csc 2400 computer systems stack buffer overflow attacks
play

CSC 2400: Computer Systems Stack Buffer Overflow Attacks Summary - PowerPoint PPT Presentation

Feb 26, 2024 •415 likes •576 views

CSC 2400: Computer Systems Stack Buffer Overflow Attacks Summary Invoking a function ! CALL : call the function ! RET : return from the instruction Stack Frame for a function call includes ! Function arguments ! Return address ! Local

  1. CSC 2400: Computer Systems Stack Buffer Overflow Attacks

  2. Summary • Invoking a function ! CALL : call the function ! RET : return from the instruction • Stack Frame for a function call includes ! Function arguments ! Return address ! Local variables ! Saved registers • Base pointer EBP ! Fixed reference point in the Stack Frame ! Useful for referencing arguments and local variables

  3. int add3(int a, int b, int c) { Function Calls int d; d = a + b + c; return d; • main calls add3 } ! Push arguments on the stack ! Push return address on stack int main() { ! Jump to add3 int sum, avg; ! Allocate local variables on stack, save registers, etc. sum = add3(3, 4, 5); avg = sum / 3; Return return avg Address } • Returning to main Stack Frame for add3 ! Clear the stack frame for add3 ! Pop return address from stack Return Addr. ESP Stack Frame Address 3 for main 4 5

  4. Computer Malware Stack buffer overflow attacks: q •Low •Address buffer buffer Saved EBP valid address •Overflowed Return Address New Return Address •region Malicious code •High •Address •Normal stack •Buffer Overflow Attack Heap buffer overflow are also common (overwrite pointer addresses) q

  5. 0 EBP-4 buf[0] buf[1] buf[2] buf[3] EBP Old EBP Return Address (0x08048424)

  6. 0 EBP-4 buf[0] 0x31 buf[1] buf[2] buf[3] 0x32 0x33 0x00 EBP Old EBP Old EBP Return Address (0x08048424) Return Address (0x08048424) Before gets After gets

  7. 0 EBP-4 buf[0] 0x31 buf[1] buf[2] buf[3] 0x32 0x33 0x34 EBP 0x00 Old EBP ... Return Address (0x08048424) Return Address (0x08048424) Before gets After gets

  8. 0 EBP-4 buf[0] 0x31 buf[1] buf[2] buf[3] 0x32 0x33 0x34 EBP 0x35 0x36 0x37 0x00 Old EBP Return Address (0x08048424) Return Address (0x08048424) Before gets After gets

  9. 0 EBP-4 buf[0] 0x31 buf[1] buf[2] buf[3] 0x32 0x33 0x34 EBP 0x30 0x30 0x30 0x30 Old EBP 0x35 Return Address (0x08048424) 0x36 0x37 0x38 0x00 Before gets After gets

  10. 0 EBP-4 buf[0] 0x31 buf[1] buf[2] buf[3] 0x32 0x33 0x34 EBP Old EBP 0x00000000 Return Address (0x08048472) 0x38373635 0x00 Before gets After gets

  11. 0 EBP-4 buf[0] 0x00 buf[1] buf[2] buf[3] 0x00 0x00 0x00 EBP Old EBP Some valid address Return Address (0x08048472) Address of Fire Before gets After gets

  12. #include <string.h> void foo (char *bar) { char c[12]; strcpy(c, bar); // no bounds checking } int main (int argc, char **argv) { foo(argv[1]); return 0; } 13

  13. 14

  14. 15

  15. 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

History of the Stack Overflow Buffer Overflow Understood

History of the Stack Overflow Buffer Overflow Understood

History of the Stack Overflow Buffer Overflow Understood as early as 1972 Computer Security Technology Planning Study Morris Worm First

1.07k views • 42 slides
Buffer Overflow Attacks IA32 Linux Stack Higher Addresses Virtual Address Space Heap Data

Buffer Overflow Attacks IA32 Linux Stack Higher Addresses Virtual Address Space Heap Data

Buffer Overflow Attacks IA32 Linux Stack Higher Addresses Virtual Address Space Heap Data Text Lower Addresses Stack and Base Pointers Stack is made up of stack frames Stack frames contain: parameters, local variables, return

604 views • 45 slides
Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed

Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed

1 Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed in buffer overflow exploits to create backdoors Execution of additional network services via the INETD daemon The addition of new users

497 views • 30 slides
Buffer Overflow Attacks &amp; Defenses Slides are borrowed from Franziska Roesner @UW and Dawn

Buffer Overflow Attacks &amp; Defenses Slides are borrowed from Franziska Roesner @UW and Dawn

Buffer Overflow Attacks &amp; Defenses Slides are borrowed from Franziska Roesner @UW and Dawn Song @Berkeley Linux (32-bit) process memory layout -0xFFFFFFFF Reserved for Kernal -0xC0000000 user stack %esp shared libraries -0x40000000

994 views • 85 slides
Chapter 10 Buffer Overflow Buffer Overflow Common attack mechanism first wide use by

Chapter 10 Buffer Overflow Buffer Overflow Common attack mechanism first wide use by

Chapter 10 Buffer Overflow Buffer Overflow Common attack mechanism first wide use by the Morris Worm in 1988 Prevention techniques known NX bit, stack canaries, ASLR Still of major concern Recent examples:

354 views • 21 slides
Outline Memory safety and security CSci 4271W Stack buffer overflow Development of Secure

Outline Memory safety and security CSci 4271W Stack buffer overflow Development of Secure

Outline Memory safety and security CSci 4271W Stack buffer overflow Development of Secure Software Systems Day 2: Memory Safety Introduction Reversing the stack Stephen McCamant University of Minnesota, Computer Science &amp; Engineering

440 views • 4 slides
CPSC 213 Procedures - 3.7 Out-of-Bounds Memory References and Buffer Overflow - 3.12

CPSC 213 Procedures - 3.7 Out-of-Bounds Memory References and Buffer Overflow - 3.12

Readings for Next 3 Lectures Textbook CPSC 213 Procedures - 3.7 Out-of-Bounds Memory References and Buffer Overflow - 3.12 Introduction to Computer Systems Unit 1e Procedures and the Stack 1 2 Local Variables of a Procedure

201 views • 8 slides
Buffer Overflow CS461/ECE422 Spring 2012 Reading Material

Buffer Overflow CS461/ECE422 Spring 2012 Reading Material

Buffer Overflow CS461/ECE422 Spring 2012 Reading Material Based on Chapter 11 of the text Outline Buffer Overflow Stack Buffer Overflow Shell

783 views • 28 slides
a single gadget weird machine Framing Signals a return to portable shellcode Erik Bosman and

a single gadget weird machine Framing Signals a return to portable shellcode Erik Bosman and

a single gadget weird machine Framing Signals a return to portable shellcode Erik Bosman and Herbert Bos stack buffer overflow stack return addr buffer sp 1 stack buffer overflow stack return addr buffer sp 1 stack buffer overflow

1.65k views • 89 slides
CS241 Computer Organization Spring 2015 Buffer Overflow 4-022015 Outline Linking

CS241 Computer Organization Spring 2015 Buffer Overflow 4-022015 Outline Linking

CS241 Computer Organization Spring 2015 Buffer Overflow 4-022015 Outline Linking &amp; Loading, continued Buffer Overflow Read: CSAPP2: section 3.12: out-of-bounds memory references &amp; buffer overflow K&amp;R:

775 views • 43 slides
Re-arquitetando o Re-arquitetando o Stack Overflow Stack Overflow ou como construmos o Stack

Re-arquitetando o Re-arquitetando o Stack Overflow Stack Overflow ou como construmos o Stack

Re-arquitetando o Re-arquitetando o Stack Overflow Stack Overflow ou como construmos o Stack Overflow for Teams Roberta Arcoverde 1 /whois /whois recifense programadora h 15 anos principal software developer na stack overflow

711 views • 52 slides
CPSC 213 Introduction to Computer Systems Unit 1e Procedures and the Stack Readings for Next 3

CPSC 213 Introduction to Computer Systems Unit 1e Procedures and the Stack Readings for Next 3

CPSC 213 Introduction to Computer Systems Unit 1e Procedures and the Stack Readings for Next 3 Lectures Textbook Procedures - 3.7 Out-of-Bounds Memory References and Buffer Overflow - 3.12 Local Variables of a Procedure public

331 views • 16 slides
Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a

Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a

Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a very common attack mechanism from 1988 Morris Worm to Code Red, Slammer, Sasser and many others prevention techniques known still of major concern

873 views • 53 slides
Software Security: Buffer Overflow Attacks Fall 2017 Franziska (Franzi) Roesner

Software Security: Buffer Overflow Attacks Fall 2017 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Attacks Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John

703 views • 27 slides
Software Security: Buffer Overflow Attacks (continued) Fall 2016 Ada (Adam) Lerner

Software Security: Buffer Overflow Attacks (continued) Fall 2016 Ada (Adam) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Attacks (continued) Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno,

577 views • 43 slides
Software Security: Buffer Overflow Attacks Autumn 2020 Franziska (Franzi) Roesner

Software Security: Buffer Overflow Attacks Autumn 2020 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Attacks Autumn 2020 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John

517 views • 29 slides
CSE543 - Introduction to Computer and Network Security Module: Return-oriented Programming

CSE543 - Introduction to Computer and Network Security Module: Return-oriented Programming

613 views • 35 slides
Return-to-libc Attacks Outline Non-executable Stack countermeasure How to defeat the

Return-to-libc Attacks Outline Non-executable Stack countermeasure How to defeat the

Return-to-libc Attacks Outline Non-executable Stack countermeasure How to defeat the countermeasure Tasks involved in the attack Function Prologue and Epilogue Launching attack Non-executable Stack Running shellcode in C

516 views • 27 slides
Attacks Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and

Attacks Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Attacks Trent Jaeger Systems and Internet Infrastructure Security

534 views • 18 slides
p2 Jeff Chase Duke University vulnerable.c Smashing the Stack for Fun and Profit 0x7fffffff

p2 Jeff Chase Duke University vulnerable.c Smashing the Stack for Fun and Profit 0x7fffffff

p2 Jeff Chase Duke University vulnerable.c Smashing the Stack for Fun and Profit 0x7fffffff VAS example (32-bit) Reserved The program uses virtual memory through Stack its process Virtual Address Space: An addressable array

459 views • 22 slides
1 Changelog Corrections made in this version not in fjrst posting: 1 April 2017: slide 13: a few

1 Changelog Corrections made in this version not in fjrst posting: 1 April 2017: slide 13: a few

1 Changelog Corrections made in this version not in fjrst posting: 1 April 2017: slide 13: a few more %cs would be needed to skip format string part 1 OVER questions? 2 last time memory management problems two objects end up at same

965 views • 63 slides
15-213 Recitation: Attack Lab Jenna MacCarley 28 Sep 2015 Carnegie Mellon Reminder Bomb lab

15-213 Recitation: Attack Lab Jenna MacCarley 28 Sep 2015 Carnegie Mellon Reminder Bomb lab

Carnegie Mellon 15-213 Recitation: Attack Lab Jenna MacCarley 28 Sep 2015 Carnegie Mellon Reminder Bomb lab is due tomorrow! Attack lab is released tomorrow!! Carnegie Mellon Agenda Stack review Attack lab overview Phases

882 views • 19 slides
Info formation Leaks Kyriakos Kyriakou kkyria16@cs.ucy.ac.cy University of Cyprus EPL 682:

Info formation Leaks Kyriakos Kyriakou kkyria16@cs.ucy.ac.cy University of Cyprus EPL 682:

Info formation Leaks Kyriakos Kyriakou kkyria16@cs.ucy.ac.cy University of Cyprus EPL 682: Advanced Security Topics 1 Ju Just st-in in-tim time Code Reuse On the effectiveness of Fine-Grained Address Space Layout Randomization Kevin Z.

1.82k views • 180 slides
ECS 153 Discussion Section April 6, 2015 1 What Well Cover Goal : To

ECS 153 Discussion Section April 6, 2015 1 What Well Cover Goal : To

ECS 153 Discussion Section April 6, 2015 1 What Well Cover Goal : To discuss buffer overflows in detail Stack-based buffer overflows Smashing the stack: execution from the stack

620 views • 37 slides

More recommend