Hugbúnaðarverkefni 2 - Static Analysis
|
|
- Candice French
- 5 years ago
- Views:
Transcription
1 vulnerability/veila buffer overflow/yfirflæði biðminnis Server down? Again! Hugbúnaðarverkefni 2 - Static Analysis Fyrirlestrar 15 & 16 Buffer overflow vulnerabilities safe? safe? C code 11/02/2008 Dr Andy Brooks 1
2 Case Study Dæmisaga Reference Testing Static Analysis Tools using Exploitable Buffer Overflows from Open Source Code, Mish Zitser et al, SIGSOFT 04/FSE-12 pp , ACM 11/02/2008 Dr Andy Brooks 2
3 worm/snákur denial of service/miðlunarsynjun 1. Introduction Worms on the internet exploit buffer overflow vulnerabilities in server software. Arbitrary code can be run on the victim s server. Server software can be made to crash resulting in a denial of service (DoS). About 1/3 of all severe remotely exploitable vulnerabilities are buffer overflow vulnerabilities. 11/02/2008 Dr Andy Brooks 3
4 patch/bót, bútur af kóta 1. Introduction Figure 1. Cumulative buffer overflow vulnerabilities found in BIND, WU-TFPD, and Sendmail server software. 24 As soon as a patch is released, another source of vulnerability is revealed... 11/02/2008 Dr Andy Brooks 4
5 legacy software/fornbúnaður space complexity/rýmisflækjustig time complexity/tímaflækjustig 1. Introduction Static analysis is the only approach that eliminates both buffer overflows and their effects and that can be applied to the vast amounts of open-source legacy C code in widely-used open-source software. C was designed with space and performance in mind, not safety. Direct pointer manipulations can be made without any bounds checking. Many security-critical programs have been written in C. 11/02/2008 Dr Andy Brooks 5
6 performance/frammistaða overhead/umstang stack/stafli 1. Introduction Dynamic approaches that detect buffer overflows at run-time... turn into DoS attacks because a program halts in order to prevent a buffer overflow. StackGuard places a special value ( canary ) on the stack next to the return address and checks this value has not been changed before jumping. Performance overheads have been measured up to 40%. 11/02/2008 Dr Andy Brooks 6
7 1. Introduction The goals of the study The efficiency (false positives) and effectiveness (true positives) of static analysis detection of buffer overflows is not well known. The authors used a known collection of 14 remotelyexploitable buffer overflows from open-source server software. The first goal was to determine how well several static analysis tools detected these overflow vulnerabilities. A second goal was to characterize the buffer overflows. A third goal was provide a collection of examples of buffer overflows to help in the development of static analysis tools. 11/02/2008 Dr Andy Brooks 7
8 lexical analysis/lesgreining RATS and ITS4 RATS and ITS4 are simple lexical analysis tools which suffer from high false positive rates. They were excluded from the study. 11/02/2008 Dr Andy Brooks 8
9 syntax/málskipan call graph/kallrit function/aðgerð pointer/bendir loop/lykkja ARCHER (ARRay CHeckER) 2. Static Analysis Tools Inter-procedural Abstract syntax trees Approximate call graph Function pointers (C, C++) are not modelled Heuristics used to reduce false positives Heuristics used to analyse loops ARCHER has been used previously to analyse 2.6 million lines of open-source code and reported 215 warnings of which 160 were true security violations. 11/02/2008 Dr Andy Brooks 9
10 f f2 f3 f4 f5 11/02/2008 Dr Andy Brooks 10
11 2. Static Analysis Tools BOON (Buffer Overrun detection) Models string buffer manipulation only. Strings are modelled by a pair of integers: number of bytes allocated number of bytes used An integer range constraint is created for every use of a string function across a program. Control flow and statement order is ignored. The analysis is limited. BOON has been used previously to analyse Sendmail and reported 44 warnings of which only 4 were actual buffer overflows. 11/02/2008 Dr Andy Brooks 11
12 2. Static Analysis Tools Polyspace C Verifier Commercial tool based on abstract interpretation Polyspace C Verifier has been used previously to analyse Mars Exploration Rover (MER) software. Software had to be broken manually into 20-40K lines of code blocks. The tool did not scale to industrially-sized systems. MER software mainly suffered from access to uninitialized variables. A 30K block involved typically 5000 operation checks. One interesting defect was a function which returned the address of a local variable. False alarm rate (unverified) was between 10% and 20% of operation checks. 11/02/2008 Dr Andy Brooks 12
13 2. Static Analysis Tools SPLINT (Secure Programming Lint) SPLINT extends LCLINT to detect buffer overflows and other security violations. Several light weight static analysis techniques. Inter-procedural analysis possible with the aid of source annotations. Heuristics are used to model control flow and common loop constructs. SPLINT has been used previously to analyse WU-FTP source code (without annotations) and reported 166 warnings of which 25 were real. 11/02/2008 Dr Andy Brooks 13
14 LCLint -> SPLINT Early versions of LCLint assumed loops went round zero or one times. Not a useful simplification for buffer overflow analyses. To know if buf[i] is a possible buffer overlow, the range of values i can take must be known. SPLINT exploits the fact programmers write loops using certain code idioms or patterns (like FindBugs). 11/02/2008 Dr Andy Brooks 14
15 SPLINT loop heuristic for (index = 0; expr; index++) body Typically expr and body do not modify index, and if body does not contain a break, the number of iterations can be determined from expr. But variables in the body could alter index... 11/02/2008 Dr Andy Brooks 15
16 UNO Uninitialized variables, dereferencing Nullpointers, Out-of-bound array indexing. UNO makes use of a public domain compiler extension ctree to generate a parse tree for each procedure. The analysis is not inter-procedural. Control flow graphs analyzed by a model checker. UNO previously found no array indexing errors in two open-source software applications but reported 58 warnings about variables declared but not initialized or used, of which only 5 were false positives. 11/02/2008 Dr Andy Brooks 16
17 retrospective analysis/afturvirk greining 3. Open Source Test Cases BIND, most popular DNS server WU-FTPD, a popular FTP dæmon Sendmail, a mail transfer agent 14 severe buffer overflow vulnerabilities were selected for a retrospective analysis. Could the static analysis tools have detected these vulnerabilities? 11/02/2008 Dr Andy Brooks 17
18 Problems with scale Splint could not analyze all of Sendmail 146K LOC ARCHER terminated with a division-by-zero exception during analysis of Sendmail. PolySpace ran for four days on Sendmail before a fatal internal error occurred. The solution to these problems was to create smaller model programs ( lines) which incorporated the vulnerabilities. 11/02/2008 Dr Andy Brooks 18
19 Smaller model programs ( lines) Every attempt was made to preserve the general structure and complexity of the vulnerable code when creating these models. If a buffer was declared in one function and overflowed in another, or if it was accessed via some complicated loops and conditionals, then the model did so as well. It took between 5-7 hours to construct each smaller model program. Inputs were arranged which demonstrated buffer overflow on the smaller model programs. 11/02/2008 Dr Andy Brooks 19
20 BAD and OK versions Two versions of the smaller model programs were created. The BAD version contained one or more buffer vulnerabilities. The OK version was fixed according to the patch file distributed by the code maintainers. Though it cannot be certain the OK versions were free of vulnerabilities. 11/02/2008 Dr Andy Brooks 20
21 Table 2 of 14 Vulnerabilities Simple name Reason BIND-1 Size argument of memcpy (copy memory block) not checked BIND-2 Negative arg to memcpy underflows to large positive int BIND-3 Size argument of memcpy not checked BIND-4 Use of sprintf() without proper bounds checking SM-1, crackaddr Upper bound increment for a > char but not decrement for < SM-2 gecos field copied into fixed-size buffer without size check SM-3 Pointer to buffer not reset to beginning after line read SM-4 Typo prevents a size check from being performed SM-5, prescan Input byte set to 0xff cast to minus one error code SM-6, ttflag Negative index passes size check but causes underflow SM-7 Size for strncpy read from packet header but not checked FTP-1 Several strcpy calls without bounds check FTP-2 Wrong size check inside if > should really be >= FTP-3 Several unchecked strcpy and strcat calls 11/02/
22 memcpy copy memory block of n bytes sprintf() output printed to a buffer strncpy string copy up to n bytes strcpy string copy strcat string append from Wikipedia strcpy can be dangerous because if the string to be copied is too long to fit in the destination buffer, it will overwrite adjacent memory, causing unpredictable behavior. Usually the program will simply cause a segmentation fault when this occurs, but a skilled attacker can use such a buffer overflow to crack into a system (see computer security ). 11/02/2008 Dr Andy Brooks 22
23 Buffer overflow characteristics In each of the 14 smaller model programs, there were often repeated buffer overflows of the same buffer with similar characteristics. For identical buffer overflows, the characteristics were counted only once and not separately. 11/02/2008 Dr Andy Brooks 23
24 Table 3 Buffer overflow characteristics Characteristic Out-of-bounds Type Location Scope Container Index or limit Access Buffer alias Control flow Surrounding loops Input taint Observed values 93% upper, 7% lower 64% character arrays, 36% u_char arrays 73% stack, 16% bss, 7% heap, 4% data 43% inter-procedural, 52% same function (intra-procedural), 5% global buffer 93% none, 7% union 64% none, 22% variable, 7% linear exp., 7% buffer contents 56% C function (memcpy,strcpy), 26% pointer, 11% index, 7% double de-reference 52% alias, 34% no alias, 14% alias of an alias 29% none, 49% if statement, 22% switch 46% none, 42% while, 5% for, 7% nested 64% internet packets, 22% directory functions (e.g. getcwd), 7% file inputs, 7% argc/arg (CLI arguments) 11/02/2008 Dr Andy Brooks 24
25 Access Many (56%) of the buffer overflows are caused by incorrect use of a string manipulation function (e.g. strcpy, memcpy), and the rest are caused by direct accesses using pointers or an index. Alternative, safer versions of string manipulation functions came into being... 11/02/2008 Dr Andy Brooks 25
26 5. Test Procedures Source code annotations were not used. Flags were set based on advice in the documentation and from tool developers. Use high, medium, low settings? The 5 static analysis tools were run on 14 pairs of BAD and OK smaller model programs. Each BAD progam had one or more lines that could overflow a buffer. The OK program employed the developers patch. This sometimes resulted in a different number of BAD and OK lines. 11/02/2008 Dr Andy Brooks 26
27 5. Test Procedures Some of the tools provided a line number for each warning and this was used to count detections and false alarms. Otherwise the name and other buffer information was used. Only warnings for lines labeled BAD or OK were counted as detections or false alarms BAD OK /02/2008 Dr Andy Brooks 27
28 confused/ráðvilltur 6. Results C(d) Number of times a tool detected a line labelled BAD on the model program (true positives). C(f) Number of times a tool detected a line labelled OK on the model program (false positives). C(df) Number of times a tool was confused a true positive paired with a false positive on the patched code. T(d) Total number of true positives possible for a model program. T(f) Total number of false positives possible for a model program. 11/02/2008 Dr Andy Brooks 28
29 probability is the same as relative frequency líkindi er sama sem hlutfallslegtíðni 6. Results P(A) = 1 P(A) P(d) = C(d)/T(d) Probability of true positive. P(f) = C(f)/T(f) Probability of false positive. P( f d) = 1 C(df)/C(d) Probability of discrimination Probability of no confusion on OK code given a detection on BAD code. 11/02/2008 Dr Andy Brooks 29
30 Table 4 Detection and false positive rates Tool P(d) P(f) P( f d) PolySpace 0,87 0,5 0,37 Splint 0,57 0,43 0,30 Boon 0,05 0,05 - Archer 0, Uno /02/2008 Dr Andy Brooks 30
31 Receiver Operating Characteristic Figure 4. ROC-type plot Where you want to be: 11/02/2008 Dr Andy Brooks 31
32 Figure 4. ROC-type plot The diagonal line is the random guess line. Only PolySpace and Splint have points above the line. The error bars are... plus or minus two standard deviations for random guessing systems with false alarm rates equal to those observed for Splint and PolySpace. Only PolySpace is statistically significantly different from a random guessing system. 11/02/2008 Dr Andy Brooks 32
33 6. Results PolySpace and Splint had good detection rates for buffer overflows. Three tools had very poor detection rates for buffer overflows. False positive rates are however high for PolySpace and Splint. Discrimination probabilities P( f d) ideally should be 1, but are less than 0,4 for PolySpace and Splint. This means that more than half the time, these tools continue to signal a buffer overflow after it has been patched. 11/02/2008 Dr Andy Brooks 33
34 6. Results More than half the time, PolySpace and Splint would continue to warn of a buffer overflow after it has been patched. Continuing to generate false positives this way greatly undermines the useability of these two tools. PolySpace and Splint also produced many warnings for the OK model programs not associated with lines marked OK. PolySpace produced one warning every 12 lines of code and Splint produced one warning every 46 lines of code. Warning rates are unacceptably high 11/02/2008 Dr Andy Brooks 34
35 7. Discussion The results are promising because some static analysis tools would have detected in-the-wild buffer overflows. They are disappointing because false alarm rates are high and discrimination poor. 11/02/2008 Dr Andy Brooks 35
36 7. Discussion The results should not be generalised to other software. The false positive rates were not verified. Some false positives seemed genuine. the OK models were too complicated to warrant against out-of bounds accesses by inspection I just cannot be sure this code is OK... 11/02/2008 Dr Andy Brooks 36
The Importance of Benchmarks for Tools that Find or Prevent Buffer Overflows
The Importance of Benchmarks for Tools that Find or Prevent Buffer Overflows Richard Lippmann, Michael Zhivich Kendra Kratkiewicz, Tim Leek, Graham Baker, Robert Cunningham lippmann@ll.mit.edu To be presented
More informationCNIT 127: Exploit Development. Ch 18: Source Code Auditing. Updated
CNIT 127: Exploit Development Ch 18: Source Code Auditing Updated 4-10-17 Why Audit Source Code? Best way to discover vulnerabilities Can be done with just source code and grep Specialized tools make it
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 2
CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 2 Announcements First project is on the web Due: Feb. 1st at midnight Form groups of 2 or 3 people If you need help finding a group,
More informationOne-Slide Summary. Lecture Outline. Language Security
Language Security Or: bringing a knife to a gun fight #1 One-Slide Summary A language s design principles and features have a strong influence on the security of programs written in that language. C s
More informationStatically Detecting Likely Buffer Overflow Vulnerabilities
Overflow Vulnerabilities The Harvard community has made this article openly available. Please share how this access benefits you. Your story matters. Citation Published Version Accessed Citable Link Terms
More informationBuffer overflow background
and heap buffer background Comp Sci 3600 Security Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Address Space and heap buffer
More informationSecure Programming. An introduction to Splint. Informatics and Mathematical Modelling Technical University of Denmark E
Secure Programming An introduction to Splint Christian D. Jensen René Rydhof Hansen Informatics and Mathematical Modelling Technical University of Denmark E05-02230 CDJ/RRH (IMM/DTU) Secure Programming
More informationBuffer Overflow Defenses
Buffer Overflow Defenses Some examples, pros, and cons of various defenses against buffer overflows. Caveats: 1. Not intended to be a complete list of products that defend against buffer overflows. 2.
More informationBuffer Overflows Defending against arbitrary code insertion and execution
www.harmonysecurity.com info@harmonysecurity.com Buffer Overflows Defending against arbitrary code insertion and execution By Stephen Fewer Contents 1 Introduction 2 1.1 Where does the problem lie? 2 1.1.1
More informationLecture 4 September Required reading materials for this class
EECS 261: Computer Security Fall 2007 Lecture 4 September 6 Lecturer: David Wagner Scribe: DK Moon 4.1 Required reading materials for this class Beyond Stack Smashing: Recent Advances in Exploiting Buffer
More informationSecure Programming I. Steven M. Bellovin September 28,
Secure Programming I Steven M. Bellovin September 28, 2014 1 If our software is buggy, what does that say about its security? Robert H. Morris Steven M. Bellovin September 28, 2014 2 The Heart of the Problem
More informationECS 153 Discussion Section. April 6, 2015
ECS 153 Discussion Section April 6, 2015 1 What We ll Cover Goal: To discuss buffer overflows in detail Stack- based buffer overflows Smashing the stack : execution from the stack ARC (or return- to- libc)
More informationSimple Overflow. #include <stdio.h> int main(void){ unsigned int num = 0xffffffff;
Simple Overflow 1 #include int main(void){ unsigned int num = 0xffffffff; printf("num is %d bits long\n", sizeof(num) * 8); printf("num = 0x%x\n", num); printf("num + 1 = 0x%x\n", num + 1); }
More informationBuffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Review
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka September 24, 2011. 1 Introduction to the topic
More informationSoftware Security II: Memory Errors - Attacks & Defenses
1 Software Security II: Memory Errors - Attacks & Defenses Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab1 Writeup 3 Buffer overflow Out-of-bound memory writes (mostly sequential) Allow
More informationStatically Detecting Likely Buffer Overflow Vulnerabilities
Statically Detecting Likely Buffer Overflow Vulnerabilities David Larochelle and David Evans USENIX'01 David Larochelle and David Evans IEEE Software Jan/Feb 2002 Presented by Adam Polyak 30.03.2014 Outline
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #20 Nov 4 th 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Quiz #3 Today Need to know what big-endian is Remind me to mention it if I
More informationLanguage Security. Lecture 40
Language Security Lecture 40 (from notes by G. Necula) Prof. Hilfinger CS 164 Lecture 40 1 Lecture Outline Beyond compilers Looking at other issues in programming language design and tools C Arrays Exploiting
More informationCNIT 127: Exploit Development. Ch 1: Before you begin. Updated
CNIT 127: Exploit Development Ch 1: Before you begin Updated 1-14-16 Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend, such as Denial
More informationToday Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues
Finding Bugs Last time Run-time reordering transformations Today Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues CS553 Lecture Finding
More informationCSCE 548 Building Secure Software Buffer Overflow. Professor Lisa Luo Spring 2018
CSCE 548 Building Secure Software Buffer Overflow Professor Lisa Luo Spring 2018 Previous Class Virus vs. Worm vs. Trojan & Drive-by download Botnet & Rootkit Malware detection Scanner Polymorphic malware
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 14: Software Security Department of Computer Science and Engineering University at Buffalo 1 Software Security Exploiting software vulnerabilities is paramount
More informationOutline. Classic races: files in /tmp. Race conditions. TOCTTOU example. TOCTTOU gaps. Vulnerabilities in OS interaction
Outline CSci 5271 Introduction to Computer Security Day 3: Low-level vulnerabilities Stephen McCamant University of Minnesota, Computer Science & Engineering Race conditions Classic races: files in /tmp
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 15: Software Security II Department of Computer Science and Engineering University at Buffalo 1 Software Vulnerabilities Buffer overflow vulnerabilities account
More informationVerification & Validation of Open Source
Verification & Validation of Open Source 2011 WORKSHOP ON SPACECRAFT FLIGHT SOFTWARE Gordon Uchenick Coverity, Inc Open Source is Ubiquitous Most commercial and proprietary software systems have some open
More informationA program execution is memory safe so long as memory access errors never occur:
A program execution is memory safe so long as memory access errors never occur: Buffer overflows, null pointer dereference, use after free, use of uninitialized memory, illegal free Memory safety categories
More informationBuffer overflow prevention, and other attacks
Buffer prevention, and other attacks Comp Sci 3600 Security Outline 1 2 Two approaches to buffer defense Aim to harden programs to resist attacks in new programs Run time Aim to detect and abort attacks
More informationCYSE 411/AIT681 Secure Software Engineering Topic #12. Secure Coding: Formatted Output
CYSE 411/AIT681 Secure Software Engineering Topic #12. Secure Coding: Formatted Output Instructor: Dr. Kun Sun 1 This lecture: [Seacord]: Chapter 6 Readings 2 Secure Coding String management Pointer Subterfuge
More information2/9/18. CYSE 411/AIT681 Secure Software Engineering. Readings. Secure Coding. This lecture: String management Pointer Subterfuge
CYSE 411/AIT681 Secure Software Engineering Topic #12. Secure Coding: Formatted Output Instructor: Dr. Kun Sun 1 This lecture: [Seacord]: Chapter 6 Readings 2 String management Pointer Subterfuge Secure
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #19 Nov 2 nd 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Quiz #3 This Thursday Covers material from midterm through today Project #3
More informationMemory Corruption 101 From Primitives to Exploit
Memory Corruption 101 From Primitives to Exploit Created by Nick Walker @ MWR Infosecurity / @tel0seh What is it? A result of Undefined Behaviour Undefined Behaviour A result of executing computer code
More informationCode Injection Attacks Buffer Overflows
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 System Security Lecture 1 Code Injection Attacks Buffer Overflows Based on and extracted from Nickolai Zeldovitch, Computer System Security, course material at
More informationModern Buffer Overflow Prevention Techniques: How they work and why they don t
Modern Buffer Overflow Prevention Techniques: How they work and why they don t Russ Osborn CS182 JT 4/13/2006 1 In the past 10 years, computer viruses have been a growing problem. In 1995, there were approximately
More informationBetriebssysteme und Sicherheit Sicherheit. Buffer Overflows
Betriebssysteme und Sicherheit Sicherheit Buffer Overflows Software Vulnerabilities Implementation error Input validation Attacker-supplied input can lead to Corruption Code execution... Even remote exploitation
More informationSoftware and Web Security 1. Root Cause Analysis. Abstractions Assumptions Trust. sws1 1
Software and Web Security 1 Reflections on using C(++) Root Cause Analysis Abstractions Assumptions Trust sws1 1 There are only two kinds of programming languages: the ones people complain about and the
More informationFor example, let s say we define an array of char of size six:
Arrays in C++ An array is a consecutive group of memory locations that all have the same name and the same type. To refer to a particular location, we specify the name and then the positive index into
More informationBuffer Overflows. A brief Introduction to the detection and prevention of buffer overflows for intermediate programmers.
Buffer Overflows A brief Introduction to the detection and prevention of buffer overflows for intermediate programmers. By: Brian Roberts What is a buffer overflow? In languages that deal with data structures
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2010 Quiz I All problems are open-ended questions. In order to receive credit you must answer
More informationTopics in Software Security Vulnerability
Topics in Software Security Vulnerability Software vulnerability What are software vulnerabilities? Types of vulnerabilities E.g., Buffer Overflows How to find these vulnerabilities and prevent them? Classes
More informationSecuring Software Applications Using Dynamic Dataflow Analysis. OWASP June 16, The OWASP Foundation
Securing Software Applications Using Dynamic Dataflow Analysis Steve Cook OWASP June 16, 2010 0 Southwest Research Institute scook@swri.org (210) 522-6322 Copyright The OWASP Foundation Permission is granted
More informationRuntime Defenses against Memory Corruption
CS 380S Runtime Defenses against Memory Corruption Vitaly Shmatikov slide 1 Reading Assignment Cowan et al. Buffer overflows: Attacks and defenses for the vulnerability of the decade (DISCEX 2000). Avijit,
More informationSyed Kamran Haider Department of Electrical & Computer Engineering University of Connecticut
CSE 5095 & ECE 6095 Spring 2016 Instructor Marten van Dijk System Security Lecture 1 Buffer Overflows Syed Kamran Haider Department of Electrical & Computer Engineering University of Connecticut Email:
More informationExtensible Lightweight Static Checking
Extensible Lightweight Static Checking On the I/O Streams Challenge Problem David Evans evans@cs.virginia.edu http://lclint.cs.virginia.edu University of Virginia Computer Science LCLint Everyone Likes
More informationAnalysis Tool Project
Tool Overview The tool we chose to analyze was the Java static analysis tool FindBugs (http://findbugs.sourceforge.net/). FindBugs is A framework for writing static analyses Developed at the University
More informationLecture 10. Pointless Tainting? Evaluating the Practicality of Pointer Tainting. Asia Slowinska, Herbert Bos. Advanced Operating Systems
Lecture 10 Pointless Tainting? Evaluating the Practicality of Pointer Tainting Asia Slowinska, Herbert Bos Advanced Operating Systems December 15, 2010 SOA/OS Lecture 10, Pointer Tainting 1/40 Introduction
More information1 Lexical Considerations
Massachusetts Institute of Technology Department of Electrical Engineering and Computer Science 6.035, Spring 2013 Handout Decaf Language Thursday, Feb 7 The project for the course is to write a compiler
More informationBeyond Stack Smashing: Recent Advances in Exploiting. Jonathan Pincus(MSR) and Brandon Baker (MS)
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus(MSR) and Brandon Baker (MS) Buffer Overflows and How they Occur Buffer is a contiguous segment of memory of a fixed
More informationFundamentals of Computer Security
Fundamentals of Computer Security Spring 2015 Radu Sion Software Errors Buffer Overflow TOCTTOU 2005-15 Portions copyright by Bogdan Carbunar and Wikipedia. Used with permission Why Security Vulnerabilities?
More informationSecurity and Privacy in Computer Systems. Lecture 5: Application Program Security
CS 645 Security and Privacy in Computer Systems Lecture 5: Application Program Security Buffer overflow exploits More effective buffer overflow attacks Preventing buffer overflow attacks Announcement Project
More informationHacking in C. Pointers. Radboud University, Nijmegen, The Netherlands. Spring 2019
Hacking in C Pointers Radboud University, Nijmegen, The Netherlands Spring 2019 Allocation of multiple variables Consider the program main(){ char x; int i; short s; char y;... } What will the layout of
More informationProgram Security and Vulnerabilities Class 2
Program Security and Vulnerabilities Class 2 CEN-5079: 28.August.2017 1 Secure Programs Programs Operating System Device Drivers Network Software (TCP stack, web servers ) Database Management Systems Integrity
More information(Early) Memory Corruption Attacks
(Early) Memory Corruption Attacks CS-576 Systems Security Instructor: Georgios Portokalidis Fall 2018 Fall 2018 Stevens Institute of Technology 1 Memory Corruption Memory corruption occurs in a computer
More informationSoftware Vulnerabilities August 31, 2011 / CS261 Computer Security
Software Vulnerabilities August 31, 2011 / CS261 Computer Security Software Vulnerabilities...1 Review paper discussion...2 Trampolining...2 Heap smashing...2 malloc/free...2 Double freeing...4 Defenses...5
More informationSystem Security Class Notes 09/23/2013
System Security Class Notes 09/23/2013 1 Format String Exploits a Format String bugs The printf family consists of functions with variable arguments i printf (char* format, ) ii sprint (char* dest, char*
More informationA brief introduction to C programming for Java programmers
A brief introduction to C programming for Java programmers Sven Gestegård Robertz September 2017 There are many similarities between Java and C. The syntax in Java is basically
More informationStatic Analysis in Practice
in Practice 15-313: Foundations of Software Engineering Jonathan Aldrich 1 Outline: in Practice Case study: Analysis at ebay Case study: Analysis at Microsoft Analysis Results and Process Example: Standard
More informationStatic Analysis in Practice
in Practice 17-654/17-754: Analysis of Software Artifacts Jonathan Aldrich 1 Quick Poll Who is familiar and comfortable with design patterns? e.g. what is a Factory and why use it? 2 1 Outline: in Practice
More informationCS 645: Lecture 3 Software Vulnerabilities. Rachel Greenstadt July 3, 2013
CS 645: Lecture 3 Software Vulnerabilities Rachel Greenstadt July 3, 2013 Project 1: Software exploits Individual project - done in virtual machine environment This assignment is hard. Don t leave it until
More informationBuffer overflows (a security interlude) Address space layout the stack discipline + C's lack of bounds-checking HUGE PROBLEM
Buffer overflows (a security interlude) Address space layout the stack discipline + C's lack of bounds-checking HUGE PROBLEM x86-64 Linux Memory Layout 0x00007fffffffffff not drawn to scale Stack... Caller
More informationPractical Malware Analysis
Practical Malware Analysis Ch 4: A Crash Course in x86 Disassembly Revised 1-16-7 Basic Techniques Basic static analysis Looks at malware from the outside Basic dynamic analysis Only shows you how the
More informationExploits and gdb. Tutorial 5
Exploits and gdb Tutorial 5 Exploits and gdb 1. Buffer Vulnerabilities 2. Code Injection 3. Integer Attacks 4. Advanced Exploitation 5. GNU Debugger (gdb) Buffer Vulnerabilities Basic Idea Overflow or
More information5) Attacker causes damage Different to gaining control. For example, the attacker might quit after gaining control.
Feb 23, 2009 CSE, 409/509 Mitigation of Bugs, Life of an exploit 1) Bug inserted into code 2) Bug passes testing 3) Attacker triggers bug 4) The Attacker gains control of the program 5) Attacker causes
More informationSoftware Security Buffer Overflows more countermeasures. Erik Poll. Digital Security Radboud University Nijmegen
Software Security Buffer Overflows more countermeasures Erik Poll Digital Security Radboud University Nijmegen Recap last week Recurring security problems in C(++) code buffer overflows bugs with pointers
More informationCOS 320. Compiling Techniques
Topic 5: Types COS 320 Compiling Techniques Princeton University Spring 2016 Lennart Beringer 1 Types: potential benefits (I) 2 For programmers: help to eliminate common programming mistakes, particularly
More informationTechnical Questions. Q 1) What are the key features in C programming language?
Technical Questions Q 1) What are the key features in C programming language? Portability Platform independent language. Modularity Possibility to break down large programs into small modules. Flexibility
More informationAgenda. Security and Standard C Libraries. Martyn Lovell Visual C++ Libraries Microsoft Corporation
Security and Standard C Libraries Visual C++ Libraries Microsoft Corporation 2003.04.17 1 Agenda Current Situation Security Problems Library impact Proposed Changes Related C++ issues Summary Q&A 2003.04.17
More informationOutline. Computer programming. Debugging. What is it. Debugging. Hints. Debugging
Outline Computer programming Debugging Hints Gathering evidence Common C errors "Education is a progressive discovery of our own ignorance." Will Durant T.U. Cluj-Napoca - Computer Programming - lecture
More informationUsing Static Code Analysis to Find Bugs Before They Become Failures
Using Static Code Analysis to Find Bugs Before They Become Failures Presented by Brian Walker Senior Software Engineer, Video Product Line, Tektronix, Inc. Pacific Northwest Software Quality Conference,
More informationCSE 127: Computer Security. Memory Integrity. Kirill Levchenko
CSE 127: Computer Security Memory Integrity Kirill Levchenko November 18, 2014 Stack Buffer Overflow Stack buffer overflow: writing past end of a stackallocated buffer Also called stack smashing One of
More informationEURECOM 6/2/2012 SYSTEM SECURITY Σ
EURECOM 6/2/2012 Name SYSTEM SECURITY 5 5 5 5 5 5 5 5 5 5 50 1 2 3 4 5 6 7 8 9 10 Σ Course material is not allowed during the exam. Try to keep your answers precise and short. You will not get extra points
More informationMaking C Less Dangerous
Making C Less Dangerous Linux Security Summit August 27, 2018 Vancouver, Canada Kees ( Case ) Cook keescook@chromium.org @kees_cook https://outflux.net/slides/2018/lss/danger.pdf Agenda Background Kernel
More informationC Review. MaxMSP Developers Workshop Summer 2009 CNMAT
C Review MaxMSP Developers Workshop Summer 2009 CNMAT C Syntax Program control (loops, branches): Function calls Math: +, -, *, /, ++, -- Variables, types, structures, assignment Pointers and memory (***
More informationControl Flow Hijacking Attacks. Prof. Dr. Michael Backes
Control Flow Hijacking Attacks Prof. Dr. Michael Backes Control Flow Hijacking malicious.pdf Contains bug in PDF parser Control of viewer can be hijacked Control Flow Hijacking Principles Normal Control
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 2 Question 1 Software Vulnerabilities (15 min) For the following code, assume an attacker can control the value of basket passed into eval basket.
More informationUndefined Behaviour in C
Undefined Behaviour in C Report Field of work: Scientific Computing Field: Computer Science Faculty for Mathematics, Computer Science and Natural Sciences University of Hamburg Presented by: Dennis Sobczak
More information[0569] p 0318 garbage
A Pointer is a variable which contains the address of another variable. Declaration syntax: Pointer_type *pointer_name; This declaration will create a pointer of the pointer_name which will point to the
More informationLecture 1: Buffer Overflows
CS5431 Computer Security Practicum Spring 2017 January 27, 2017 1 Conficker Lecture 1: Buffer Overflows Instructor: Eleanor Birrell In November 2008, a new piece of malware was observed in the wild. This
More informationLecture 3 Notes Arrays
Lecture 3 Notes Arrays 15-122: Principles of Imperative Computation (Summer 1 2015) Frank Pfenning, André Platzer 1 Introduction So far we have seen how to process primitive data like integers in imperative
More informationCMPSC 497 Buffer Overflow Vulnerabilities
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 Buffer Overflow
More informationStatic Analysis methods and tools An industrial study. Pär Emanuelsson Ericsson AB and LiU Prof Ulf Nilsson LiU
Static Analysis methods and tools An industrial study Pär Emanuelsson Ericsson AB and LiU Prof Ulf Nilsson LiU Outline Why static analysis What is it Underlying technology Some tools (Coverity, KlocWork,
More informationKendra June Kratkiewicz. A Thesis in the Field of Information Technology. Harvard University. March (corrected May 2005)
Evaluating Static Analysis Tools for Detecting Buffer Overflows in C Code Kendra June Kratkiewicz A Thesis in the Field of Information Technology for the Degree of Master of Liberal Arts in Extension Studies
More informationOracle Developer Studio Code Analyzer
Oracle Developer Studio Code Analyzer The Oracle Developer Studio Code Analyzer ensures application reliability and security by detecting application vulnerabilities, including memory leaks and memory
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationProgramming Languages Third Edition. Chapter 7 Basic Semantics
Programming Languages Third Edition Chapter 7 Basic Semantics Objectives Understand attributes, binding, and semantic functions Understand declarations, blocks, and scope Learn how to construct a symbol
More informationBasic Buffer Overflows
Operating Systems Security Basic Buffer Overflows (Stack Smashing) Computer Security & OS lab. Cho, Seong-je ( 조성제 ) Fall, 2018 sjcho at dankook.ac.kr Chapter 10 Buffer Overflow 2 Contents Virtual Memory
More informationReserve Engineering & Buffer Overflow Attacks. Tom Chothia Computer Security, Lecture 17
Reserve Engineering & Buffer Overflow Attacks Tom Chothia Computer Security, Lecture 17 Introduction A simplified, high-level view of buffer overflow attacks. x86 architecture overflows on the stack Some
More informationB.V. Patel Institute of Business Management, Computer & Information Technology, Uka Tarsadia University
Unit 1 Programming Language and Overview of C 1. State whether the following statements are true or false. a. Every line in a C program should end with a semicolon. b. In C language lowercase letters are
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationThe SPL Programming Language Reference Manual
The SPL Programming Language Reference Manual Leonidas Fegaras University of Texas at Arlington Arlington, TX 76019 fegaras@cse.uta.edu February 27, 2018 1 Introduction The SPL language is a Small Programming
More informationCode with red border means vulnerable code. Code with green border means corrected code. This program asks the user for a password with the function
1 Code with red border means vulnerable code. Code with green border means corrected code. This program asks the user for a password with the function IsPasswordOK(), and compares it with the correct password.
More informationProgramming refresher and intro to C programming
Applied mechatronics Programming refresher and intro to C programming Sven Gestegård Robertz sven.robertz@cs.lth.se Department of Computer Science, Lund University 2018 Outline 1 C programming intro 2
More informationQuiz Start Time: 09:34 PM Time Left 82 sec(s)
Quiz Start Time: 09:34 PM Time Left 82 sec(s) Question # 1 of 10 ( Start time: 09:34:54 PM ) Total Marks: 1 While developing a program; should we think about the user interface? //handouts main reusability
More informationCCured. One-Slide Summary. Lecture Outline. Type-Safe Retrofitting of C Programs
CCured Type-Safe Retrofitting of C Programs [Necula, McPeak,, Weimer, Condit, Harren] #1 One-Slide Summary CCured enforces memory safety and type safety in legacy C programs. CCured analyzes how you use
More informationCS201 Latest Solved MCQs
Quiz Start Time: 09:34 PM Time Left 82 sec(s) Question # 1 of 10 ( Start time: 09:34:54 PM ) Total Marks: 1 While developing a program; should we think about the user interface? //handouts main reusability
More informationSecure Software Development: Theory and Practice
Secure Software Development: Theory and Practice Suman Jana MW 2:40-3:55pm 415 Schapiro [SCEP] *Some slides are borrowed from Dan Boneh and John Mitchell Software Security is a major problem! Why writing
More informationModule: Future of Secure Programming
Module: Future of Secure Programming Professor Trent Jaeger Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) 1 Programmer s Little Survey Problem What does program for
More informationInformation and Software Technology
Information and Software Technology 52 (2010) 210 219 Contents lists available at ScienceDirect Information and Software Technology journal homepage: www.elsevier.com/locate/infsof Filtering false alarms
More informationAnnouncements. assign0 due tonight. Labs start this week. No late submissions. Very helpful for assign1
Announcements assign due tonight No late submissions Labs start this week Very helpful for assign1 Goals for Today Pointer operators Allocating memory in the heap malloc and free Arrays and pointer arithmetic
More informationLecture 9 Assertions and Error Handling CS240
Lecture 9 Assertions and Error Handling CS240 The C preprocessor The C compiler performs Macro expansion and directive handling Preprocessing directive lines, including file inclusion and conditional compilation,
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ slide 1 Reference Monitor Observes execution of the program/process At what level? Possibilities:
More information