lab 2 buffer overflows
play

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University - PowerPoint PPT Presentation

Sep 14, 2022 •29 likes •199 views

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University Course: Cyber Security Prac@ce 1 Buffer Overflows One of the most common vulnerabili@es in soEware Programming languages commonly associated with buffer overflows including

  1. Lab 2: Buffer Overflows Fengwei Zhang Wayne State University Course: Cyber Security Prac@ce 1

  2. Buffer Overflows • One of the most common vulnerabili@es in soEware • Programming languages commonly associated with buffer overflows including C and C++ • Opera@ng systems including Windows, Linux and Mac OS X are wriMen in C or C++ Wayne State University Course: Cyber Security Prac@ce 2

  3. How It Works • Applica@ons define buffers in the memory – Unsigned char [10] • Applica@ons use adjacent memory to store variables, arguments, and return address of a func@on. • Buffer Overflows occurs when data wriMen to a buffer exceeds its size. Wayne State University Course: Cyber Security Prac@ce 3

  4. Overflowing A Buffer • Defining a buffer in C – char buf[10]; • Overflowing the buffer – Char buf [10] = ‘x’; – strcpy(buf, “AAAAAAAAAAAAAAAAAAAAAAA”) Wayne State University Course: Cyber Security Prac@ce 4

  5. Why We Care • Because adjacent memory stores program variables, parameters, and arguments • AMackers can change these values through overflowing a buffer • AMackers can gain control over the program flow to execute arbitrary code Wayne State University Course: Cyber Security Prac@ce 5

  6. Process Memory Layout High memory Stack Heap Data Segment Text Segment Low memory Wayne State University Course: Cyber Security Prac@ce 6

  7. Memory Layout for 32-bit Linux 1GB Kernel Space Local variable: int a Stack Func@on malloc() Heap 3GB Unini@alized sta@c variables: sta@c char *u BSS Segment sta@c char *s = “Hello world” Data Segment Text Segment (ELF) Binary of the program Wayne State University Course: Cyber Security Prac@ce 7

  8. Virtual Memory Layout Wayne State University Course: Cyber Security Prac@ce 8

  9. Stack Frame • The stack contains ac@va@on frames including local variables, func@on parameters, and return address • Star@ng at the highest memory address and growing downwards • Last in first out Wayne State University Course: Cyber Security Prac@ce 9

  10. A Simple Program Add (2,3) High memory 3 2 int add (int a, int b) { Ret Address int c; EBP c = 1+b; C return c; } Low memory ESP Wayne State University Course: Cyber Security Prac@ce 10

  11. Another Program int func (char * str) { char mybuff[512]; strcpy(myBuff, str); Draw the Stack Frame! return 1; } int main (int argc, char ** argv) { func (argv[1]); return 1; } Wayne State University Course: Cyber Security Prac@ce 11

  12. Overflowing “myBuff” High memory (A) str(A) Ret addr(A) EBP(A) A A A A A A Low memory ESP Wayne State University Course: Cyber Security Prac@ce 12

  13. Buffer Overflow Defenses • The aMack described is a classical stack smashing aMack which execute the code on the stack • It does not work today – NX – non-executable stack. Most compilers now default to a non-executable stack. Meaning a segmenta@on fault occurs if running code from the stack (i.e., Data Execu@on Preven@on - DEP) • Disable it with –zexecstack op@on • Check it with readelf –e <PROGRAM> | grep STACK – StackGuard: Cannaries • Disable it with –fno-stack-protector op@on • Enable it with –fstack-protector op@on Wayne State University Course: Cyber Security Prac@ce 13

  14. Stack Canaries • Stack smashing aMacks do two things – Overwrite the return address – Wait for algorithm to complete and call RET • Stack Canaries: Stack Smashing Protector (SSP) – Placing a integer value to stack just before the return address – To overwrite the return address, the canary value would also be modified – Checking this value before the func@on returns Wayne State University Course: Cyber Security Prac@ce 14

  15. Stack Canaries (cont’d) High memory (A) str(A) Ret addr(A) EBP(A) Canary(A) A A A A A Low memory ESP Wayne State University Course: Cyber Security Prac@ce 15

  16. Bypassing NX and Canaries • NX - non-executable stack – Execu@ng code in the heap – Data Execu@on Preven@on (DEP) – Return Oriented Programming (ROP) • Stack Canaries – Overwri@ng the Canary with the same value – Brute force aMack (e.g., DynaGuard in ACSAC’15) Wayne State University Course: Cyber Security Prac@ce 16

  17. Reminders • Lab 0 – Turn in the class agreement • Lab 1 – Due today at 11:59pm – Late assignment policy – Submit it via Blackboard • Lab 2 instruc@ons Wayne State University Course: Cyber Security Prac@ce 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction Buffer Overflows Buffer overflows were the most common form of security

Introduction Buffer Overflows Buffer overflows were the most common form of security

Introduction Buffer Overflows Buffer overflows were the most common form of security vulnerability in the 90s. Buffer overflows dominate in the area of remote network penetration vulnerabilities. CS 465 They represent one of the

651 views • 4 slides
Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows

Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows

Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows One of the most common vulnerabilities in software Programming languages commonly associated with buffer overflows including C and C++

1.14k views • 17 slides
Lab 2: Buffer Overflows Fengwei Zhang Wayne State University CSC 5991 Cyber Security PracCce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University CSC 5991 Cyber Security PracCce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University CSC 5991 Cyber Security PracCce 1 Buffer Overflows One of the most common vulnerabiliCes in soGware Programming languages commonly associated with buffer overflows including

195 views • 17 slides
Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow

Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow

Last time We continued By launching our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow fundamentals This time We will finish up By looking at Buffer Overflow overflows

1.33k views • 103 slides
Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a

Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a

Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a very common attack mechanism from 1988 Morris Worm to Code Red, Slammer, Sasser and many others prevention techniques known still of major concern

873 views • 53 slides
Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed

Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed

1 Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed in buffer overflow exploits to create backdoors Execution of additional network services via the INETD daemon The addition of new users

497 views • 30 slides
ASLR &amp; DEP DAVID HEAVERN Problem Statement Security Issues Buffer Overflows

ASLR &amp; DEP DAVID HEAVERN Problem Statement Security Issues Buffer Overflows

ASLR &amp; DEP DAVID HEAVERN Problem Statement Security Issues Buffer Overflows Buffer overflows are the source of many of the common vulnerabilities in modern software Caused by not checking the source length when writing to a

1.88k views • 130 slides
CSE 484 / CSE M 584 Computer Security: Buffer Overflows

CSE 484 / CSE M 584 Computer Security: Buffer Overflows

CSE 484 / CSE M 584 Computer Security: Buffer Overflows II TA: Viktor Farkas vfarkas@cs Original slides by Franzi Lab 1 Deadline Reminders Lab

373 views • 11 slides
More Vulnerabilities (buffer overreads, format string, integer overflow, heap overflows) Chester

More Vulnerabilities (buffer overreads, format string, integer overflow, heap overflows) Chester

More Vulnerabilities (buffer overreads, format string, integer overflow, heap overflows) Chester Rebeiro Indian Institute of Technology Madras Buffer Overreads 2 Buffer Overread Example 3 Buffer Overread Example len read from command line

906 views • 76 slides
CS 241 Data Organization Buffer Overflows December 4, 2018 The Problem Exploitation Use

CS 241 Data Organization Buffer Overflows December 4, 2018 The Problem Exploitation Use

CS 241 Data Organization Buffer Overflows December 4, 2018 The Problem Exploitation Use large strings (or other datatypes) to overflow a buffer Craft input to make the server do whatever you want Easy to crash a program Harder

256 views • 11 slides
Computer Security Buffer Overflows Denial of Service MIE456 Joseph Kong Overview Program

Computer Security Buffer Overflows Denial of Service MIE456 Joseph Kong Overview Program

Computer Security Buffer Overflows Denial of Service MIE456 Joseph Kong Overview Program Exploitation Buffer Overflows Memory Declaration Smashing The Stack TCP/IP Three Way Handshake Denial of Service SYN Flooding

403 views • 13 slides
On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector

On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector

On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector Marco On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector Marco-Gisbert , Ismael Ripoll Universit` at Polit` ecnica

528 views • 35 slides
Security: Buffer Overflows and Defenses CS 416: Operating Systems Design Department of Computer

Security: Buffer Overflows and Defenses CS 416: Operating Systems Design Department of Computer

Security: Buffer Overflows and Defenses CS 416: Operating Systems Design Department of Computer Science Rutgers University http://www.cs.rutgers.edu/~vinodg/416 Buffer Overflow a very common attack mechanism from 1988 Morris Worm to Code Red,

950 views • 55 slides
Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for

Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for

Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for Fun and Profit by Aleph One Summer 2017 Roadmap 1 Process Memory Organization Text Fixed by program Includes code and read-only data

257 views • 22 slides
Buffer Overflows: What They Are, and How to Avoid Them Ricardo J. Rodr guez All wrongs

Buffer Overflows: What They Are, and How to Avoid Them Ricardo J. Rodr guez All wrongs

Buffer Overflows: What They Are, and How to Avoid Them Ricardo J. Rodr guez All wrongs reversed rj.rodriguez@unileon.es @RicardoJRdez www.ricardojrodriguez.es Research Institute of Applied Sciences in Cybersecurity University of

825 views • 50 slides
Computer Security Sec4on Week 2: Buffer Overflows TA:

Computer Security Sec4on Week 2: Buffer Overflows TA:

CSE 484 / CSE M 584 Computer Security Sec4on Week 2: Buffer Overflows TA: Thomas Crosley tcrosley@cs Thanks to Franzi Roesner, Adrian

502 views • 14 slides
1 Fast hits by Avoiding Address Fast hits by Avoiding Address Translation Translation Send

1 Fast hits by Avoiding Address Fast hits by Avoiding Address Translation Translation Send

Reducing Misses by Hardware Prefetching of Instructions &amp; Data Lecture 17: Reducing Cache Miss E.g., Instruction Prefetching Penalty and Reducing Cache Hit Alpha 21064 fetches 2 blocks on a miss Extra block placed in stream

389 views • 3 slides
Adapting Router Buffers for Energy Efficiency Arun Vishwanath CEET, University of Melbourne

Adapting Router Buffers for Energy Efficiency Arun Vishwanath CEET, University of Melbourne

Adapting Router Buffers for Energy Efficiency Arun Vishwanath CEET, University of Melbourne Joint work with Vijay Sivaraman (UNSW), Zhi Zhao (UNSW), Craig Russell (CSIRO), Marina Thottan (Bell Labs) Special thanks also to Rod Tucker, Director

413 views • 18 slides
Carnegie Mellon Univ. Dept. of Computer Science 15-415 - Database Applications Lecture 12:

Carnegie Mellon Univ. Dept. of Computer Science 15-415 - Database Applications Lecture 12:

Faloutsos 15-415 CMU SCS Carnegie Mellon Univ. Dept. of Computer Science 15-415 - Database Applications Lecture 12: external sorting (R&amp;G ch. 13) Faloutsos 15-415 1 CMU SCS Why Sort? Faloutsos 15-415 2 CMU SCS Why Sort? select

333 views • 17 slides
Fast Buffer Insertion Considering Process Variation Jinjun Xiong, Lei He EE Department EE

Fast Buffer Insertion Considering Process Variation Jinjun Xiong, Lei He EE Department EE

Fast Buffer Insertion Considering Process Variation Jinjun Xiong, Lei He EE Department EE Department University of California, Los Angeles University of California, Los Angeles Sponsors: NSF, UC MICRO, Actel Actel, , Mindspeed Mindspeed

417 views • 26 slides
SCR and Preparing for Burst Buffers DOE COE Performance Portability Meeting August 23, 2017

SCR and Preparing for Burst Buffers DOE COE Performance Portability Meeting August 23, 2017

SCR and Preparing for Burst Buffers DOE COE Performance Portability Meeting August 23, 2017 Elsa Gonsiorowski LLNL-PRES-737156 This work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National

521 views • 33 slides
Integration of Burst Buffer in High- level Parallel IO Library for Exa- scale Computing Era SC

Integration of Burst Buffer in High- level Parallel IO Library for Exa- scale Computing Era SC

Integration of Burst Buffer in High- level Parallel IO Library for Exa- scale Computing Era SC 2018 PDSW workshop Kaiyuan Hou, Reda Al-Bahrani, Esteban Rangel, Ankit Agrawal, Robert Latham, Robert Ross, Alok Choudhary, and Wei-keng Liao

479 views • 19 slides
Chapter 5: Standard I/O Library CMPS 105: Systems Programming Prof. Scott Brandt T Th 2-3:45

Chapter 5: Standard I/O Library CMPS 105: Systems Programming Prof. Scott Brandt T Th 2-3:45

Chapter 5: Standard I/O Library CMPS 105: Systems Programming Prof. Scott Brandt T Th 2-3:45 Soc Sci 2, Rm. 167 Introduction The Standard I/O library Is a library of user-level functions Runs as part of application programs

545 views • 28 slides
Massive Data Algorithmics Lecture 5: External Search Trees Massive Data Algorithmics Lecture 5:

Massive Data Algorithmics Lecture 5: External Search Trees Massive Data Algorithmics Lecture 5:

Construction Buffer tree Massive Data Algorithmics Lecture 5: External Search Trees Massive Data Algorithmics Lecture 5: External Search Trees Construction Buffer tree B-tree Construction In internal memory we can sort N elements in O ( N

281 views • 13 slides

More recommend