Shellbased Wargaming
|
|
- Alisha Simon
- 5 years ago
- Views:
Transcription
1 Shellbased Wargaming Abstract Wargaming is a hands-on way to learn about computer security and common programming mistakes. This document is intended for readers new to the subject and who are interested in learning about computer security. This document is not intended to learn specific techniques, as that is the the purpose of wargaming itself. This document does not cover the basics of Unix systems nor the basics of programming. 1 Introduction Once in a while media reports about a security problem that allowed a virus to infect a system or a hacker to break in. Have you ever wondered what caused this? The problem is mostly an error made by the programmer, but how does those errors look? Wouldn t it be better if the programmers knew about those errors before they wrote the programs so they could write stable and more secure programs from the beginning? Wargames consisting of levels with programming bugs in them. The goals of the levels are to find the security bugs and exploit them. The goal of the wargame is to educate about security and how programs shouldn t be written. Skills needed to play (or needed to learn while playing) includes common sense, patience, searching in manuals, details of unix systems and commands, programming (mostly C), reverse engineering and thinking out of the box. 1
2 2 Concepts Shellbased wargaming is mostly played on a dedicated Linux server via the remote login service ssh. 2.1 Unix permissions Each file in an unix system has permissions assigned to it. $ ls -l -r-sr-x--- 1 levely levelx 6949 example -rw-r levely levelx 69 example.c -rw levely levely 20 password -rwxr-sr-x 1 root game 7383 adventure -rw-rw-r-- 1 root game 234 highscore This is a directory listing, showing their owners, groups and permissions of the files. example, example.c and password are owned by levely, but example and example.c are in the group levelx. 2.2 User ID Each process on a UNIX system has a user id and a group id, and also an effective user id and effective group id. These are commonly abbriviated to UID, GID, EUID and EGID. Some processes requires to run at higher priviledges. In the listing above, there is the game adventure and it s hiscore file. A user should not be able to edit the highscore file directly, only when running the game. adventure has an s instead of an x in the group execute permission. This means that when adventure is run, the process will run with an effective group id of game, thus allowing it to edit the highscore file. We say that adventure runs setgid, or that it is a setgid-binary 1. Similarly, the example is a setuid-binary. It will run with an effective user id of levely. 1 Binary is another word for executable, referring to the file itself 2
3 2.3 Privilege escalation The game progress in wargaming is done by privilege escalation. A program is buggy if the behaviour of the program is not well defined for all situations. A program is vulnerable if a user can control the flow of the program, making it do things it wasn t intended to do. If a user can control the flow of a program running with another effective user id, that user gets all the permissions of that user, which is a security breach. A level in a shell-based consists (most of the time) of a setuid binary with a security vulnerability. Exploiting can be done by reading a file that contains the password for the next level or, most commonly, by tricking the program to spawn a shell with the privileges of the next level. Note that it is necessary to log in as the next level to get the group id set. The group id is necessary to play the next level. 3 Examining To find a vulnerability, the inner workings of the program must be examined. Sometimes the source code is available, otherwise the binary must be examined to find out if and how it might be exploited. The process when the inner functions of a compiled program is determined is called Reverse Engineering. When you have found out what the program does, try asking yourself the question: What was this program not designed to handle? What if it is fed with a large string, a negative number or a string with strange characters in it? Does the program assume things that aren t always true? 3.1 Tools for examining binaries strings ltrace strace gdb objdump Extracts text stored in a binary file Traces library calls made by the program Traces system calls made by the program The GNU debugger Extract information from a binary 3
4 4 Exploiting When a vulnerability is found, an exploit should be written. This includes some research about the vulnerability, finding offsets and so on. 5 Example This example lacks details on the theory behind why the exploit works, the reader is encouraged to do independent research. The following program written in C demonstrates a buffer overflow. ls -l -r-sr-x--- 1 levely levelx 6949 example -rw-r levely levelx 69 example.c This level consists of a small suid binary with source code. /* example.c */ #include <stdio.h> int main() { char a[20]; gets(a); return 0; } From the gets() manual page: SECURITY CONSIDERATIONS The gets() function cannot be used securely. Because of its lack of bounds checking, and the inability for the calling program to reliably determine the length of the next incoming line, the use of this function enables malicious users to arbitrarily change a running program s functionality through a buffer overflow attack. So what happens if this program is given a string longer than 20 characters?./example AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Segmentation fault 4
5 The program crashed, because important data was overwritten. By using a debugger, it is possible to find the cause to the crash. gdb -q./example (gdb) r Starting program:./example AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Program received signal SIGSEGV, Segmentation fault. 0x in?? () (gdb) The program is crashing because it tried to execute program code at memory address 0x Why? The hexadecimal representation of A is 0x41. Note that for the processor, there is no difference between characters, integers or memory pointers. It s how the data is used that matters. In this case, the function return pointer was overwritten by a buffer overflow. It s now possible to control where in the memory the program executes code. By choosing data that points to program code that say, spawns a shell, the program will spawn a shell. For more theory behind how to exploit a buffer overflow, see Smashing the stack for fun and profit by Alef 0 First, which of all A s overwrites the return-pointer? And where are our string? (gdb) r Starting program: /tmp/example AAAAAAAAAAAAAAAAAAAABCDEFGHIJKLM Program received signal SIGSEGV, Segmentation fault. 0x in?? () (gdb) x $esp 0xbfffdd40: 0x4d4c4b4a (gdb) 5
6 6 Tips and Tricks 6.1 Manual pages As soon as there is a strange command or function that you are not sure about, strstr for example, just type man strstr in your terminal. This can not be taken to easily, there is even an acronym for it. RTFM - read the friendly manual. 6.2 Bash Sometimes an exploit needs to be submitted to standard input. As a shell closes when it detects EOF 2, the following trick might be used to continue to give input after the exploit has been fed to the program. (perl -e print "exploit" ; cat)./binary 6.3 Perl Perl is a great scripting tool when wargaming. It is possible to run small scripts directly from the shell with the -e flag. Large strings are easily produced../binary $(perl -e print "A"x10000 ) That is a lot more handy than writing./binary AAAAAAAAAAAAAAAAAAAAAAA times...AAA 6.4 gdb In gdb, exploit code can be given as an argument (gdb) r $( perl -e exploitcode ) or to standard input (gdb) r < <( perl -e exploitcode ) There is a space between the less-than signs. This is because of process substitution. More about that can be found on the internet and in the bash manual page. 2 End of file 6
7 7 List of wargame communities
Buffer Overflows. A brief Introduction to the detection and prevention of buffer overflows for intermediate programmers.
Buffer Overflows A brief Introduction to the detection and prevention of buffer overflows for intermediate programmers. By: Brian Roberts What is a buffer overflow? In languages that deal with data structures
More informationLab 2: Buffer Overflows
Department of Computer Science: Cyber Security Practice Lab 2: Buffer Overflows Introduction In this lab, you will learn how buffer overflows and other memory vulnerabilities are used to takeover vulnerable
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1 Review Previous topics access control authentication session
More informationBasic Buffer Overflows
Operating Systems Security Basic Buffer Overflows (Stack Smashing) Computer Security & OS lab. Cho, Seong-je ( 조성제 ) Fall, 2018 sjcho at dankook.ac.kr Chapter 10 Buffer Overflow 2 Contents Virtual Memory
More informationOutline. UNIX security ideas Users and groups File protection Setting temporary privileges. Examples. Permission bits Program language components
UNIX security Ulf Larson (modified by Erland Jonsson/Magnus Almgren) Computer security group Dept. of Computer Science and Engineering Chalmers University of Technology, Sweden Outline UNIX security ideas
More informationCS155: Computer Security Spring Project #1. Due: Part 1: Thursday, April pm, Part 2: Monday, April pm.
CS155: Computer Security Spring 2008 Project #1 Due: Part 1: Thursday, April 17-1159 pm, Part 2: Monday, April 21-1159 pm. Goal 1. The goal of this assignment is to gain hands-on experience with the effect
More informationCNIT 127: Exploit Development. Ch 2: Stack Overflows in Linux
CNIT 127: Exploit Development Ch 2: Stack Overflows in Linux Stack-based Buffer Overflows Most popular and best understood exploitation method Aleph One's "Smashing the Stack for Fun and Profit" (1996)
More informationHomework 1 CS 642: Information Security
Homework 1 CS 642: Information Security September 22, 2012 This homework assignment tasks you with understanding vulnerabilities in five target programs. You may (optionally) work with a partner. It is
More information20: Exploits and Containment
20: Exploits and Containment Mark Handley Andrea Bittau What is an exploit? Programs contain bugs. These bugs could have security implications (vulnerabilities) An exploit is a tool which exploits a vulnerability
More informationCS 642 Homework #4. Due Date: 11:59 p.m. on Tuesday, May 1, Warning!
CS 642 Homework #4 Due Date: 11:59 p.m. on Tuesday, May 1, 2007 Warning! In this assignment, you will construct and launch attacks against a vulnerable computer on the CS network. The network administrators
More informationCNIT 127: Exploit Development. Ch 3: Shellcode. Updated
CNIT 127: Exploit Development Ch 3: Shellcode Updated 1-30-17 Topics Protection rings Syscalls Shellcode nasm Assembler ld GNU Linker objdump to see contents of object files strace System Call Tracer Removing
More informationIntroduction. Overview and Getting Started. CS 161 Computer Security Lab 1 Buffer Overflows v.01 Due Date: September 17, 2012 by 11:59pm
Dawn Song Fall 2012 CS 161 Computer Security Lab 1 Buffer Overflows v.01 Due Date: September 17, 2012 by 11:59pm Introduction In this lab, you will get a hands-on approach to circumventing user permissions
More informationCS Programming Languages Fall Homework #2
CS 345 - Programming Languages Fall 2010 Homework #2 Due: 2pm CDT (in class), September 30, 2010 Collaboration policy This assignment can be done in teams at most two students. Any cheating (e.g., submitting
More informationOperating system security models
Operating system security models Unix security model Windows security model MEELIS ROOS 1 General Unix model Everything is a file under a virtual root diretory Files Directories Sockets Devices... Objects
More informationGeneral Pr0ken File System
General Pr0ken File System Hacking IBM s GPFS Felix Wilhelm & Florian Grunow 11/2/2015 GPFS Felix Wilhelm && Florian Grunow #2 Agenda Technology Overview Digging in the Guts of GPFS Remote View Getting
More informationbuffer overflow exploitation
buffer overflow exploitation Samuele Andreoli, Nicolò Fornari, Giuseppe Vitto May 11, 2016 University of Trento Introduction 1 introduction A Buffer Overflow is an anomaly where a program, while writing
More informationUnderstanding Software Vulnerabilities: C, Debugging Assembly, and Buffer Overflows
Understanding Software Vulnerabilities: C, Debugging Assembly, and Buffer Overflows License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike
More informationExercise 6: Buffer Overflow and return-into-libc Attacks
Technische Universität Darmstadt Fachbereich Informatik System Security Lab Prof. Dr.-Ing. Ahmad-Reza Sadeghi M.Sc. David Gens Exercise 6: Buffer Overflow and return-into-libc Attacks Course Secure, Trusted
More informationBuffer Overflow. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
Buffer Overflow Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu x86-64/linux Memory Layout Stack Runtime stack (8MB limit) Heap Dynamically allocated
More informationCMPSC 497 Buffer Overflow Vulnerabilities
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 Buffer Overflow
More informationGDB Tutorial. A Walkthrough with Examples. CMSC Spring Last modified March 22, GDB Tutorial
A Walkthrough with Examples CMSC 212 - Spring 2009 Last modified March 22, 2009 What is gdb? GNU Debugger A debugger for several languages, including C and C++ It allows you to inspect what the program
More informationBuffer Overflow. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University
Buffer Overflow Jinkyu Jeong (jinkyu@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu SSE2030: Introduction to Computer Systems, Spring 2018, Jinkyu Jeong (jinkyu@skku.edu)
More informationBuffer overflow background
and heap buffer background Comp Sci 3600 Security Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Address Space and heap buffer
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.2: OS Security Access Control Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Bogdan Carbunar (FIU)
More informationRace Condition Vulnerability Lab
Concordia Institute for Information Systems Engineering - INSE 6130 1 Race Condition Vulnerability Lab Copyright c 2006-2012 Wenliang Du, Syracuse University. The development of this document is funded
More informationCS 392/681 Lab 6 Experiencing Buffer Overflows and Format String Vulnerabilities
CS 392/681 Lab 6 Experiencing Buffer Overflows and Format String Vulnerabilities Given: November 13, 2003 Due: November 20, 2003 1 Motivation Buffer overflows and format string vulnerabilities are widespread
More informationBUFFER OVERFLOW. Jo, Heeseung
BUFFER OVERFLOW Jo, Heeseung IA-32/LINUX MEMORY LAYOUT Heap Runtime stack (8MB limit) Dynamically allocated storage When call malloc(), calloc(), new() DLLs (shared libraries) Data Text Dynamically linked
More informationBuffer Overflow. Jo, Heeseung
Buffer Overflow Jo, Heeseung IA-32/Linux Memory Layout Heap Runtime stack (8MB limit) Dynamically allocated storage When call malloc(), calloc(), new() DLLs (shared libraries) Data Text Dynamically linked
More informationBuffer Overflow. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
Buffer Overflow Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu IA-32/Linux Memory Layout Runtime stack (8MB limit) Heap Dynamically allocated storage
More informationCMSC 414 Computer and Network Security
CMSC 414 Computer and Network Security Buffer Overflows Dr. Michael Marsh August 30, 2017 Trust and Trustworthiness You read: Reflections on Trusting Trust (Ken Thompson), 1984 Smashing the Stack for Fun
More informationCase Study: Access Control. Steven M. Bellovin October 4,
Case Study: Access Control Steven M. Bellovin October 4, 2015 1 Case Studies in Access Control Joint software development Mail Steven M. Bellovin October 4, 2015 2 Situations Small team on a single machine
More informationAssignment 4 Buffer Overflows
LEIC/MEIC - IST Alameda LEIC/MEIC/MERC IST Taguspark DEASegInf Network and Computer Security 2012/2013 Assignment 4 Buffer Overflows Goal Exploit buffer overflow vulnerabilities. 1. Introduction Log in
More informationI run a Linux server, so we re secure
Silent Signal vsza@silentsignal.hu 18 September 2010 Linux from a security viewpoint we re talking about the kernel, not GNU/Linux distributions Linux from a security viewpoint we re talking about the
More information1. Allowed you to see the value of one or more variables, or 2. Indicated where you were in the execution of a program
CS0449 GDB Lab What is a debugger? A debugger is a program that helps you find logical mistakes in your programs by running them in a controlled way. Undoubtedly by this point in your programming life,
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 15: Software Security II Department of Computer Science and Engineering University at Buffalo 1 Software Vulnerabilities Buffer overflow vulnerabilities account
More informationSecurity. 1 Introduction. Alex S. 1.1 Authentication
Security Alex S. 1 Introduction Security is one of the most important topics in the IT field. Without some degree of security, we wouldn t have the Internet, e-commerce, ATM machines, emails, etc. A lot
More informationCase Studies in Access Control
Joint software development Mail 1 / 38 Situations Roles Permissions Why Enforce Access Controls? Unix Setup Windows ACL Setup Reviewer/Tester Access Medium-Size Group Basic Structure Version Control Systems
More informationECE 471 Embedded Systems Lecture 22
ECE 471 Embedded Systems Lecture 22 Vince Weaver http://www.eece.maine.edu/~vweaver vincent.weaver@maine.edu 31 October 2018 Don t forget HW#7 Announcements 1 Computer Security and why it matters for embedded
More informationCSE 374 Programming Concepts & Tools. Brandon Myers Winter 2015 Lecture 11 gdb and Debugging (Thanks to Hal Perkins)
CSE 374 Programming Concepts & Tools Brandon Myers Winter 2015 Lecture 11 gdb and Debugging (Thanks to Hal Perkins) Hacker tool of the week (tags) Problem: I want to find the definition of a function or
More informationENEE 757 Buffer Overflow Homework
Buffer Overflow Homework Copyright 2006-2014 Wenliang Du, Syracuse University. The development of this document is/was funded by three grants from the US National Science Foundation: Awards No. 0231122
More informationSecure Architecture Principles
Computer Security Course. Secure Architecture Principles Slides credit: John Mitchell Basic idea: Isolation A Seaman's Pocket-Book, 1943 (public domain) http://staff.imsa.edu/~esmith/treasurefleet/treasurefleet/watertight_compartments.htm
More informationComputer Science 2500 Computer Organization Rensselaer Polytechnic Institute Spring Topic Notes: C and Unix Overview
Computer Science 2500 Computer Organization Rensselaer Polytechnic Institute Spring 2009 Topic Notes: C and Unix Overview This course is about computer organization, but since most of our programming is
More informationProcesses are subjects.
Identification and Authentication Access Control Other security related things: Devices, mounting filesystems Search path Race conditions NOTE: filenames may differ between OS/distributions Principals
More informationcs642 /operating system security computer security adam everspaugh
cs642 computer security /operating system security adam everspaugh ace@cs.wisc.edu principles Principles of Secure Designs Compartmentalization / Isolation / Least privilege Defense-in-depth / Use more
More informationISA564 SECURITY LAB. Code Injection Attacks
ISA564 SECURITY LAB Code Injection Attacks Outline Anatomy of Code-Injection Attacks Lab 3: Buffer Overflow Anatomy of Code-Injection Attacks Background About 60% of CERT/CC advisories deal with unauthorized
More informationCS354 gdb Tutorial Written by Chris Feilbach
CS354 gdb Tutorial Written by Chris Feilbach Purpose This tutorial aims to show you the basics of using gdb to debug C programs. gdb is the GNU debugger, and is provided on systems that
More informationECS 153 Discussion Section. April 6, 2015
ECS 153 Discussion Section April 6, 2015 1 What We ll Cover Goal: To discuss buffer overflows in detail Stack- based buffer overflows Smashing the stack : execution from the stack ARC (or return- to- libc)
More informationCIS Operating Systems File Systems Security. Professor Qiang Zeng Fall 2017
CIS 5512 - Operating Systems File Systems Security Professor Qiang Zeng Fall 2017 Previous class File and directory Hard link and soft link Mount Layered structure File system design Naïve: linked list
More informationSecure Programming I. Steven M. Bellovin September 28,
Secure Programming I Steven M. Bellovin September 28, 2014 1 If our software is buggy, what does that say about its security? Robert H. Morris Steven M. Bellovin September 28, 2014 2 The Heart of the Problem
More information1.1 For Fun and Profit. 1.2 Common Techniques. My Preferred Techniques
1 Bug Hunting Bug hunting is the process of finding bugs in software or hardware. In this book, however, the term bug hunting will be used specifically to describe the process of finding security-critical
More informationmalloc() is often used to allocate chunk of memory dynamically from the heap region. Each chunk contains a header and free space (the buffer in which
Heap Overflow malloc() is often used to allocate chunk of memory dynamically from the heap region. Each chunk contains a header and free space (the buffer in which data are placed). The header contains
More informationReserve Engineering & Buffer Overflow Attacks. Tom Chothia Computer Security, Lecture 17
Reserve Engineering & Buffer Overflow Attacks Tom Chothia Computer Security, Lecture 17 Introduction A simplified, high-level view of buffer overflow attacks. x86 architecture overflows on the stack Some
More informationISA 564, Laboratory I: Buffer Overflows
ISA 564, Laboratory I: Buffer Overflows Lab Submission Instructions To complete the lab, you need to submit the compressed files (either tar or zip) using the GMU Blackboard system. Please make sure that
More informationBuffer Overflow Vulnerability
Buffer Overflow Vulnerability 1 Buffer Overflow Vulnerability Copyright c 2006 2014 Wenliang Du, Syracuse University. The development of this document is/was funded by three grants from the US National
More informationMemory Corruption 101 From Primitives to Exploit
Memory Corruption 101 From Primitives to Exploit Created by Nick Walker @ MWR Infosecurity / @tel0seh What is it? A result of Undefined Behaviour Undefined Behaviour A result of executing computer code
More informationStack Overflow. Faculty Workshop on Cyber Security May 23, 2012
Stack Overflow Faculty Workshop on Cyber Security May 23, 2012 Goals Learn to hack into computer systems using buffer overflow Steal sensitive data Crash computer programs Lay waste to systems throughout
More informationIntro to Segmentation Fault Handling in Linux. By Khanh Ngo-Duy
Intro to Segmentation Fault Handling in Linux By Khanh Ngo-Duy Khanhnd@elarion.com Seminar What is Segmentation Fault (Segfault) Examples and Screenshots Tips to get Segfault information What is Segmentation
More informationSecure Architecture Principles
Computer Security Course. Secure Architecture Principles Slides credit: Dan Boneh What Happens if you can t drop privilege? In what example scenarios does this happen? A service loop E.g., ssh Solution?
More informationHW 8 CS681 & CS392 Computer Security Understanding and Experimenting with Memory Corruption Vulnerabilities DUE 12/18/2005
HW 8 CS681 & CS392 Computer Security Understanding and Experimenting with Memory Corruption Vulnerabilities 1 Motivation DUE 12/18/2005 Memory corruption vulnerabilities to change program execution flow
More informationLaboratory 1 Semester 1 11/12
CS2106 National University of Singapore School of Computing Laboratory 1 Semester 1 11/12 MATRICULATION NUMBER: In this lab exercise, you will get familiarize with some basic UNIX commands, editing and
More informationProgramming Tips for CS758/858
Programming Tips for CS758/858 January 28, 2016 1 Introduction The programming assignments for CS758/858 will all be done in C. If you are not very familiar with the C programming language we recommend
More informationCS4264 Programming Assignment 1 Buffer Overflow Vulnerability Due 02/21/2018 at 5:00 PM EST Submit through CANVAS
Laboratory for Computer Security Education 1 CS4264 Programming Assignment 1 Buffer Overflow Vulnerability Due 02/21/2018 at 5:00 PM EST Submit through CANVAS Copyright c Wenliang Du, Syracuse University.
More informationCSci 4061 Introduction to Operating Systems. Programs in C/Unix
CSci 4061 Introduction to Operating Systems Programs in C/Unix Today Basic C programming Follow on to recitation Structure of a C program A C program consists of a collection of C functions, structs, arrays,
More informationLecture 9: Buffer Overflow* CS 392/6813: Computer Security Fall Nitesh Saxena
Lecture 9: Buffer Overflow* CS 392/6813: Computer Security Fall 2007 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit) and Stanislav Nurilov Course Admin
More informationBasic Linux Security. Roman Bohuk University of Virginia
Basic Linux Security Roman Bohuk University of Virginia What is Linux? An open source operating system Project started by Linus Torvalds kernel Kernel: core program that controls everything else (controls
More informationOS security mechanisms:
OS security mechanisms: Memory Protection: One of the important aspects of Operating system security is Memory Protection. Memory provides powerful indirect way for an attacker to circumvent security mechanism,
More informationBuffer Overflows Defending against arbitrary code insertion and execution
www.harmonysecurity.com info@harmonysecurity.com Buffer Overflows Defending against arbitrary code insertion and execution By Stephen Fewer Contents 1 Introduction 2 1.1 Where does the problem lie? 2 1.1.1
More informationHardware. Ahmet Burak Can Hacettepe University. Operating system. Applications programs. Users
Operating System Security Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr Computer System Components Hardware Provides basic computing resources (CPU, memory, I/O devices). Operating system Controls
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationBuffer-Overflow Attacks on the Stack
Computer Systems Buffer-Overflow Attacks on the Stack Introduction A buffer overflow occurs when a program, while writing data to a buffer, overruns the buffer's boundary and overwrites memory in adjacent
More informationIntroduction to Computer Systems , fall th Lecture, Sep. 28 th
Introduction to Computer Systems 15 213, fall 2009 9 th Lecture, Sep. 28 th Instructors: Majd Sakr and Khaled Harras Last Time: Structures struct rec { int i; int a[3]; int *p; }; Memory Layout i a p 0
More informationCS155: Computer Security Spring Project #1
CS155: Computer Security Spring 2018 Project #1 Due: Part 1: Thursday, April 12-11:59pm, Parts 2 and 3: Thursday, April 19-11:59pm. The goal of this assignment is to gain hands-on experience finding vulnerabilities
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationUnix Basics. UNIX Introduction. Lecture 14
Unix Basics Lecture 14 UNIX Introduction The UNIX operating system is made up of three parts; the kernel, the shell and the programs. The kernel of UNIX is the hub of the operating system: it allocates
More informationOperating System Security
Operating System Security Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr 1 Computer System Components Hardware Provides basic computing resources (CPU, memory, I/O devices). Operating system
More informationSecure Architecture Principles
Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Original slides were created by Prof. John Mitchel 1 Secure
More informationDEBUGGING ON FERMI PREPARING A DEBUGGABLE APPLICATION GDB. GDB on front-end nodes
DEBUGGING ON FERMI Debugging your application on a system based on a BG/Q architecture like FERMI could be an hard task due to the following problems: the core files generated by a crashing job on FERMI
More informationUnix and C Program Development SEEM
Unix and C Program Development SEEM 3460 1 Operating Systems A computer system cannot function without an operating system (OS). There are many different operating systems available for PCs, minicomputers,
More informationWhy are your linux files secure?
Security Page 1 Why are your linux files secure? Thursday, November 29, 2012 10:48 AM Why are your linux files secure? Part 1: the concept of identity. user, group,... Part 2: the concept of protection.
More informationCS/COE 0449 term 2174 Lab 5: gdb
CS/COE 0449 term 2174 Lab 5: gdb What is a debugger? A debugger is a program that helps you find logical mistakes in your programs by running them in a controlled way. Undoubtedly by this point in your
More informationSecurity and Privacy in Computer Systems. Lecture 5: Application Program Security
CS 645 Security and Privacy in Computer Systems Lecture 5: Application Program Security Buffer overflow exploits More effective buffer overflow attacks Preventing buffer overflow attacks Announcement Project
More informationExercise Session 6 Computer Architecture and Systems Programming
Systems Group Department of Computer Science ETH Zürich Exercise Session 6 Computer Architecture and Systems Programming Herbstsemester 2016 Agenda GDB Outlook on assignment 6 GDB The GNU Debugger 3 Debugging..
More informationCS 361S - Network Security and Privacy Spring Project #2
CS 361S - Network Security and Privacy Spring 2014 Project #2 Part 1 due: 11am CDT, March 25, 2014 Part 2 due: 11am CDT, April 3, 2014 Submission instructions Follow the submission instructions in the
More informationLab 03 - x86-64: atoi
CSCI0330 Intro Computer Systems Doeppner Lab 03 - x86-64: atoi Due: October 1, 2017 at 4pm 1 Introduction 1 2 Assignment 1 2.1 Algorithm 2 3 Assembling and Testing 3 3.1 A Text Editor, Makefile, and gdb
More informationOperating Systems Linux 1-2 Measurements Background material
Operating Systems Linux 1-2 Measurements Background material Introduction The Linux measurements were designed to allow you to have an impression about the administration of Linux severs along with providing
More informationBuffer Overflow Vulnerability Lab Due: September 06, 2018, Thursday (Noon) Submit your lab report through to
CPSC 8810 Fall 2018 Lab 1 1 Buffer Overflow Vulnerability Lab Due: September 06, 2018, Thursday (Noon) Submit your lab report through email to lcheng2@clemson.edu Copyright c 2006-2014 Wenliang Du, Syracuse
More informationData Security and Privacy. Unix Discretionary Access Control
Data Security and Privacy Unix Discretionary Access Control 1 Readings for This Lecture Wikipedia Filesystem Permissions Other readings UNIX File and Directory Permissions and Modes http://www.hccfl.edu/pollock/aunix1/filepermissions.htm
More informationEDURange Student s Manual. September 14, 2015
EDURange Student s Manual September 14, 2015 A Introduction This document will be updated as changes are made. EDURange is both a collection of interactive, collaborative cybersecurity exercises and a
More informationWeek 5, continued. This is CS50. Harvard University. Fall Cheng Gong
This is CS50. Harvard University. Fall 2014. Cheng Gong Table of Contents News... 1 Buffer Overflow... 1 Malloc... 6 Linked Lists... 7 Searching... 13 Inserting... 16 Removing... 19 News Good news everyone!
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I Solutions
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.893 Fall 2009 Quiz I Solutions All problems are open-ended questions. In order to receive credit you must
More informationBuffer Overflow & Format Strings
& Seminar on Computer Security Threats and Counter Measures Dominik Zindel 19.01.2007 Content 1 Technical Basics 2 3 4 Discussion References Goals Technical Basics Common goal of attacks using a buffer
More informationFiles (review) and Regular Expressions. Todd Kelley CST8207 Todd Kelley 1
Files (review) and Regular Expressions Todd Kelley kelleyt@algonquincollege.com CST8207 Todd Kelley 1 midterms (Feb 11 and April 1) Files and Permissions Regular Expressions 2 Sobel, Chapter 6 160_pathnames.html
More information412 Notes: Filesystem
412 Notes: Filesystem A. Udaya Shankar shankar@cs.umd.edu December 5, 2012 Contents 1 Filesystem interface 2 2 Filesystem implementation 3 3 FAT (mostly from Wikepedia) 5 4 UFS (mostly from Wikepedia)
More informationBuffer Overflow Defenses
Buffer Overflow Defenses Some examples, pros, and cons of various defenses against buffer overflows. Caveats: 1. Not intended to be a complete list of products that defend against buffer overflows. 2.
More informationAdvanced Buffer Overflow
Pattern Recognition and Applications Lab Advanced Buffer Overflow Ing. Davide Maiorca, Ph.D. davide.maiorca@diee.unica.it Computer Security A.Y. 2016/2017 Department of Electrical and Electronic Engineering
More informationTECH 4272 Operating Systems
TECH 4272 Lecture 3 2 Todd S. Canaday Adjunct Professor Herff College of Engineering sudo sudo is a program for Unix like computer operating systems that allows users to run programs with the security
More informationOperating systems fundamentals - B10
Operating systems fundamentals - B10 David Kendall Northumbria University David Kendall (Northumbria University) Operating systems fundamentals - B10 1 / 12 Introduction Basics of protection and security
More informationProcesses are subjects.
Identification and Authentication Access Control Other security related things: Devices, mounting filesystems Search path TCP wrappers Race conditions NOTE: filenames may differ between OS/distributions
More informationCSc 466/566. Computer Security. 20 : Operating Systems Application Security
1/68 CSc 466/566 Computer Security 20 : Operating Systems Application Security Version: 2014/11/20 13:07:28 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2014 Christian
More informationLecture 4 September Required reading materials for this class
EECS 261: Computer Security Fall 2007 Lecture 4 September 6 Lecturer: David Wagner Scribe: DK Moon 4.1 Required reading materials for this class Beyond Stack Smashing: Recent Advances in Exploiting Buffer
More information