Software Security (cont.): Defenses, Adv. Attacks, & More

Similar documents
Software Security: Buffer Overflow Defenses

Software Security: Buffer Overflow Defenses and Miscellaneous

Software Security: Miscellaneous

Software Security: Buffer Overflow Attacks (continued)

Software Security: Buffer Overflow Attacks

Runtime Defenses against Memory Corruption

Software Security: Misc and Principles

Software Security: Buffer Overflow Attacks and Beyond

Lecture 08 Control-flow Hijacking Defenses

(Continue) Cryptography + (Back to) Software Security

CSE 565 Computer Security Fall 2018

Betriebssysteme und Sicherheit Sicherheit. Buffer Overflows

Introduction to Cryptography (cont.)

Advanced Buffer Overflow

CSE 127: Computer Security. Memory Integrity. Kirill Levchenko

Advanced Buffer Overflow

Cryptography (cont.)

Control Hijacking: Defenses

20: Exploits and Containment

Software Security: Buffer Overflow Attacks and Beyond

CSC 405 Computer Security Stack Canaries & ASLR

Software Security II: Memory Errors - Attacks & Defenses

Countermeasures in Modern Operating Systems. Yves Younan, Vulnerability Research Team (VRT)

Software Security and Intro to Cryptography

15-213/18-243, Fall 2010 Exam 1 - Version A

Program Security and Vulnerabilities Class 2

Software Vulnerabilities August 31, 2011 / CS261 Computer Security

Software Security: Buffer Overflow Attacks and Beyond

On The Effectiveness of Address-Space Randomization. H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh Stanford University CCS 2004

Buffer Overflow Attacks

Beyond Stack Smashing: Recent Advances in Exploiting. Jonathan Pincus(MSR) and Brandon Baker (MS)

CS 161 Computer Security

Lec07: Return-oriented programming. Taesoo Kim

Software Security Design Principles + Intro to Crypto

Module: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Module: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

1/31/2007 C. Edward Chow. CS591 Page 1

Secure Software Development: Theory and Practice

The first Secure Programming Laboratory will be today! 3pm-6pm in Forrest Hill labs 1.B31, 1.B32.

Module: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Secure Programming Lecture 6: Memory Corruption IV (Countermeasures)

Topics in Software Security Vulnerability

Buffer overflows (a security interlude) Address space layout the stack discipline + C's lack of bounds-checking HUGE PROBLEM

Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I Solutions

BUFFER OVERFLOW. Jo, Heeseung

Buffer Overflow. Jo, Heeseung

BUFFER OVERFLOW DEFENSES & COUNTERMEASURES

Buffer Overflow. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

CNIT 127: Exploit Development. Ch 1: Before you begin. Updated

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 2

Buffer overflow background

Buffer Overflow Defenses

CMPSC 497 Buffer Overflow Vulnerabilities

Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Review

Buffer Overflow Attacks

Buffer Overflows Defending against arbitrary code insertion and execution

CS 161 Computer Security

Symmetric Cryptography

Inject malicious code Call any library functions Modify the original code

Foundations of Network and Computer Security

Lecture 4 September Required reading materials for this class

CS 161 Computer Security. Week of January 22, 2018: GDB and x86 assembly

Secure Programming Lecture 5: Memory Corruption III (Countermeasures)

Buffer overflow risks have been known for over 30 years. Is it still a problem? Try searching at to see.

Basic Buffer Overflows

Cryptography: Symmetric Encryption [continued]

This time. Defenses and other memory safety vulnerabilities. Everything you ve always wanted to know about gdb but were too afraid to ask

Memory corruption countermeasures

Sungkyunkwan University

(Early) Memory Corruption Attacks

CS 3214 Spring # Problem Points Min Max Average Median SD Grader. 1 Memory Layout and Locality Bill

CSC 591 Systems Attacks and Defenses Stack Canaries & ASLR

Buffer Overflows. Buffer Overflow. Many of the following slides are based on those from

Buffer overflow prevention, and other attacks

Cryptography [Symmetric Encryption]

Introduction to Computer Systems , fall th Lecture, Sep. 28 th

CS 361S - Network Security and Privacy Spring Homework #2

CS , Fall 2004 Exam 1

4. Jump to *RA 4. StackGuard 5. Execute code 5. Instruction Set Randomization 6. Make system call 6. System call Randomization

Outline. Format string attack layout. Null pointer dereference

Computer Security and Privacy

Buffer Overflows. A brief Introduction to the detection and prevention of buffer overflows for intermediate programmers.

2 Sadeghi, Davi TU Darmstadt 2012 Secure, Trusted, and Trustworthy Computing Chapter 6: Runtime Attacks

CSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno

CSC 591 Systems Attacks and Defenses Return-into-libc & ROP

CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING

Lec06: DEP and ASLR. Taesoo Kim

Lab 2: Buffer Overflows

Robust Shell Code Return Oriented Programming and HeapSpray. Zhiqiang Lin

Offensive Security My First Buffer Overflow: Tutorial

Vulnerabilities. Code Injection - Buffer overflows. Some Commonly Exploitable Flaws

CSc 466/566. Computer Security. 20 : Operating Systems Application Security

CSE 484 / CSE M 584: Computer Security and Privacy. Web Security. Autumn Tadayoshi (Yoshi) Kohno

typedef void (*type_fp)(void); int a(char *s) { type_fp hf = (type_fp)(&happy_function); char buf[16]; strncpy(buf, s, 18); (*hf)(); return 0; }

Syed Kamran Haider Department of Electrical & Computer Engineering University of Connecticut

Practical Malware Analysis

Lecture 9 Assertions and Error Handling CS240

Lecture 4: Hashes and Message Digests,

Security-Aware Processor Architecture Design. CS 6501 Fall 2018 Ashish Venkat

Outline. Heap meta-data. Non-control data overwrite

Transcription:

CSE 484 / CSE M 584 (Autumn 2011) Software Security (cont.): Defenses, Adv. Attacks, & More Daniel Halperin Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...

Updates Oct. 7th Coffee/tea signup sheet posted (optional) M 584 reading for Oct. 14th posted Security reviews & Current events Lab 1

Today Randomness Software defenses Advanced attacks Advanced defense

Images from http://www.cigital.com/news/index.php?pg=art&artid=20

Images from http://www.cigital.com/news/index.php?pg=art&artid=20

How would you test a RNG?

How would you test a RNG? Statistical tests: how are the output values distributed? Spectral tests: plot data in n-d, find patterns Related to compressibility/summarizibility A: 010101010101010101010101010101 B: 110010000110000111011110111010

RANDU - famously bad PRNG X[i+1] = 65539 * X[i] (mod 232 ) All X[i] are odd! 3-D plot of RANDU output (Wikipedia, RANDU article)

RANDU - famously bad PRNG (Wikipedia, RANDU article)

Where do (good) random numbers come from?

Where do (good) random numbers come from? Humans: keyboard, mouse input Timing: interrupt firing, arrival of packets on the network interface Physical processes: unpredictable physical phenomena

SGI s LavaRand (http://hackaday.com/2005/06/05/lava-lamp-random-number-generator/)

Open Source LavaRnd Camera CCD looking into an empty, dark, shielded can Measuring background radiation thermal noise Quantum process: randomness from Heisenberg s Uncertain Principle (http://www.lavarnd.org/what/process.html)

Physical RNGs in CPUs State of uninitialized memory when machine powers on (Holcomb, Burleson, Fu, IEEE Trans. Comp 58(9), Sept. 2009) Tiny variations in voltage over resistor

Obtaining Pseudorandom Numbers For security applications, want cryptographically secure pseudorandom numbers Libraries include: OpenSSL Microsoft s Crypto API Linux: /dev/random /dev/urandom - nonblocking, possibly less entropy Internally: Entropy pool gathered from multiple sources Physical sources

Buffer overflow attacks void foo (char *argv[]) { push mov %ebp %esp,%ebp char buf[128]; sub mov $0x88,%esp 0x8(%ebp),%eax strcpy(buf, argv[1]); add mov mov lea mov call } leave ret $0x4,%eax (%eax),%eax %eax,0x4(%esp) -0x80(%ebp),%eax %eax,(%esp) 804838c <strcpy@plt> Caller s stack frame ret/ip Saved FP buf Stack

How to defend against this? void foo (char *argv[]) { push mov %ebp %esp,%ebp char buf[128]; sub mov $0x88,%esp 0x8(%ebp),%eax strcpy(buf, argv[1]); add mov mov lea mov call } leave ret $0x4,%eax (%eax),%eax %eax,0x4(%esp) -0x80(%ebp),%eax %eax,(%esp) 804838c <strcpy@plt> Caller s stack frame ret/ip Saved FP buf Stack

Stack Canary void foo (char *argv[]) { int canary = <random>; char buf[128]; strcpy(buf, argv[1]); assert(canary unchanged); } Caller s stack frame ret/ip Saved FP Canary Stack buf

Stack Canary void foo (char *argv[]) { int canary = <random>; char buf[128]; strcpy(buf, argv[1]); assert(canary unchanged); } Caller s stack frame ret/ip Saved FP Canary Stack Any Canary Advice? buf

Stack Canary void foo (char *argv[]) { int canary = <random>; char buf[128]; strcpy(buf, argv[1]); assert(canary unchanged); } Caller s stack frame ret/ip Saved FP Canary Stack Any Canary Advice? Null byte stops strcpy() bugs CR-LF stops gets() bugs EOF stops fread() bugs buf

StackGuard Implementation StackGuard requires code recompilation Checking canary integrity prior to every function return causes a performance penalty For example, 8% for Apache Web server PointGuard also places canaries next to function pointers and setjmp buffers Worse performance penalty StackGuard doesn t completely solve the problem (can be defeated)

Defeating StackGuard (Example, Sketch) Idea: overwrite pointer used by some strcpy and make it point to return address (RET) on stack strcpy will write into RET without touching canary! buf dst canary sfp RET Suppose program contains strcpy(dst,buf) Return execution to this address

Defeating StackGuard (Example, Sketch) Idea: overwrite pointer used by some strcpy and make it point to return address (RET) on stack strcpy will write into RET without touching canary! buf dst canary sfp RET Suppose program contains strcpy(dst,buf) Return execution to this address canary sfp RET

Defeating StackGuard (Example, Sketch) Idea: overwrite pointer used by some strcpy and make it point to return address (RET) on stack strcpy will write into RET without touching canary! buf dst canary sfp RET Suppose program contains strcpy(dst,buf) Return execution to this address BadPointer, attack code canary sfp RET

Defeating StackGuard (Example, Sketch) Idea: overwrite pointer used by some strcpy and make it point to return address (RET) on stack strcpy will write into RET without touching canary! buf dst canary sfp RET Suppose program contains strcpy(dst,buf) Return execution to this address BadPointer, attack code &RET canary sfp RET Overwrite destination of strcpy with RET position

Defeating StackGuard (Example, Sketch) Idea: overwrite pointer used by some strcpy and make it point to return address (RET) on stack strcpy will write into RET without touching canary! buf dst canary sfp RET Suppose program contains strcpy(dst,buf) Return execution to this address BadPointer, attack code &RET canary sfp RET Overwrite destination of strcpy with RET position strcpy will copy BadPointer here

Non-Executable Stack NX bit for pages in memory Modern Intel and AMD processors support Modern OS support as well Some applications need executable stack For example, LISP interpreters Does not defend against return-to-libc exploits Overwrite return address with the address of an existing library function (can still be harmful) Newer: Return-oriented programming nor against heap and function pointer overflows nor changing stack internal variables (auth flag,...)

PointGuard Attack: overflow a function pointer so that it points to attack code Idea: encrypt all pointers while in memory Generate a random key when program is executed Each pointer is XORed with this key when loaded from memory to registers or stored back into memory Pointers cannot be overflown while in registers Attacker cannot predict the target program s key Even if pointer is overwritten, after XORing with key it will dereference to a random memory address

Normal Pointer Dereference [Cowan] CPU 1. Fetch pointer value 2. Access data referenced by pointer Memory Pointer 0x1234 Data 0x1234 1. Fetch pointer value CPU 2. Access attack code referenced by corrupted pointer Memory Corrupted pointer 0x1234 0x1340 Data Attack code 0x1234 0x1340

PointGuard Dereference [Cowan] CPU 1. Fetch pointer value Decrypt 0x1234 2. Access data referenced by pointer Memory Encrypted pointer 0x7239 Data 0x1234 1. Fetch pointer value Decrypts to random value Decrypt CPU 0x9786 2. Access random address; segmentation fault and crash Memory Corrupted pointer 0x7239 0x1340 Data Attack code 0x1234 0x1340 0x9786

PointGuard Issues Must be very fast Pointer dereferences are very common Compiler issues Must encrypt and decrypt only pointers If compiler spills registers, unencrypted pointer values end up in memory and can be overwritten there Attacker should not be able to modify the key Store key in its own non-writable memory page PG d code doesn t mix well with normal code What if PG d code needs to pass a pointer to OS kernel?

Other solutions Use safe programming languages, e.g., Java What about legacy C code? Static analysis of source code to find overflows Randomize stack location or encrypt return address on stack by XORing with random string Attacker won t know what address to use in his or her string

Timing Attacks Assume there are no typical bugs in the software No buffer overflow bugs No format string vulnerabilities Good choice of randomness Good design The software may still be vulnerable to timing attacks Software exhibits input-dependent timings Complex and hard to fully protect against

Password Checker Functional requirements PwdCheck(RealPwd, CandidatePwd) should: Return TRUE if RealPwd matches CandidatePwd Return FALSE otherwise RealPwd and CandidatePwd are both 8 characters long Implementation (like TENEX system) PwdCheck(RealPwd, CandidatePwd) // both 8 chars for i = 1 to 8 do if (RealPwd[i]!= CandidatePwd[i]) then return TRUE return FALSE Clearly meets functional description

Attacker Model PwdCheck(RealPwd, CandidatePwd) // both 8 chars for i = 1 to 8 do if (RealPwd[i]!= CandidatePwd[i]) then return TRUE return FALSE Attacker can guess CandidatePwds through some standard interface Naive: Try all 256 8 = 18,446,744,073,709,551,616 possibilities

Attacker Model PwdCheck(RealPwd, CandidatePwd) // both 8 chars for i = 1 to 8 do sleep for 1 second if (RealPwd[i]!= CandidatePwd[i]) then return TRUE return FALSE Attacker can guess CandidatePwds through some standard interface Naive: Try all 256 8 = 18,446,744,073,709,551,616 possibilities

Attacker Model PwdCheck(RealPwd, CandidatePwd) // both 8 chars for i = 1 to 8 do sleep for 1 second if (RealPwd[i]!= CandidatePwd[i]) then return TRUE return FALSE Naive: Try all 256 8 = 18,446,744,073,709,551,616 possibilities Better: Time how long it takes to reject a CandidatePasswd. Then try all possibilities for first character, then second, then third,... Total tries: 256*8 = 2048

Other Examples Plenty of other examples of timings attacks AES cache misses AES is the Advanced Encryption Standard It is used in SSH, SSL, IPsec, PGP,... RSA exponentiation time RSA is a famous public-key encryption and signature scheme It s also used in many cryptographic protocols and products

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback