Secure Programming. CSC 482/582: Computer Security Slide #1
|
|
- Solomon Higgins
- 6 years ago
- Views:
Transcription
1 Secure Programming CSC 482/582: Computer Security Slide #1
2 Topics 1. Robust and Secure Programming 2. Race Conditions and TOCTOU vulnerabilities 3. Error Handling 4. Securing Secrets in Memory 5. Secure Programming References CSC 482/582: Computer Security Slide #2
3 Robust Code Principles Paranoia Assume all input is evil. Check all function calls for errors or exceptions. Check all input to ensure it is not malformed. Assumption of Stupidity Don t assume coders or users read documentation. All functions should handle incorrect, missing, and malformed parameters. CSC 482/582: Computer Security Slide #3
4 Robust Code Principles Avoid Dangerous Implements Any data that code expects to remain consistent is a dangerous implement. Assume any data controlled by caller can change unexpectedly. Can Happen Object creation can fail due to lack of memory. Closing a file can fail when a USB drive is removed. Command line arguments can be NULL. CSC 482/582: Computer Security Slide #4
5 Assumptions Know what assumptions your code makes Assumptions that certain properties are true. Text is UTF-8 encoded text Data is properly formatted XHTML Temperature is an integer between 32 and 212. Assumptions that other properties are false. Input is never longer than X bytes Input is never zero bytes. Input is never a negative number. Then check that those assumptions are true. CSC 482/582: Computer Security Slide #5
6 Secure Code Secure Code is Robust Code that Satisfies (implicit or explicit) security properties. Implicit security properties often include Absence of well known types of vulnerabilities. Protection of CIA properties in certain states. Explicit security properties Ensure developer knows what to protect. Ensure user knows that assets are protected. CSC 482/582: Computer Security Slide #6
7 Who do you trust? Client users example: encryption key embedded in client Operating system example: dynamicly loaded libraries Calling program example: environment variables Vendor example: Borland Interbase backdoor , only discovered when program made open source CSC 482/582: Computer Security Slide #7
8 Trust is Transitive If you call another program, you are trusting the entities that it trusts. Processes you spawn run with your privileges. Did you run the program you think you did? PATH and IFS environment variables What input format does it use? Shell escapes in editors and mailers What output does it send you? CSC 482/582: Computer Security Slide #8
9 What is a Race Condition? Incorrect behavior arising from unexpected dependency on relative timing of events. Timing of events on multitasking system depends on system load. Events generally happen in the expected order. On multitasking system, processes can be interrupted between any two instructions. Private resources (memory) are protected. Shared resources (filesystem, network) can be modified by interrupting process. CSC 482/582: Computer Security Slide #9
10 Java Servlet Hit Counter // Example from BSS, pp public class Counter extends HttpServlet { int count = 0; public void doget(httpservletrequest in, HttpServletResponse out) throws ServletException, IOException { out.setcontenttype("text/plain"); Printwriter p = out.getwriter(); count++; p.println(count + " hits so far!"); } } CSC 482/582: Computer Security Slide #10
11 Analysis of Hit Counter Assumes variable count does not change between incrementing and printing. What if users A + B hit page at approximately the same time? A is first, count = 1 B is second, before println occurs, count = 2 A sees 2 hits so far B sees 2 hits so far CSC 482/582: Computer Security Slide #11
12 Window of Vulnerability Period of time when violating assumption about order of events will produce incorrect behavior. Generally <1s under ordinary conditions. What if web site is popular? What if attacker can send many requests? CSC 482/582: Computer Security Slide #12
13 Window of Vulnerability 1. Attacker can increase increase size of window by slowing down system. 2. Attacker can increase window size by controlling execution with SIGSTOP/SIGCONT. 3. Attacker can attempt exploit many times. CSC 482/582: Computer Security Slide #13
14 Window of Vulnerability You must reduce the window of vulnerability to zero for system to be secure. CSC 482/582: Computer Security Slide #14
15 Critical Sections Segment of code which may only be executed by one thread at a time. Critical Section executes atomically from viewpoint of other threads. Performance Impact Other threads must wait for thread in critical section to finish executing. Limit critical section size. CSC 482/582: Computer Security Slide #15
16 Synchronized Hit Counter // Example from BSS, p. 213 public class Counter extends HttpServlet { int count = 0; public void doget(httpservletrequest in, HttpServletResponse out) throws ServletException, IOException { int mycount; out.setcontenttype("text/plain"); Printwriter p = out.getwriter(); synchronized(this) { mycount = ++count; } p.println(mycount + " hits so far!"); } } CSC 482/582: Computer Security Slide #16
17 Time of Check, Time of Use TOCTOU Security Flaw: 1. Check security of resource. 2. Use resource. What if attacker invalidates security After security check Before use CSC 482/582: Computer Security Slide #17
18 UNIX Example int main( int argc, char *argv[] ) { if(access( argv[1], W_OK ) == 0) { fd = open( argv[1], O_WRONLY ); writefile(fd); } else { perror( Permission denied.\n ); exit(1); } } CSC 482/582: Computer Security Slide #18
19 Analysis Window of Vulnerability Time between access() and open() Exploit: rebind filename Give filename as argument: /tmp/x After access(), delete /tmp/x create link named /tmp/x pointing at root-owned file like /etc/passwd, /.rhosts Example: xterm log file race condition CSC 482/582: Computer Security Slide #19
20 ex: passwd [Bishop, 1996] passwd: allows user-specified passwd file Normal functioning 1. opens passwd file + reads user entry; closes 2. creates + opens temp file ptmp in same directory 3. opens passwd file again, then copies contents to ptmp with user changes 4. closes both passwd and ptmp files; renames ptmp to passwd CSC 482/582: Computer Security Slide #20
21 ex: passwd (cont.) Attacker Goal: rewrite /user/.rhosts contents: localhost attacker ::::: exploit: rlogin l user localhost Plan of Attack Create exploit.rhosts file in attack directory Specify passwd file to be in attack directory steps 1 + 3: directory containing passwd file is attack directory steps 2 + 4: directory containing passwd:/user CSC 482/582: Computer Security Slide #21
22 passwd attack setup mkdir attackdir echo localhost attacker ::::: > attack/.rhosts # want link to point to attackdir for step 1 ln s attackdir link # specify password file using symlink dir passwd link/.rhosts CSC 482/582: Computer Security Slide #22
23 passwd: step by step 1. passwd program opens + reads link/.rhosts actual file: attackdir/.rhosts 2. Attacker changes link to point to /user 3. passwd program creates + opens link/ptmp actual file: /user/ptmp 4. Attacker changes link to point to attackdir CSC 482/582: Computer Security Slide #23
24 passwd: step by step 1. passwd program opens link/.rhosts actual file: attackdir/.rhosts 2. passwd program copies contents to ptmp actual file: /user/ptmp 3. Attacker changes link to point to /user CSC 482/582: Computer Security Slide #24
25 passwd: step by step passwd program closes link/.rhosts + ptmp passwd program renames ptmp to link/.rhosts actual file: /user/.rhosts Password file is now target user s.rhosts We can now rlogin to their account without needing a password CSC 482/582: Computer Security Slide #25
26 UNIX File Binding UNIX provides two forms of naming pathname universal mapping of names to objects indirect: requires parent directories to identify file mapping can be changed by another process file descriptor per-process mapping of identifiers to objects direct: file descriptor points directly to object mapping cannot be changed by another process CSC 482/582: Computer Security Slide #26
27 TOCTOU Binding Flaws Occur with two sequential system calls: both refer to same object by pathname: insecure one binds file descriptor to pathname, other uses that file descriptor: secure one uses file descriptor, other uses pathname: insecure Solution: use calls that use file descriptors Problem: sometimes no alternative to pathnames CSC 482/582: Computer Security Slide #27
28 TOCTOU Binding Flaws Solution: use calls that use file descriptors fchmod() instead of chmod() fchown() instead of chown() fstat() instead of stat() Problem: sometimes no alternative to pathnames link(), unlink(), symlink() mkdir(), rmdir() CSC 482/582: Computer Security Slide #28
29 Security Impact of Error Handling Information leakage Stack traces Database errors Resource leakage Return on error without de-allocation Exceptions bypass de-allocation CSC 482/582: Computer Security Slide #29
30 Error Handling Techniques Return a neutral value: return a value that s known to be harmless, i.e. a negative number, zero, or. Substitute the next piece of data: continue reading from hardware or file until a valid record is found. Return same answer as last time: don t keep reading; instead return the last valid answer. Substitute closest legal value: if velocity has a range of , show a 0 when backing up. Log a warning message: Write a warning to a log, then continue on, perhaps using one of the other techniques. CSC 482/582: Computer Security Slide #30
31 Error Handling Techniques Terminate program: Terminate program execution. Return an error code: Report error by Setting the value of a status variable (errno) Return status as the function s return value Throw an exception Multiple techniques: Combinations of the above. CSC 482/582: Computer Security Slide #31
32 Return Codes Use function return code to indicate error. Easy to ignore. Simply ignore return code. Error handling logic is mixed with logic processing normal return codes. No universal convention for error codes. Common return code patterns. Negative values when nonnegative expected. NULL values for pointer return codes. CSC 482/582: Computer Security Slide #32
33 Example: character get functions fgetc(), getc(), getchar() read char, return int Use int to represent EOF error code. Incorrect example: return value is declared as a char char buf[bufsiz]; char c; int i = 0; while ( (c = getchar())!= '\n' && c!= EOF ) if (i < BUFSIZ-1) { buf[i++] = c; } buf[i] = '\0'; /* terminate NTBS */ Correct example char buf[bufsiz]; int c; int i = 0; while (((c = getchar())!= '\n') &&!feof(stdin) &&!ferror(stdin)) if (i < BUFSIZ-1) { buf[i++] = c; } buf[i] = '\0'; /* terminate NTBS */ CSC 482/582: Computer Security Slide #33
34 Resource Leaks Resources leak due to early returns Memory Filehandles Example char *getblock(int fd) { char *buf = (char *)malloc(1024); if (!buf) { return NULL; } if (read(fd, buf, 1024)!= 1024) { return NULL; } return buf } CSC 482/582: Computer Security Slide #34
35 Using goto for error handling Problem: need to de-allocate resources on return. Each return is different since Different resources allocated at each point. Solution: single de-allocation point Check if resource is allocated, then De-allocate if it is, and Return with appropriate error code. Why goto? Avoids deep nesting. Improves code readability. Commonly used technique in kernel. CSC 482/582: Computer Security Slide #35
36 Fixed version with goto char *getblock(int fd) { char *buf = (char *)malloc(1024); if (!buf) { goto ERROR; } if (read(fd, buf, 1024)!= 1024) { goto ERROR; } return buf; } ERROR: if (buf) { free(buf); } return NULL; CSC 482/582: Computer Security Slide #36
37 Exceptions Advantages of exceptions Cannot be ignored by not checking for errors. Separate main code from error code. Disadvantages of exceptions Difficult to avoid resource leaks, as exceptions create many implicit control flow paths. Can still ignore exceptions try { // code that can throw an exception } catch (AnException e) { // empty catch block } CSC 482/582: Computer Security Slide #37
38 Checked Exceptions Checked exceptions: Exceptions that the language requires client code to handle. C++, C#: no checked exceptions Java: exceptions that inherit from Exception Unchecked exceptions: Exceptions that can be ignored by client code. C++, C#: all exceptions are unchecked Java: exceptions that inherit from RuntimeException. CSC 482/582: Computer Security Slide #38
39 Exception Guarantees Levels of exception safety for a class. Basic Guarantee No resources are leaked. Strong Guarantee Exceptions leave state exactly as it was before the operation started. No Throw Guarantee Component will handle all exceptions itself. No Exception Safety Component may leak resources and leave object in an inconsistent unusable state. CSC 482/582: Computer Security Slide #39
40 Catch-all Exception Handlers Ensure no information leakage at top level functions. doget(), dopost(), web service entry points protected void dopost(httpservletrequest req, HttpServlet Response res) { try { /* function body */ } catch (Throwable t) { logger.error( Top-level exception caught, t); } } Do not do this in low level code. Need to deal with individual error types separately, instead of ignoring them or handling generically. CSC 482/582: Computer Security Slide #40
41 Destructor De-Allocation Resource Acquisition Is Initialization pattern Resources acquired during initialization of object, before it can be used. Resources are de-allocated by the object s destructor, which occurs even via exceptions. Example file (const char* filename) { file_ = fopen(filename, w+ ); if (!file_) throw std::runtime_error("file open failure"); } ~file() { if (f) { fclose(file_); } } CSC 482/582: Computer Security Slide #41
42 Finally A finally block is executed regardless of whether an exception is caught or not. Example Statement stmt = conn.createstatement(); try { stmt.execute(sqlstring); } finally { } if (stmt!= null ) { stmt.close(); } CSC 482/582: Computer Security Slide #42
43 Secrets in Memory Attackers can obtain secrets from memory Remote exploit: buffer overflow or fmt string Physical attack: direct media access Accidental leakage: core dumps or page files CSC 482/582: Computer Security Slide #43
44 Securing Secrets in Memory Minimize time spent holding secrets. Decrypt data just before use. Overwrite data after use. Share secrets sparingly. Do not store secrets on the client. Erase secrets securely. Explicitly overwrite memory. Prevent unnecessary duplication. CSC 482/582: Computer Security Slide #44
45 Locking Pages in Memory Prevent secrets from paging to disk. Does not prevent suspend or hibernate saving pages. Linux page locking mlock(const void *addr, size_t len) munlock(const void *addr, size_t len) Windows page locking VirtualLock(LPVOID lpaddress, SIZE_T dwsize); VirtualUnlock(LPVOID lpaddress, SIZE_T dwsize); CSC 482/582: Computer Security Slide #45
46 Erasing Secrets Securely Garbage collecting languages Impossible to ensure secrets are erased immediately. Low level languages Compiler can optimize away code that overwrites a buffer if buffer contents are not used later. Use memset_s() if compiler supports C11. Use SecureZeroMemory() in Windows. If neither function is available, use volatile pointers to prevent compiler from optimizing away memory overwrites. Some compilers may still cause problems. CSC 482/582: Computer Security Slide #46
47 Secure Programming References CERT Secure Coding Standards for C, C++, Java, Perl Microsoft Writing Secure Code Secure Programming for UNIX/Linux HOWTO SAFECode Open Web Application Security Project (OWASP) OWASP Code Review Project CSC 482/582: Computer Security Slide #47
48 Secure Programming Books CSC 482/582: Computer Security Slide #48
49 Key Points 1. Validate input from all sources. CLI args, env vars, config files, database, etc. 2. Use the strongest possible technique. 1. Indirect Selection 2. Whitelist 3. Blacklist 3. Reject bad input, don t attempt to fix it. 4. Trust is transitive. 5. Architect for validation: establish trust boundaries, wrap dangerous functions. CSC 482/582: Computer Security Slide #49
50 References 1. Brian Chess and Jacob West, Secure Programming with Static Analysis, Addison-Wesley, Steve McConnell, Code Complete, 2/e, Microsoft Press, Gary McGraw, Software Security, Addison-Wesley, PCI Security Standards Council, PCI DSS Requirements and Security Assessment Procedures, v1.2, Mark Graff and Kenneth van Wyk, Secure Coding: Principles & Practices, O Reilly, Michael Howard and David LeBlanc, Writing Secure Code, 2 nd edition, Microsoft Press, Michael Howard, David LeBlanc, and John Viega, 19 Deadly Sins of Software Security, McGraw-Hill Osborne, John Viega, and Gary McGraw, Building Secure Software, Addison- Wesley, David Wheeler, Secure Programming for UNIX and Linux HOWTO, HOWTO/index.html, CSC 482/582: Computer Security Slide #50
Secure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Race Conditions Secure Software Programming 2 Overview Parallel execution
More informationRace Conditions. A race condition occurs when an assumption needs to hold true for a period of time, but actually may not Bob and Alice example.
Race Conditions A race condition occurs when an assumption needs to hold true for a period of time, but actually may not Bob and Alice example. Java Example Import java.io.* Import java.servlet.* Import
More informationCIT 380: Securing Computer Systems
CIT 380: Securing Computer Systems Secure Programming Slide #1 Topics 1. The nature of trust 2. Input validation 3. Input entry points 4. Integer overflows 5. Format string attacks Slide #2 Trust Relationships
More informationSysSec. Aurélien Francillon
SysSec Aurélien Francillon francill@eurecom.fr https://www.krackattacks.com/ https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-ofhigh-security-keys-750k-estonian-ids/
More informationNon-atomic check and use aka TOCTOU (Time of Check, Time of Use) or race conditions. Erik Poll Digital Security group Radboud University Nijmegen
Non-atomic check and use aka TOCTOU (Time of Check, Time of Use) or race conditions Erik Poll Digital Security group Radboud University Nijmegen A classic source of (security) problems race condition aka
More informationReflections on using C(++) Root Cause Analysis
Hacking in C Reflections on using C(++) Root Cause Analysis Abstractions Complexity Assumptions Trust hic 1 There are only two kinds of programming languages: the ones people complain about and the ones
More informationFiles and Directories
Files and Directories Stat functions Given pathname, stat function returns structure of information about file fstat function obtains information about the file that is already open lstat same as stat
More informationSecure Programming Techniques
Secure Programming Techniques Meelis ROOS mroos@ut.ee Institute of Computer Science Tartu University spring 2014 Course outline Introduction General principles Code auditing C/C++ Web SQL Injection PHP
More informationOutline. Classic races: files in /tmp. Race conditions. TOCTTOU example. TOCTTOU gaps. Vulnerabilities in OS interaction
Outline CSci 5271 Introduction to Computer Security Day 3: Low-level vulnerabilities Stephen McCamant University of Minnesota, Computer Science & Engineering Race conditions Classic races: files in /tmp
More informationFile Descriptors and Piping
File Descriptors and Piping CSC209: Software Tools and Systems Programming Furkan Alaca & Paul Vrbik University of Toronto Mississauga https://mcs.utm.utoronto.ca/~209/ Week 8 Today s topics File Descriptors
More informationFiles and File Systems
File Systems 1 files: persistent, named data objects Files and File Systems data consists of a sequence of numbered bytes file may change size over time file has associated meta-data examples: owner, access
More informationCS140 Operating Systems Final December 12, 2007 OPEN BOOK, OPEN NOTES
CS140 Operating Systems Final December 12, 2007 OPEN BOOK, OPEN NOTES Your name: SUNet ID: In accordance with both the letter and the spirit of the Stanford Honor Code, I did not cheat on this exam. Furthermore,
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 15: Software Security II Department of Computer Science and Engineering University at Buffalo 1 Software Vulnerabilities Buffer overflow vulnerabilities account
More information11/3/71 SYS BREAK (II)
11/3/71 SYS BREAK (II) break -- set program break SYNOPSIS sys break; addr / break = 17. break sets the system s idea of the highest location used by the program to addr. Locations greater than addr and
More informationAdvanced System Security: Vulnerabilities
Advanced System Security: Vulnerabilities Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University CSE544 -Advanced
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationWindows architecture. user. mode. Env. subsystems. Executive. Device drivers Kernel. kernel. mode HAL. Hardware. Process B. Process C.
Structure Unix architecture users Functions of the System tools (shell, editors, compilers, ) standard library System call Standard library (printf, fork, ) OS kernel: processes, memory management, file
More informationSecure Architecture Principles
Computer Security Course. Secure Architecture Principles Slides credit: Dan Boneh What Happens if you can t drop privilege? In what example scenarios does this happen? A service loop E.g., ssh Solution?
More informationAP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS
AP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS PAUL L. BAILEY Abstract. This documents amalgamates various descriptions found on the internet, mostly from Oracle or Wikipedia. Very little of this
More informationPESIT Bangalore South Campus Hosur road, 1km before Electronic City, Bengaluru -100 Department of Information Sciences and Engineering
INTERNAL ASSESSMENT TEST 2 Solutions 1. Explain the working of the waitpid() API with the help of a program. The program needs to take 2 command line arguments: the first argument should be used as the
More informationSecure Design Principles. CSC 482/582: Computer Security Slide #1
Secure Design Principles CSC 482/582: Computer Security Slide #1 Topics Categories of Security Flaws Architecture/Design Implementation Operational Software Security: More than Just Coding Secure Design
More informationVerification & Validation of Open Source
Verification & Validation of Open Source 2011 WORKSHOP ON SPACECRAFT FLIGHT SOFTWARE Gordon Uchenick Coverity, Inc Open Source is Ubiquitous Most commercial and proprietary software systems have some open
More informationOutline. Security as an economic good. Risk budgeting with ALE. Failure: Risk compensation. Failure: Displacement activity
CSci 5271 Introduction to Computer Security Day 2: Intro to Software and OS Security Stephen McCamant University of Minnesota, Computer Science & Engineering Security as an economic good Security is a
More informationFiles and File Systems
File Systems 1 Files and File Systems files: persistent, named data objects data consists of a sequence of numbered bytes alternatively, a file may have some internal structure, e.g., a file may consist
More informationOperating System Structure
Operating System Structure CSCI 4061 Introduction to Operating Systems Applications Instructor: Abhishek Chandra Operating System Hardware 2 Questions Operating System Structure How does the OS manage
More informationSymlink attacks. Do not assume that symlinks are trustworthy: Example 1
Symlink attacks Do not assume that symlinks are trustworthy: Example 1 Application A creates a file for writing in /tmp. It assumes that since the file name is unusual, or because it encodes A's name or
More informationProcesses. Johan Montelius KTH
Processes Johan Montelius KTH 2017 1 / 47 A process What is a process?... a computation a program i.e. a sequence of operations a set of data structures a set of registers means to interact with other
More informationOutline. File Systems. File System Structure. CSCI 4061 Introduction to Operating Systems
Outline CSCI 4061 Introduction to Operating Systems Instructor: Abhishek Chandra File Systems Directories File and directory operations Inodes and metadata Links 2 File Systems An organized collection
More informationCSE 333 SECTION 3. POSIX I/O Functions
CSE 333 SECTION 3 POSIX I/O Functions Administrivia Questions (?) HW1 Due Tonight Exercise 7 due Monday (out later today) POSIX Portable Operating System Interface Family of standards specified by the
More informationSoftware and Web Security 1. Root Cause Analysis. Abstractions Assumptions Trust. sws1 1
Software and Web Security 1 Reflections on using C(++) Root Cause Analysis Abstractions Assumptions Trust sws1 1 There are only two kinds of programming languages: the ones people complain about and the
More informationFall 2017 :: CSE 306. File Systems Basics. Nima Honarmand
File Systems Basics Nima Honarmand File and inode File: user-level abstraction of storage (and other) devices Sequence of bytes inode: internal OS data structure representing a file inode stands for index
More informationA process. the stack
A process Processes Johan Montelius What is a process?... a computation KTH 2017 a program i.e. a sequence of operations a set of data structures a set of registers means to interact with other processes
More informationOther array problems. Integer overflow. Outline. Integer overflow example. Signed and unsigned
Other array problems CSci 5271 Introduction to Computer Security Day 4: Low-level attacks Stephen McCamant University of Minnesota, Computer Science & Engineering Missing/wrong bounds check One unsigned
More informationLe L c e t c ur u e e 5 To T p o i p c i s c t o o b e b e co c v o e v r e ed e Exception Handling
Course Name: Advanced Java Lecture 5 Topics to be covered Exception Handling Exception HandlingHandlingIntroduction An exception is an abnormal condition that arises in a code sequence at run time A Java
More informationSECURE PROGRAMMING TECHNIQUES. Race conditions. General terms. File access races. Network races. Multithreading. Signal handling races MEELIS ROOS 1
Race conditions General terms File access races Network races Multithreading Signal handling races MEELIS ROOS 1 General terms Race condition correctness of the program depends on timing (race with an
More information(In columns, of course.)
CPS 310 first midterm exam, 10/9/2013 Your name please: Part 1. Fun with forks (a) What is the output generated by this program? In fact the output is not uniquely defined, i.e., it is not always the same.
More informationLecture 3. Introduction to Unix Systems Programming: Unix File I/O System Calls
Lecture 3 Introduction to Unix Systems Programming: Unix File I/O System Calls 1 Unix File I/O 2 Unix System Calls System calls are low level functions the operating system makes available to applications
More informationComputer Security. Robust and secure programming in C. Marius Minea. 12 October 2017
Computer Security Robust and secure programming in C Marius Minea marius@cs.upt.ro 12 October 2017 In this lecture Write correct code minimizing risks with proper error handling avoiding security pitfalls
More informationStanford University Computer Science Department CS 295 midterm. May 14, (45 points) (30 points) total
Stanford University Computer Science Department CS 295 midterm May 14, 2008 This is an open-book exam. You have 75 minutes. Write all of your answers directly on the paper. Make your answers as concise
More informationCS 161 Computer Security
Paxson Spring 2011 CS 161 Computer Security Homework 1 Due: Wednesday, February 9, at 9:59pm Instructions. Submit your solution by Wednesday, February 9, at 9:59pm, in the drop box labelled CS161 in 283
More informationCS 3 Introduction to Software Engineering. 3: Exceptions
CS 3 Introduction to Software Engineering 3: Exceptions Questions? 2 Objectives Last Time: Procedural Abstraction This Time: Procedural Abstraction II Focus on Exceptions. Starting Next Time: Data Abstraction
More informationLecture 9 Assertions and Error Handling CS240
Lecture 9 Assertions and Error Handling CS240 The C preprocessor The C compiler performs Macro expansion and directive handling Preprocessing directive lines, including file inclusion and conditional compilation,
More informationException-Handling Overview
م.عبد الغني أبوجبل Exception Handling No matter how good a programmer you are, you cannot control everything. Things can go wrong. Very wrong. When you write a risky method, you need code to handle the
More informationLecture 20. Java Exceptional Event Handling. Dr. Martin O Connor CA166
Lecture 20 Java Exceptional Event Handling Dr. Martin O Connor CA166 www.computing.dcu.ie/~moconnor Topics What is an Exception? Exception Handler Catch or Specify Requirement Three Kinds of Exceptions
More informationCYSE 411/AIT681 Secure Software Engineering Topic #13. Secure Coding: Race Conditions
CYSE 411/AIT681 Secure Software Engineering Topic #13. Secure Coding: Race Conditions Instructor: Dr. Kun Sun 1 Secure Coding String management Pointer Subterfuge Dynamic memory management Integer security
More informationOWASP 5/07/09. The OWASP Foundation OWASP Static Analysis (SA) Track Session 1: Intro to Static Analysis
Static Analysis (SA) Track Session 1: Intro to Static Analysis Eric Dalci Cigital edalci at cigital dot com 5/07/09 Copyright The Foundation Permission is granted to copy, distribute and/or modify this
More informationVector and Free Store (Pointers and Memory Allocation)
DM560 Introduction to Programming in C++ Vector and Free Store (Pointers and Memory Allocation) Marco Chiarandini Department of Mathematics & Computer Science University of Southern Denmark [Based on slides
More informationCSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Software Vulnerabilities Professor Trent Jaeger 1 Programming Why do we write programs? Function What functions do we enable via our programs?
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 16: Building Secure Software Department of Computer Science and Engineering University at Buffalo 1 Review A large number of software vulnerabilities various
More informationExecution of Multiple flows (threads, processes, tasks, etc) If not controlled can lead to nondeterministic behavior
Race Conditions March 27, 2006 March 27, 2006 Concurrency Concurrency and Race condition Execution of Multiple flows (threads, processes, tasks, etc) If not controlled can lead to nondeterministic behavior
More informationVirtual File System. Don Porter CSE 306
Virtual File System Don Porter CSE 306 History Early OSes provided a single file system In general, system was pretty tailored to target hardware In the early 80s, people became interested in supporting
More informationDesigning Robust Classes
Designing Robust Classes Learning Goals You must be able to:! specify a robust data abstraction! implement a robust class! design robust software! use Java exceptions Specifications and Implementations
More informationCS455: Introduction to Distributed Systems [Spring 2019] Dept. Of Computer Science, Colorado State University
CS 455: INTRODUCTION TO DISTRIBUTED SYSTEMS [THREADS] The House of Heap and Stacks Stacks clean up after themselves But over deep recursions they fret The cheerful heap has nary a care Harboring memory
More informationSecure Coding in C and C++ Race conditions
Secure Coding in C and C++ Race conditions Lecture 6 Oct 1, 2014 Acknowledgement: These slides are based on author Seacord s original presentation Concurrency and Race condition Concurrency Execution of
More informationA brief introduction to C programming for Java programmers
A brief introduction to C programming for Java programmers Sven Gestegård Robertz September 2017 There are many similarities between Java and C. The syntax in Java is basically
More informationUNIX System Calls. Sys Calls versus Library Func
UNIX System Calls Entry points to the kernel Provide services to the processes One feature that cannot be changed Definitions are in C For most system calls a function with the same name exists in the
More informationCSC209: Software tools. Unix files and directories permissions utilities/commands Shell programming quoting wild cards files
CSC209 Review CSC209: Software tools Unix files and directories permissions utilities/commands Shell programming quoting wild cards files ... and systems programming C basic syntax functions arrays structs
More informationCSC209: Software tools. Unix files and directories permissions utilities/commands Shell programming quoting wild cards files. Compiler vs.
CSC209 Review CSC209: Software tools Unix files and directories permissions utilities/commands Shell programming quoting wild cards files... and systems programming C basic syntax functions arrays structs
More informationCS240: Programming in C
CS240: Programming in C Lecture 17: Processes, Pipes, and Signals Cristina Nita-Rotaru Lecture 17/ Fall 2013 1 Processes in UNIX UNIX identifies processes via a unique Process ID Each process also knows
More informationBasic OS Progamming Abstrac7ons
Basic OS Progamming Abstrac7ons Don Porter Recap We ve introduced the idea of a process as a container for a running program And we ve discussed the hardware- level mechanisms to transi7on between the
More informationCSC System Development with Java. Exception Handling. Department of Statistics and Computer Science. Budditha Hettige
CSC 308 2.0 System Development with Java Exception Handling Department of Statistics and Computer Science 1 2 Errors Errors can be categorized as several ways; Syntax Errors Logical Errors Runtime Errors
More informationOne-Slide Summary. Lecture Outline. Language Security
Language Security Or: bringing a knife to a gun fight #1 One-Slide Summary A language s design principles and features have a strong influence on the security of programs written in that language. C s
More informationAdvanced Systems Security: Symbolic Execution
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationCS 455: INTRODUCTION TO DISTRIBUTED SYSTEMS [THREADS] Frequently asked questions from the previous class survey
CS 455: INTRODUCTION TO DISTRIBUTED SYSTEMS [THREADS] Shrideep Pallickara Computer Science Colorado State University L6.1 Frequently asked questions from the previous class survey L6.2 SLIDES CREATED BY:
More informationUMSSIA LECTURE I: SOFTWARE SECURITY
UMSSIA LECTURE I: SOFTWARE SECURITY THINKING LIKE AN ADVERSARY SECURITY ASSESSMENT Confidentiality? Availability? Dependability? Security by Obscurity: a system that is only secure if the adversary doesn
More informationBasic OS Progamming Abstrac2ons
Basic OS Progamming Abstrac2ons Don Porter Recap We ve introduced the idea of a process as a container for a running program And we ve discussed the hardware- level mechanisms to transi2on between the
More informationLanguage Security. Lecture 40
Language Security Lecture 40 (from notes by G. Necula) Prof. Hilfinger CS 164 Lecture 40 1 Lecture Outline Beyond compilers Looking at other issues in programming language design and tools C Arrays Exploiting
More informationProgramming II (CS300)
1 Programming II (CS300) Chapter 04: Exception Handling MOUNA KACEM mouna@cs.wisc.edu Fall 2018 Creating Classes 2 Introduction Exception Handling Common Exceptions Exceptions with Methods Assertions and
More informationSoftware Security: Buffer Overflow Attacks
CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Attacks (continued) Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationCSC369 Lecture 2. Larry Zhang
CSC369 Lecture 2 Larry Zhang 1 Announcements Lecture slides Midterm timing issue Assignment 1 will be out soon! Start early, and ask questions. We will have bonus for groups that finish early. 2 Assignment
More informationBuffer overflow background
and heap buffer background Comp Sci 3600 Security Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Address Space and heap buffer
More informationOS COMPONENTS OVERVIEW OF UNIX FILE I/O. CS124 Operating Systems Fall , Lecture 2
OS COMPONENTS OVERVIEW OF UNIX FILE I/O CS124 Operating Systems Fall 2017-2018, Lecture 2 2 Operating System Components (1) Common components of operating systems: Users: Want to solve problems by using
More informationPointers and Memory 1
Pointers and Memory 1 Pointer values Pointer values are memory addresses Think of them as a kind of integer values The first byte of memory is 0, the next 1, and so on A pointer p can hold the address
More informationECS 153 Discussion Section. April 6, 2015
ECS 153 Discussion Section April 6, 2015 1 What We ll Cover Goal: To discuss buffer overflows in detail Stack- based buffer overflows Smashing the stack : execution from the stack ARC (or return- to- libc)
More informationCSC209 Review. Yeah! We made it!
CSC209 Review Yeah! We made it! 1 CSC209: Software tools Unix files and directories permissions utilities/commands Shell programming quoting wild cards files 2 ... and C programming... C basic syntax functions
More informationCS159. Nathan Sprague
CS159 Nathan Sprague What s wrong with the following code? 1 /* ************************************************** 2 * Return the mean, or -1 if the array has length 0. 3 ***************************************************
More informationProgramming II (CS300)
1 Programming II (CS300) Chapter 04: Exception Handling MOUNA KACEM mouna@cs.wisc.edu Spring 2018 Creating Classes 2 Introduction Exception Handling Common Exceptions Exceptions with Methods Assertions
More informationOperating Systems. Lecture 06. System Calls (Exec, Open, Read, Write) Inter-process Communication in Unix/Linux (PIPE), Use of PIPE on command line
Operating Systems Lecture 06 System Calls (Exec, Open, Read, Write) Inter-process Communication in Unix/Linux (PIPE), Use of PIPE on command line March 04, 2013 exec() Typically the exec system call is
More information5/8/2012. Creating and Changing Directories Chapter 7
Creating and Changing Directories Chapter 7 Types of files File systems concepts Using directories to create order. Managing files in directories. Using pathnames to manage files in directories. Managing
More informationOS lpr. www. nfsd gcc emacs ls 1/27/09. Process Management. CS 537 Lecture 3: Processes. Example OS in operation. Why Processes? Simplicity + Speed
Process Management CS 537 Lecture 3: Processes Michael Swift This lecture begins a series of topics on processes, threads, and synchronization Today: processes and process management what are the OS units
More informationLast Week: ! Efficiency read/write. ! The File. ! File pointer. ! File control/access. This Week: ! How to program with directories
Overview Unix System Programming Directories and File System Last Week:! Efficiency read/write! The File! File pointer! File control/access This Week:! How to program with directories! Brief introduction
More informationC and C++ Secure Coding 4-day course. Syllabus
C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course
More informationpublic class MyThread extends Thread { try { private Shared theshared; threada.join(); threadb.join();
Race Conditions Consider the following Java code int localdata = theshared.getdata(); localdata++; theshared.setdata(localdata); After executing this code what value is stored in Shared.data? public class
More informationFile Systems 1. File Systems
File Systems 1 File Systems key concepts file, directory, link, open/close, descriptor, read, write, seek, file naming, block, i-node, crash consistency, journaling reading Three Easy Pieces: Chapters
More informationFile Systems 1. File Systems
File Systems 1 File Systems key concepts file, directory, link, open/close, descriptor, read, write, seek, file naming, block, i-node, crash consistency, journaling reading Three Easy Pieces: Chapters
More informationOperating systems. Lecture 7
Operating systems. Lecture 7 Michał Goliński 2018-11-13 Introduction Recall Plan for today History of C/C++ Compiler on the command line Automating builds with make CPU protection rings system calls pointers
More informationCSI 402 Lecture 11 (Unix Discussion on Files continued) 11 1 / 19
CSI 402 Lecture 11 (Unix Discussion on Files continued) 11 1 / 19 User and Group IDs Ref: Chapter 3 of [HGS]. Each user is given an ID (integer) called uid. (Most system programs use uid instead of the
More informationA Unix Process. Joseph Cordina
1 A Unix Process We have examined the memory layout of a UNIX process before. In this section we will see more in detail about how each process executes within the UNIX environment. Each process is identified
More informationCA341 - Comparative Programming Languages
CA341 - Comparative Programming Languages David Sinclair Dynamic Data Structures Generally we do not know how much data a program will have to process. There are 2 ways to handle this: Create a fixed data
More informationC#: framework overview and in-the-small features
Chair of Software Engineering Carlo A. Furia, Marco Piccioni, Bertrand Meyer C#: framework overview and in-the-small features Chair of Software Engineering Carlo A. Furia, Marco Piccioni, Bertrand Meyer
More informationWritten by John Bell for CS 342, Spring 2018
Advanced OO Concepts Written by John Bell for CS 342, Spring 2018 Based on chapter 3 of The Object-Oriented Thought Process by Matt Weisfeld, with additional material from other sources. Constructors Constructors
More informationUnix System Programming - Chapter 2, part a
Unix System Programming - Chapter 2, part a Neal Nelson The Evergreen State College Mar 23, 2010 USP Chapter 2.1 to 2.6 Processes and Threads Program Storage and Linkage Library Function Calls Error Handling
More informationCSE 410: Systems Programming
CSE 410: Systems Programming Input and Output Ethan Blanton Department of Computer Science and Engineering University at Buffalo I/O Kernel Services We have seen some text I/O using the C Standard Library.
More informationModule: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Program Vulnerabilities Professor Trent Jaeger 1 Programming Why do we write programs? Function What functions do we enable via our programs?
More informationVirtual File System. Don Porter CSE 506
Virtual File System Don Porter CSE 506 History ò Early OSes provided a single file system ò In general, system was pretty tailored to target hardware ò In the early 80s, people became interested in supporting
More informationINTRODUCTION TO THE UNIX FILE SYSTEM 1)
INTRODUCTION TO THE UNIX FILE SYSTEM 1) 1 FILE SHARING Unix supports the sharing of open files between different processes. We'll examine the data structures used by the kernel for all I/0. Three data
More informationCSCI 171 Chapter Outlines
Contents CSCI 171 Chapter 1 Overview... 2 CSCI 171 Chapter 2 Programming Components... 3 CSCI 171 Chapter 3 (Sections 1 4) Selection Structures... 5 CSCI 171 Chapter 3 (Sections 5 & 6) Iteration Structures
More informationCYSE 411/AIT681 Secure Software Engineering Topic #10. Secure Coding: Integer Security
CYSE 411/AIT681 Secure Software Engineering Topic #10. Secure Coding: Integer Security Instructor: Dr. Kun Sun 1 This lecture: [Seacord]: Chapter 5 Readings 2 Secure Coding String management Pointer Subterfuge
More informationTwo s Complement Review. Two s Complement Review. Agenda. Agenda 6/21/2011
Two s Complement Review CS 61C: Great Ideas in Computer Architecture (Machine Structures) Introduction to C (Part I) Instructor: Michael Greenbaum http://inst.eecs.berkeley.edu/~cs61c/su11 Suppose we had
More informationFile System Interface. ICS332 Operating Systems
File System Interface ICS332 Operating Systems Files and Directories Features A file system implements the file abstraction for secondary storage It also implements the directory abstraction to organize
More information