announcements Discussion sections and office

More information

Lecture 08 Control-flow Hijacking Defenses

Lecture 08 Control-flow Hijacking Defenses Lecture 08 Control-flow Hijacking Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides adapted from Miller, Bailey, and Brumley Control Flow Hijack: Always control + computation

More information

Memory corruption countermeasures

Memory corruption countermeasures Secure Programming Lecture 6: Memory Corruption IV (Countermeasures) David Aspinall, Informatics @ Edinburgh 30th January 2014 Outline Announcement Recap Containment and curtailment Stack tamper detection

More information

Program Security and Vulnerabilities Class 2

Program Security and Vulnerabilities Class 2 Program Security and Vulnerabilities Class 2 CEN-5079: 28.August.2017 1 Secure Programs Programs Operating System Device Drivers Network Software (TCP stack, web servers ) Database Management Systems Integrity

More information

in memory: an evolution of attacks Mathias Payer Purdue University

in memory: an evolution of attacks Mathias Payer Purdue University in memory: an evolution of attacks Mathias Payer Purdue University Images (c) MGM, WarGames, 1983 Memory attacks: an ongoing war Vulnerability classes according to CVE Memory

More information

Reserve Engineering & Buffer Overflow Attacks. Tom Chothia Computer Security, Lecture 17

Reserve Engineering & Buffer Overflow Attacks. Tom Chothia Computer Security, Lecture 17 Reserve Engineering & Buffer Overflow Attacks Tom Chothia Computer Security, Lecture 17 Introduction A simplified, high-level view of buffer overflow attacks. x86 architecture overflows on the stack Some

More information

Code Injection Attacks Buffer Overflows

Code Injection Attacks Buffer Overflows CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 System Security Lecture 1 Code Injection Attacks Buffer Overflows Based on and extracted from Nickolai Zeldovitch, Computer System Security, course material at

More information

C and C++ Secure Coding 4-day course. Syllabus

C and C++ Secure Coding 4-day course. Syllabus C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course

More information

One-Slide Summary. Lecture Outline. Language Security

One-Slide Summary. Lecture Outline. Language Security Language Security Or: bringing a knife to a gun fight #1 One-Slide Summary A language s design principles and features have a strong influence on the security of programs written in that language. C s

More information

Overflows, Injection, & Memory Safety

Overflows, Injection, & Memory Safety Overflows, Injection, & Memory Safety 1 Announcements... Computer Science 161 Fall 2018 Project 1 is now live! Due Friday September 14th Start it early: The add/drop deadline got reduced to September 12th

More information

Fundamentals of Computer Security

Fundamentals of Computer Security Fundamentals of Computer Security Spring 2015 Radu Sion Software Errors Buffer Overflow TOCTTOU 2005-15 Portions copyright by Bogdan Carbunar and Wikipedia. Used with permission Why Security Vulnerabilities?

More information

Secure Systems Engineering

Secure Systems Engineering Secure Systems Engineering Chester Rebeiro Indian Institute of Technology Madras Flaws that would allow an attacker access the OS flaw Bugs in the OS The Human factor Chester Rebeiro, IITM 2 Program Bugs

More information

Secure Programming. Buffer Overflows Learning objectives. Type. 3 Buffer Overflows. 4 An Important Vulnerability. 5 Example Overflow

Secure Programming. Buffer Overflows Learning objectives. Type. 3 Buffer Overflows. 4 An Important Vulnerability. 5 Example Overflow Secure Programming Buffer Overflows 2 Learning objectives Understand the definition of a buffer overflow Learn the importance of buffer overflows Know how buffer overflows happen Know how to handle strings

More information

EURECOM 6/2/2012 SYSTEM SECURITY Σ

EURECOM 6/2/2012 SYSTEM SECURITY Σ EURECOM 6/2/2012 Name SYSTEM SECURITY 5 5 5 5 5 5 5 5 5 5 50 1 2 3 4 5 6 7 8 9 10 Σ Course material is not allowed during the exam. Try to keep your answers precise and short. You will not get extra points

More information

CS 103 Lab 6 - Party Like A Char Star

CS 103 Lab 6 - Party Like A Char Star 1 Introduction In this lab you will implement a "hangman" game where the user is shown blanks representing letter of a word and then tries to guess and fill in the letters with a limited number of guesses.

More information

CS 645: Lecture 3 Software Vulnerabilities. Rachel Greenstadt July 3, 2013

CS 645: Lecture 3 Software Vulnerabilities. Rachel Greenstadt July 3, 2013 CS 645: Lecture 3 Software Vulnerabilities Rachel Greenstadt July 3, 2013 Project 1: Software exploits Individual project - done in virtual machine environment This assignment is hard. Don t leave it until

More information

ENEE 457: Computer Systems Security. Lecture 16 Buffer Overflow Attacks

ENEE 457: Computer Systems Security. Lecture 16 Buffer Overflow Attacks ENEE 457: Computer Systems Security Lecture 16 Buffer Overflow Attacks Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland, College Park Buffer overflow

More information

Architecture-level Security Vulnerabilities. Julian Stecklina

Architecture-level Security Vulnerabilities. Julian Stecklina Architecture-level Security Vulnerabilities Julian Stecklina Outline How stacks work Smashing the stack for fun and profit Preventing stack smashing attacks Circumventing stack smashing prevention The

More information

Stack Overflow COMP620

Stack Overflow COMP620 Stack Overflow COMP620 There are two kinds of people in America today: those who have experienced a foreign cyber attack and know it, and those who have experienced a foreign cyber attack and don t know

More information

Outline. Classic races: files in /tmp. Race conditions. TOCTTOU example. TOCTTOU gaps. Vulnerabilities in OS interaction

Outline. Classic races: files in /tmp. Race conditions. TOCTTOU example. TOCTTOU gaps. Vulnerabilities in OS interaction Outline CSci 5271 Introduction to Computer Security Day 3: Low-level vulnerabilities Stephen McCamant University of Minnesota, Computer Science & Engineering Race conditions Classic races: files in /tmp

More information

CSC 252: Computer Organization Spring 2018: Lecture 9

CSC 252: Computer Organization Spring 2018: Lecture 9 CSC 252: Computer Organization Spring 2018: Lecture 9 Instructor: Yuhao Zhu Department of Computer Science University of Rochester Action Items: Assignment 2 is due tomorrow, midnight Assignment 3 is out

More information

Lecture 9: Buffer Overflow* CS 392/6813: Computer Security Fall Nitesh Saxena

Lecture 9: Buffer Overflow* CS 392/6813: Computer Security Fall Nitesh Saxena Lecture 9: Buffer Overflow* CS 392/6813: Computer Security Fall 2007 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit) and Stanislav Nurilov Course Admin

More information

(Early) Memory Corruption Attacks

(Early) Memory Corruption Attacks (Early) Memory Corruption Attacks CS-576 Systems Security Instructor: Georgios Portokalidis Fall 2018 Fall 2018 Stevens Institute of Technology 1 Memory Corruption Memory corruption occurs in a computer

More information

Software Vulnerabilities August 31, 2011 / CS261 Computer Security

Software Vulnerabilities August 31, 2011 / CS261 Computer Security Software Vulnerabilities August 31, 2011 / CS261 Computer Security Software Vulnerabilities...1 Review paper discussion...2 Trampolining...2 Heap smashing...2 malloc/free...2 Double freeing...4 Defenses...5

More information

CMPSC 497: Midterm Review

CMPSC 497: Midterm Review CMPSC 497: Midterm Review Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Page 1 Midterm Format True/False

More information

New York University CSCI-UA : Advanced Computer Systems: Spring 2016 Midterm Exam

New York University CSCI-UA : Advanced Computer Systems: Spring 2016 Midterm Exam New York University CSCI-UA.480-008: Advanced Computer Systems: Spring 2016 Midterm Exam This exam is 75 minutes. Stop writing when time is called. You must turn in your exam; we will not collect it. Do

More information

Buffer Overflow. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Buffer Overflow. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University Buffer Overflow Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu x86-64/linux Memory Layout Stack Runtime stack (8MB limit) Heap Dynamically allocated

More information

Software Security Buffer Overflows more countermeasures. Erik Poll. Digital Security Radboud University Nijmegen

Software Security Buffer Overflows more countermeasures. Erik Poll. Digital Security Radboud University Nijmegen Software Security Buffer Overflows more countermeasures Erik Poll Digital Security Radboud University Nijmegen Recap last week Recurring security problems in C(++) code memory corruption, due to buffer

More information

A program execution is memory safe so long as memory access errors never occur:

A program execution is memory safe so long as memory access errors never occur: A program execution is memory safe so long as memory access errors never occur: Buffer overflows, null pointer dereference, use after free, use of uninitialized memory, illegal free Memory safety categories

More information

Computer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018

More information

Secure Coding Techniques

Secure Coding Techniques Secure Coding Techniques "... the world outside your function should be treated as hostile and bent upon your destruction" [Writing Secure Code, Howard and LeBlanc] "Distrust and caution are the parents

More information

Control Flow Hijacking Attacks. Prof. Dr. Michael Backes

Control Flow Hijacking Attacks. Prof. Dr. Michael Backes Control Flow Hijacking Attacks Prof. Dr. Michael Backes Control Flow Hijacking malicious.pdf Contains bug in PDF parser Control of viewer can be hijacked Control Flow Hijacking Principles Normal Control

More information

The first Secure Programming Laboratory will be today! 3pm-6pm in Forrest Hill labs 1.B31, 1.B32.

The first Secure Programming Laboratory will be today! 3pm-6pm in Forrest Hill labs 1.B31, 1.B32. Lab session this afternoon Memory corruption attacks Secure Programming Lecture 6: Memory Corruption IV (Countermeasures) David Aspinall, Informatics @ Edinburgh 2nd February 2016 The first Secure Programming

More information

Buffer Overflow. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University

Buffer Overflow. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University Buffer Overflow Jinkyu Jeong (jinkyu@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu SSE2030: Introduction to Computer Systems, Spring 2018, Jinkyu Jeong (jinkyu@skku.edu)

More information

Recitation: C Review. TA s 20 Feb 2017

Recitation: C Review. TA s 20 Feb 2017 15-213 Recitation: C Review TA s 20 Feb 2017 Agenda Logistics Attack Lab Conclusion C Assessment C Programming Style C Exercise Cache Lab Overview Appendix: Valgrind Clang / LLVM Cache Structure Logistics

More information

CprE 288 Introduction to Embedded Systems Exam 1 Review. 1

CprE 288 Introduction to Embedded Systems Exam 1 Review. 1 CprE 288 Introduction to Embedded Systems Exam 1 Review http://class.ece.iastate.edu/cpre288 1 Overview of Today s Lecture Announcements Exam 1 Review http://class.ece.iastate.edu/cpre288 2 Announcements

More information

Limitations of the stack

Limitations of the stack The heap hic 1 Limitations of the stack int *table_of(int num, int len) { int table[len+1]; for (int i=0; i

More information

Heartbleed Attack Lab

Heartbleed Attack Lab SEED Labs Heartbleed Attack 1 Heartbleed Attack Lab Copyright c 2016 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation under Award

More information

Secure Programming. An introduction to Splint. Informatics and Mathematical Modelling Technical University of Denmark E

Secure Programming. An introduction to Splint. Informatics and Mathematical Modelling Technical University of Denmark E Secure Programming An introduction to Splint Christian D. Jensen René Rydhof Hansen Informatics and Mathematical Modelling Technical University of Denmark E05-02230 CDJ/RRH (IMM/DTU) Secure Programming

More information

Secure Programming Lecture 6: Memory Corruption IV (Countermeasures)

Secure Programming Lecture 6: Memory Corruption IV (Countermeasures) Secure Programming Lecture 6: Memory Corruption IV (Countermeasures) David Aspinall, Informatics @ Edinburgh 2nd February 2016 Outline Announcement Recap Containment and curtailment Tamper detection Memory

More information

Software Security: Buffer Overflow Attacks

Software Security: Buffer Overflow Attacks CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Attacks (continued) Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,

More information

Protection and Security

Protection and Security Protection and Security Security: policy for controlling access to system Protection: mechanism implementing security policy Why: users can do bad things to system either maliciously or unintentionally

More information

CIS 4360 Secure Computer Systems. Buffer Overflows

CIS 4360 Secure Computer Systems. Buffer Overflows CIS 4360 Secure Computer Systems Buffer Overflows Professor Qiang Zeng Spring 2017 Some slides are courtesy of Dr. David A. Wheeler Hard link vs. soft link How are they implemented? When you create a hard

More information

This time. Defenses and other memory safety vulnerabilities. Everything you ve always wanted to know about gdb but were too afraid to ask

This time. Defenses and other memory safety vulnerabilities. Everything you ve always wanted to know about gdb but were too afraid to ask This time We will continue Buffer overflows By looking at Overflow Defenses and other memory safety vulnerabilities Everything you ve always wanted to know about gdb but were too afraid to ask Overflow

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback