secure programming
play

SECURE PROGRAMMING A.A. 2018/2019 INTEGER SECURITY System, Social - PowerPoint PPT Presentation

Aug 28, 2022 •178 likes •704 views

SECURE PROGRAMMING A.A. 2018/2019 INTEGER SECURITY System, Social and Mobile Security SECURITY FLAWS The integers are formed by the natural numbers including 0 (0, 1, 2, 3, . . .) together with the negatives of the nonzero natural numbers

  1. SECURE PROGRAMMING A.A. 2018/2019

  2. INTEGER SECURITY System, Social and Mobile Security

  3. SECURITY FLAWS The integers are formed by the natural numbers including 0 (0, 1, 2, 3, . . .) together with the negatives of the nonzero natural numbers (–1, –2, –3, . . .). Integers represent a growing and underestimated source of vulnerabilities in C programs, primarily because boundary. When developing secure systems, we cannot assume that a program will operate normally, given a range of expected inputs, because attackers are looking for input values that produce an abnormal effect. System, Social and Mobile Security

  4. REPRESENTATION So, how are integer represented in C? Sign magnitude or two’s complement? System, Social and Mobile Security

  5. TWO’S COMPLEMENT Binary value Two's complement Unsigned 00000000 0 0 00000001 1 1 ⋮ ⋮ ⋮ 01111110 126 126 01111111 127 127 10000000 −128 128 10000001 −127 129 10000010 −126 130 ⋮ ⋮ ⋮ 11111110 −2 254 11111111 −1 255 In two's-complement, there is only one zero, represented as 00000000. Negating a number (whether negative or positive) is done by inverting all the bits and then adding one to that result System, Social and Mobile Security

  6. HOW TO GET THE COMPLEMENTARY From a number to its complement: from 5 to -5 Flip all the bits and then + 1 0000 0101 (value 5) ü 1111 1010 (flip) ü 1111 1011 (+1) You can do the inverse algorithm: when an integer number starts with 1 it means that it is negative ü 1111 1011 value (-5) ü 1111 1010 (-1) ü 0000 0101 (flip) System, Social and Mobile Security

  7. HOW MANY NUMBERS CAN I REPRESENT? With n bits ü From (-2 N −1 ) to (2 N −1 − 1) ü There is no “-0”, so it is possible to represent one more negative number For instance, with 8 bits, ü from -128 to + 127 1000 0000 0111 1111 The rule in the previous slide to get the complimentary does not work because 128 is not representable with 8 bits in two’s complement System, Social and Mobile Security

  8. OPERATION EXAMPLES Ok! 11111 111 (carry) 0000 1111 (15) 0000 1111 (15) + 1111 1011 ( − 5) + 1111 1011 ( − 5) ================== 0000 1010 (10) Arithmetic overflow! 0111 (carry) 0111 (7) 0111 (7) + 0011 (3) + 0011 (3) ============= 1010 ( − 6) invalid! Ok! 11110 000 (borrow) 0000 1111 (15) 0000 1111 (15) − 1111 1011 ( − 5) − 1111 1011 ( − 5) =========== 0001 0100 (20) System, Social and Mobile Security

  9. UNSIGNED TYPES System, Social and Mobile Security

  10. WRAPAROUND A computation involving unsigned operands can never overflow, because a result that cannot be represented by the resulting unsigned integer type is reduced modulo the number that is 1 greater than the largest value that can be represented by the resulting type. System, Social and Mobile Security

  11. EXAMPLE System, Social and Mobile Security

  12. EXAMPLE for (unsigned i = n; --i >= 0; ) // will never terminate This type of software failure occurred on Saturday, December 25, 2004, when Comair halted all operations and grounded 1,100 flights after a crash of its flight-crew- scheduling software. The software failure was the result of a 16-bit counter that limits the number of changes to 32,768 in any given month. Storms earlier in the month caused many crew reassignments, and the 16-bit value was exceeded. System, Social and Mobile Security

  13. CHECKS System, Social and Mobile Security

  14. CHECKS System, Social and Mobile Security

  15. OPERATORS AND WRAPS System, Social and Mobile Security

  16. SIGNED TYPES System, Social and Mobile Security

  17. SIGNED TYPES In C, each unsigned integer type, excluding the type _Bool, has a corresponding signed integer type that occupies the same amount of storage. ü signed char ü short int ü int ü long int ü long long int System, Social and Mobile Security

  18. WHY SO MANY SIGNED TYPES? Most integer variables are used as sizes, counters, or indices that require only nonnegative values. So why not declare them as unsigned integers that have a greater range of positive values? One possible explanation is the lack of an exception- handling mechanism in C. As a result, C programmers have developed various mechanisms for returning status from functions. System, Social and Mobile Security

  19. WRAP WHEEL Two’s complement System, Social and Mobile Security

  20. FROM GREATEST TO LOWEST System, Social and Mobile Security

  21. EXAMPLES System, Social and Mobile Security

  22. TABLE OF OPERATORS System, Social and Mobile Security

  23. SIGNED AND UNSIGNED CHAR The CERT C Secure Coding Standard, “ INT07-C. Use only explicitly signed or unsigned char type for numeric values ” ü It is the only portable way to guarantee the signedness of the character types. System, Social and Mobile Security

  24. TYPE CONVERSIONS System, Social and Mobile Security

  25. HIERARCHY OF TYPES When arithmetic operands have different types, the implicit type conversion is governed by the types’ conversion rank. ü Any two unsigned integer types have different conversion ranks. If one is wider than the other, then it has a higher rank. ü Each signed integer type has the same rank as the corresponding unsigned type. ü The standard integer types are ranked in the order: • _Bool < char < short < int < long < long long ü The floating-point types are ranked in the following order: • float < double < long double ü The lowest-ranked floating-point type, float , has a higher rank than any integer type. ü Enum have the same rank as int. System, Social and Mobile Security

  26. INTEGER PROMOTION In any expression, you can always use a value whose type ranks lower than int in place of an operand of type int or unsigned int . In these cases, the compiler applies integer promotion : any operand whose type ranks lower than int is automatically converted to the type int , provided int is capable of representing all values of the operand’s original type. If int is not sufficient, the operand is converted to unsigned int . Operations in the CPU are executed on 4 bytes at least System, Social and Mobile Security

  27. EXAMPLE 120 #include <stdio.h> int main() { char a = 30, b = 40, c = 10; char d = (a * b) / c; printf ("%d ", d); return 0; } At first look, the expression (a*b)/c seems to cause arithmetic overflow because signed characters can have values only from -128 to 127 (in most of the C compilers), and the value of subexpression ‘(a*b)’ is 1200 which is greater than 128. But integer promotion happens here in arithmetic done on char types and we get the appropriate result without any overflow. System, Social and Mobile Security

  28. WHAT DOES IT HAPPEN? The usual arithmetic conversions are applied as follows: ü If either operand has a floating-point type, then the operand with the lower conversion rank is converted to a type with the same rank as the other operand. Real types are converted only to real types. ü If both operands are integers, integer promotion is first performed on both operands. If after integer promotion the operands still have different types, conversion continues as follows: • If one operand has an unsigned type T whose conversion rank is at least as high as that of the other operand’s type, then the other operand is converted to type T . • Otherwise, one operand has a signed type T whose conversion rank is higher than that of the other operand’s type. The other operand is converted to type T only if type T is capable of representing all values of its previous type. If not, then both operands are converted to the unsigned type that corresponds to the signed type T . System, Social and Mobile Security

  29. EXAMPLES int x = 0; int i = -1; unsigned int limit = 200U; long n = 30L; if ( i < limit ) x = limit * n; printf(“%d\n”, x); 0 In this example, to evaluate the comparison in the if condition, the value of i, –1, must first be converted to the type unsigned int . The result is a large positive number (next slide). Hence, the if condition is false . In the if, the value of limit is converted to n ’s type, long , if the value range of long contains the whole value range of unsigned int . If not— for example, if both int and long are 32 bits wide—then both multiplicands are converted to unsigned long . System, Social and Mobile Security

  30. CONVERSIONS TO UNSIGNED INTEGER TYPES Integer values are always preserved if they are within the range of the new unsigned type ü Between 0 and U type _MAX For values outside the new unsigned type’s range, the value after conversion is the value obtained by adding (U type _MAX + 1) as many times as necessary until the result is within the range of the new type. unsigned short n = 1000; // The value 1000 is within the range of // unsigned short n = -1; // the value –1 must be converted. –1 + (USHRT_MAX + 1) = USHRT_MAX, the final statement in the previous example is equivalent to n = USHRT_MAX; System, Social and Mobile Security

  31. INTEGER VULNERABILITIES System, Social and Mobile Security

  32. EXAMPLE JPEG COM Marker Processing Vulnerability in Netscape Browsers size_t is always an alias for an unsigned type What if 1 is passed as length? System, Social and Mobile Security

  33. CONVERSION ERRORS malloc() takes size_t as argument What if 1 negative? System, Social and Mobile Security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secure Programs via Game-based Synthesis Somesh Jha, Tom Reps, and Bill Harris 1 Tuesday,

Secure Programs via Game-based Synthesis Somesh Jha, Tom Reps, and Bill Harris 1 Tuesday,

Secure Programs via Game-based Synthesis Somesh Jha, Tom Reps, and Bill Harris 1 Tuesday, October 22, 13 One-slide summary Secure programming on a conventional OS is intractable Privilege-aware OSs take secure programming from

2.28k views • 195 slides
Secure Programming Laboratory 3: Race Condition SP Demonstrators: Arthur Chan / Henry Clausen /

Secure Programming Laboratory 3: Race Condition SP Demonstrators: Arthur Chan / Henry Clausen /

Secure Programming Laboratory 3: Race Condition SP Demonstrators: Arthur Chan / Henry Clausen / David Aspinall 1st November 2019 Orientation This is the third Laboratory Session for Secure Programming It is convened by Arthur (in abstentia),

536 views • 8 slides
Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science

Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science

Systems and Software Verification Laboratory Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science lucas.cordeiro@manchester.ac.uk Secure C Programming Lucas Cordeiro (Formal Methods Group)

1.63k views • 144 slides
CSE 291 Building Secure Systems using Programming Languages and Analysis Fall 2016 Tue/Thurs

CSE 291 Building Secure Systems using Programming Languages and Analysis Fall 2016 Tue/Thurs

CSE 291 Building Secure Systems using Programming Languages and Analysis Fall 2016 Tue/Thurs 5:00-6:20PM Deian Stefan UC San Diego Who am I? New assistant professor PhD at Stanford (Mazieres &amp; Mitchell) I like to build secure

896 views • 50 slides
Secure Programming Laboratory 2: Shellshock and Race Condition SP Demonstrators: Arthur Chan /

Secure Programming Laboratory 2: Shellshock and Race Condition SP Demonstrators: Arthur Chan /

Secure Programming Laboratory 2: Shellshock and Race Condition SP Demonstrators: Arthur Chan / David Aspinall 13th February 2019 Orientation This is the second Laboratory Session for Secure Programming It is convened by Arthur and David. The

332 views • 14 slides
Secure Programming Laboratory 5: Android Security SP Demonstrators: Arthur Chan / David Aspinall

Secure Programming Laboratory 5: Android Security SP Demonstrators: Arthur Chan / David Aspinall

Secure Programming Laboratory 5: Android Security SP Demonstrators: Arthur Chan / David Aspinall 27th March 2019 Orientation This is the final Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

113 views • 8 slides
Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th November 2019 Orientation This is the fourth Laboratory Session for Secure Programming It is convened by Arthur, Henry and David. The handout and

556 views • 8 slides
Secure Programming Laboratory 1: Introduction SP Demonstrators: Arthur Chan / David Aspinall 4th

Secure Programming Laboratory 1: Introduction SP Demonstrators: Arthur Chan / David Aspinall 4th

Secure Programming Laboratory 1: Introduction SP Demonstrators: Arthur Chan / David Aspinall 4th October 2019 Orientation This is the first Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

570 views • 11 slides
Secure Programming Laboratory 3: Injection SP Demonstrators: Arthur Chan / David Aspinall 6th

Secure Programming Laboratory 3: Injection SP Demonstrators: Arthur Chan / David Aspinall 6th

Secure Programming Laboratory 3: Injection SP Demonstrators: Arthur Chan / David Aspinall 6th March 2019 Orientation This is the third Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

81 views • 7 slides
Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 20th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 20th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 20th March 2019 Orientation This is the fourth Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

441 views • 8 slides
Secure Programming with Static Analysis Brian Chess brian@fortify.com Software Systems that

Secure Programming with Static Analysis Brian Chess brian@fortify.com Software Systems that

Secure Programming with Static Analysis Brian Chess brian@fortify.com Software Systems that are Ubiquitous Connected Dependable Complexity Unforeseen Consequences Software Security Today The line between secure/insecure is

624 views • 48 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research &amp; Boston University y Michael Schapira

701 views • 54 slides
Secure Software Programming and Vulnerability Analysis Christopher Kruegel

Secure Software Programming and Vulnerability Analysis Christopher Kruegel

Automation Systems Group Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Automation Systems Group Buffer Overflows Secure Software Programming 2

520 views • 17 slides
Outline W X (DEP) CSci 4271W Return-oriented programming (ROP) Development of Secure

Outline W X (DEP) CSci 4271W Return-oriented programming (ROP) Development of Secure

Outline W X (DEP) CSci 4271W Return-oriented programming (ROP) Development of Secure Software Systems Day 6: Memory safety defenses and counter-attacks Announcements break Stephen McCamant University of Minnesota, Computer Science &amp;

394 views • 4 slides
SWE 681 / ISA 681 Secure So0ware Design &amp; Programming: Lecture 2: Input ValidaCon Dr. David

SWE 681 / ISA 681 Secure So0ware Design &amp; Programming: Lecture 2: Input ValidaCon Dr. David

SWE 681 / ISA 681 Secure So0ware Design &amp; Programming: Lecture 2: Input ValidaCon Dr. David A. Wheeler 2017-10-22 Outline Get a raise! Failure example AOack surface: Where are the inputs? Non-bypassability, whitelist not

507 views • 46 slides
Ling 555 Programming for Linguists More unix basics &amp; Regular Expressions Robert Albert

Ling 555 Programming for Linguists More unix basics &amp; Regular Expressions Robert Albert

Ling 555 Programming for Linguists More unix basics &amp; Regular Expressions Robert Albert Felty Speech Research Laboratory Indiana University Sep. 08, 2008 Network tools ssh secure remote login to another computer sftp secure file

594 views • 38 slides
m m i b 2 binary by where the b

m m i b 2 binary by where the b

Decimal and binary representation systems They both are positional representation systems In decimal numbers are represented by the coefficients of the powers of 10 Example: 321 = 3 . 10 2 + 2 . 10 1 + 1. 10 0 Decomposing 321 in

471 views • 5 slides
Types in C LAST TODAY NEXT Numbers in C Cs Memory Model C0 virtual machine

Types in C LAST TODAY NEXT Numbers in C Cs Memory Model C0 virtual machine

Types in C LAST TODAY NEXT Numbers in C Cs Memory Model C0 virtual machine Implementation-defined behavior Arrays and pointers Other C types Pointer casting Arrays on the stack Structs on the stack

464 views • 27 slides
Compiler Development (CMPSC 401) Lexical Analysis: JFlex Janyl Jumadinova February 5, 2019

Compiler Development (CMPSC 401) Lexical Analysis: JFlex Janyl Jumadinova February 5, 2019

Compiler Development (CMPSC 401) Lexical Analysis: JFlex Janyl Jumadinova February 5, 2019 Janyl Jumadinova Compiler Development (CMPSC 401) February 5, 2019 1 / 9 Getting jFlex jFlex package and documentation can be obtained from

286 views • 10 slides
Slides for Lecture 3 ENEL 353: Digital Circuits Fall 2013 Term Steve Norman, PhD, PEng

Slides for Lecture 3 ENEL 353: Digital Circuits Fall 2013 Term Steve Norman, PhD, PEng

Slides for Lecture 3 ENEL 353: Digital Circuits Fall 2013 Term Steve Norman, PhD, PEng Electrical &amp; Computer Engineering Schulich School of Engineering University of Calgary 13 September, 2013 slide 2/22 ENEL 353 F13 Section 02

398 views • 22 slides
Raymarching Signed Distance Fields To raytrace or raycast implicit functions, consider signed

Raymarching Signed Distance Fields To raytrace or raycast implicit functions, consider signed

Raymarching Signed Distance Fields To raytrace or raycast implicit functions, consider signed distance fields . 1. Fire ray into scene 2. At each step, measure distance field function: d = [distance to nearest object in scene] 3. Advance ray

403 views • 4 slides
Signed Cryptographic Program Verification with Typed C RYPTO L INE Yu-Fu Fu 1 , Jiaxiang Liu 2 ,

Signed Cryptographic Program Verification with Typed C RYPTO L INE Yu-Fu Fu 1 , Jiaxiang Liu 2 ,

Signed Cryptographic Program Verification with Typed C RYPTO L INE Yu-Fu Fu 1 , Jiaxiang Liu 2 , Xiaomu Shi 2 , Ming-Hsien Tsai 1 , Bow-Yaw Wang 1 , Bo-Yin Yang 1 1 Academia Sinica 2 Shenzhen University ACM CCS 2019 1/42 Outline Introduction 1

936 views • 79 slides
Preview question Which of the following is not always true, when the variables are interpreted as

Preview question Which of the following is not always true, when the variables are interpreted as

Preview question Which of the following is not always true, when the variables are interpreted as 32-bit unsigned t s in C? CSci 5271 A. is odd, if both and are odd Introduction to Computer Security Low-level

311 views • 7 slides
321 (in decimal) Data Representation 100 10 1 How did we get these? 10 2 10 1 10 0

321 (in decimal) Data Representation 100 10 1 How did we get these? 10 2 10 1 10 0

1/26/2017 321 (in decimal) Data Representation 100 10 1 How did we get these? 10 2 10 1 10 0 Base-10 Positions denote powers of 10 3*100 + 2*10 + 1*1 Digits 0-9 denote position values 101000001 101000001 How did we 256 128 64

168 views • 16 slides

More recommend