Presentation is loading. Please wait.

Presentation is loading. Please wait.

Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Published byKathleen Barnett Modified over 8 years ago

Similar presentations

Presentation on theme: "Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother."— Presentation transcript:

1 Buffer Overflow Attacks

2 Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother board operations, to monitor and I/O devices. If the software that manages these systems can be corrupted. If could give the attacker key access to many computer functions.

3 Using unsafe C functions without any protection code. The program does not validate the input. The return address is adjacent to the program’s code and data. There is a suitable program to exploit the vulnerability.

4 Unsafe C functions are functions that do not check for bounds when copying or moving data Will not explicitly terminate a string in memory where it should be terminated This problem is mostly related to string and character manipulation such as gets() and strcpy(). Programmers need to check boundaries to have effective garbage collection in code.

5 #include int main(int argc, char **argv) { /* declare a buffer with max 512 bytes in size*/ char mybuff[512]; /* verify the input */ if(argc < 2) { printf("Usage: %s \n", argv[0]); exit (0); } if (strlen(argv[1]) > 512) exit (1); /* else if there is an input, copy the string into the buffer */ strcpy(mybuff, argv[1]); /* display the buffer's content */ printf("Buffer's content: %s\n", mybuff); return 0; } Simply adding extra code to check the boundary. If the boundary is violated, the program will just exit.

6 Input validation also can be implemented in the program to stop the buffer overflows Problem is, not all the input combinations can be tested Based on the types of interfaces the application will use? Enhancing validating inputs with something like this shown on the next page.

7 The previous code can be enhanced further by validating inputs of common characters people might input. if (strlen(argv[1]) > 512) if(element_of_argv[1] == NOP && element_of_argv[1] == "sh" &&...) if(last_argv[1]_element != '\0') exit (1); In addition, if its a web form, check the controls validation rules for default settings.

8 Depending how you compile your code some compliers will place return address adjacent to the program’s data and code. Moreover, based on what environment your program will run in. Unix, Window….etc. Each environment will have setup options that will help you stop Buffer Overflow problems. So during the analysis phase of development, know what you can and cannot do based on the environment your program will live in.

9 Test your code for suitable exploits and have built in termination protocols. Know what types of shell-scripts one might create to start a Buffer Overflow incident within your environment. In addition, how might these scripts be used to overwrite return addresses? What tools does the environment offer to protect your software, and what might you have to built into your program.

10 The following Figure shows a block diagram for computer system detection and prevention at various stages Secure coding practices, using secure library, simple check list, etc /GS options, canary, warning messages, encrypt the return address, storing return add as different locations, etc Kernel patch – SE-Linux (Role Based and Code Based Security Access, Exec-Shield – address space randomization. Patch-Guard, etc NX/XD bit flag. Control Registers (CR) Memory Management Unit (MMU), etc. Non- executable flag, etc Intrusion Detection System (IDS), firewall, etc

11 Part A, The programmer role. Programmers must know and practice secure coding Part B, The compiler, OS, memory and processor roles to detect and/or prevent buffer overflow Part C, Memory management, processor and OS play a roles to help prevent the buffer overflow Part A Part B Part C

12 Part A, This diagram shows best practices for training and editing code Part A, Also is where Secure code and testing should take place before compiling. Part A Part B Part C

13 The last diagram incorporates secure coding knowledge and enhancing the editor for best practices. The buffer overflow vulnerability and exploit are best taught by example using unsafe C code. Some of the newer compliers like Visual Studio have intellisense installed and will point out coding problems relating to Buffer Overflows. Others will not have advance features like this, so training will be key for programmers.

14 The End

Download ppt "Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother."

Similar presentations

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.

Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson

CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Foundations of Network and Computer Security J J ohn Black Lecture #30 Nov 26 th 2007 CSCI 6268/TLEN 5831, Fall 2007.

Foundations of Network and Computer Security J J ohn Black Lecture #30 Nov 26 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.

Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
Starting Out with C++: Early Objects 5/e © 2006 Pearson Education. All Rights Reserved Starting Out with C++: Early Objects 5 th Edition Chapter 1 Introduction.

Starting Out with C++: Early Objects 5/e © 2006 Pearson Education. All Rights Reserved Starting Out with C++: Early Objects 5 th Edition Chapter 1 Introduction.
Lecture 16 Buffer Overflow

Lecture 16 Buffer Overflow
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.

University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
Alternate Version of STARTING OUT WITH C++ 4 th Edition Chapter 1 Introduction to Computers and Programming.

Alternate Version of STARTING OUT WITH C++ 4 th Edition Chapter 1 Introduction to Computers and Programming.
Chapter Introduction to Computers and Programming 1.

Chapter Introduction to Computers and Programming 1.

Similar presentations

Ads by Google