Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Crispin Cowan SANS 2000.

Slides:



Advertisements
Similar presentations
12/13/04Craig E. Ward, CMSI 6011 Implications of Programming Language Selection on the Construction of Secure Software Systems A presentation of the paper.
Advertisements

Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.
Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
StackGuard: A Historical Perspective
Buffer Overflow Prevention ”\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e \x89\xe3\x50\x53\x50\x54\x53\xb0\x3b\x50\xcd\x80” Presented to CRAB April.
K. Salah1 Buffer Overflow The crown jewel of attacks.
Foundations of Network and Computer Security J J ohn Black Lecture #30 Nov 26 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
CMSC 426/626: Secure Coding Krishna M. Sivalingam Sources: From Secure Coding, Mark and van Wyk, O’Reilly,
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
DICOTS and StackGuard: Two current approaches to tolerating malicious code Carl Landwehr Mitretek Systems, Inc Colshire Dr. McLean, VA 22102
Teaching Buffer Overflow Ken Williams NC A&T State University.
Preventing Buffer Overflow Attacks. Some unsafe C lib functions strcpy (char *dest, const char *src) strcat (char *dest, const char *src) gets (char *s)
Windows XP SP2 Stack Protection Jimmy Hermansson Johan Tibell.
© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 13 Implementation Flaws Part 1: Buffer Overruns.
Teaching Buffer Overflow Ken Williams NC A&T State University.
SUNY at Buffalo; Computer Science; CSE620 – Advanced Networking Concepts; Fall 2005; Instructor: Hung Q. Ngo 1 Agenda Last words on buffer overflows Overview.
1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)
Efficient Instruction Set Randomization Using Software Dynamic Translation Michael Crane Wei Hu.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2012.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2013.
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.
Buffer Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Defenses Author:
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
Buffer Overflow Detection Stuart Pickard CSCI 297 June 14, 2005.
Mitigation of Buffer Overflow Attacks
Buffer Overflow CS461/ECE422 Spring Reading Material Based on Chapter 11 of the text.
Buffer Overflow Attack-proofing by Transforming Code Binary Gopal Gupta Parag Doshi, R. Reghuramalingam The University of Texas at Dallas 11/15/2004.
Overflows & Exploits. In the beginning 11/02/1988 Robert Morris, Jr., a graduate student in Computer Science at Cornell, wrote an experimental, self-replicating,
Buffer Overflow Proofing of Code Binaries By Ramya Reguramalingam Graduate Student, Computer Science Advisor: Dr. Gopal Gupta.
Buffer Overflow Group 7Group 8 Nathaniel CrowellDerek Edwards Punna ChalasaniAxel Abellard Steven Studniarz.
Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.
A Tool for Pro-active Defense Against the Buffer Overrun Attack D. Bruschi, E. Rosti, R. Banfi Presented By: Warshavsky Alex.
Protecting C Programs from Attacks via Invalid Pointer Dereferences Suan Hsi Yong, Susan Horwitz University of Wisconsin – Madison.
1 Understanding Pointers Buffer Overflow. 2 Outline Understanding Pointers Buffer Overflow Suggested reading –Chap 3.10, 3.12.
Buffer overflow and stack smashing attacks Principles of application software security.
Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.
Foundations of Network and Computer Security J J ohn Black CSCI 6268/TLEN 5550, Spring 2013.
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.
1988 Morris Worm … estimated 10% penetration 2001 Code Red … 300,00 computers breached 2003 Slammer/Sapphire … 75,00 infections in 10 min Zotob …
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
Software Security. Bugs Most software has bugs Some bugs cause security vulnerabilities Incorrect processing of security related data Incorrect processing.
Chapter 10 Buffer Overflow 1. A very common attack mechanism o First used by the Morris Worm in 1988 Still of major concern o Legacy of buggy code in.
1 Introduction to Information Security , Spring 2016 Lecture 2: Control Hijacking (2/2) Avishai Wool.
CS703 - Advanced Operating Systems By Mr. Farhan Zaidi.
Secure Programming Dr. X
Buffer Overflow Defenses
Buffer Overflow By Collin Donaldson.
Mitigation against Buffer Overflow Attacks
Sabrina Wilkes-Morris CSCE 548 Student Presentation
Buffer Overflow Defenses
Secure Programming Dr. X
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2016.
CMSC 414 Computer and Network Security Lecture 21
Software Security.
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
Defending against Stack Smashing attacks
Preventing Buffer Overflow Attacks
Software Security Lesson Introduction
Machine Level Representation of Programs (IV)
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2011.
Buffer Overflow Defenses
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2009.
Understanding and Preventing Buffer Overflow Attacks in Unix
CNT4704: Analysis of Computer Communication Network Special Topic: Buffer Overflow II: Defense Techniques Cliff Zou Fall 2011.
Return-to-libc Attacks
Presentation transcript:

Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Crispin Cowan SANS 2000

Buffer Overflows Inject and execute attack code at the privilege of the vulnerable program. “exec(/bin/sh)”

Inject Code On the stack (automatic variables) On the heap (malloc’d variables) In static data areas Code does not need to be in the overflowing buffer.

Use Code Already There “exec(arg)” by making arg point to “/bin/sh”

Jump to Attacker’s Code Activation Record Overflow into return address on the stack and make it point at the code. Overflow into return address on the stack and make it point at the code. Function pointers Overflow into “void (*foo())()” and it point at the code. Overflow into “void (*foo())()” and it point at the code.

Buffer Overflow Defenses Writing Correct Code Vulnerable programs continue to emerge on a regular basis Vulnerable programs continue to emerge on a regular basis C has many error-prone idioms and a culture that favors performance over correctness. Static Analysis Tools Fortify – looks for vulnerable constructs Fortify – looks for vulnerable constructs Too many false positives. Too many false positives.

Buffer Overflow Defenses Non-executable buffers Non executable data segments Non executable data segments Optimizing compiles emit code into program data segments Non executable stack segments Non executable stack segments Highly effective against code injection on the stack but not against code injections on the heap or static variables.

Buffer Overflow Defenses Array Bound Checking Can run 12x-30x slower Can run 12x-30x slower a[3] is checked but *(a+3) is not a[3] is checked but *(a+3) is not

Buffer Overflow Defenses Type safe languages: Java or ML There are millions of lines of C code in operating systems and security system applications There are millions of lines of C code in operating systems and security system applications Attack the Java Virtual Machine which is a C program Attack the Java Virtual Machine which is a C program

Canary Terminator Canary 0 (null), CR, LF, -1 (EOF) 0 (null), CR, LF, -1 (EOF) Random Canary 32 bit random number 32 bit random number

StackGuard Compiler Recompiled Linux Prevented old and new attacks Execution cost of SSH and Apache was indistinguishable

StackGuard Compiler Performance Pointer dereferencing occurs much less than array references Pointer dereferencing occurs much less than array references There does not exist any bounds checking compiler capable of approaching the compatibility and performance of the StackGuard compiler

PointGuard Compiler Put canary next to function pointers as well. Only the relative obscure form of buffer overflow attack that corrupts non-pointer variables to affect the program’s logic will escape PointGuard (Morris worm)

Conclusion Use Safer Library : Strsafe.h Visual C++.NET /GS option Similar to StackGuard Similar to StackGuard

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.