CS703 - Advanced Operating Systems

Slides:



Advertisements
Similar presentations
Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Advertisements

Buffer Overflow Prabhaker Mateti Wright State University.
Smashing the Stack for Fun and Profit
Array_strcpy void array_strcpy(char dest[], char src[]) { int i = 0; while (src[i] != '\0') { dest[i] = src[i]; i++; } dest[i] = '\0'; }
Communications of the ACM (CACM), Vol. 32, No. 6, June 1989
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Foundations of Network and Computer Security J J ohn Black Lecture #30 Nov 26 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Avishai Wool, lecture Introduction to Information Security Lecture 1.
1 Information Security – Theory vs. Reality , Winter 2011 Lecture 8: Control hijacking attacks Eran Tromer Slides credit: Dan Boneh, Stanford.
SCSC 555 Computer Security Chapter 10 Malicious software Part B.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
1 Control Hijacking Attacks Buffer overflows and format string bugs.
Preventing Buffer Overflow Attacks. Some unsafe C lib functions strcpy (char *dest, const char *src) strcat (char *dest, const char *src) gets (char *s)
1 Control Hijacking Attacks Buffer overflows and format string bugs.
Control Hijacking Attacks Note: project 1 is out Section this Friday 4:15pm.
1 Pertemuan 23 Sistem Keamanan Matakuliah: T0316/sistem Operasi Tahun: 2005 Versi/Revisi: 5.
Chapter 9 Security Authentication Insider Attacks Exploiting Code Bugs.
1 Buffer Overflow Attacks and Format String bugs.
Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.
CS426Fall 2010/Lecture 111 Computer Security CS 426 Lecture 11 Software Vulnerabilities: Input Validation Issues & Buffer Overflows.
Buffer Overflow Attacks Figure (a) Situation when the main program is running. (b) After the procedure A has been called. (c) Buffer overflow shown.
Control hijacking attacks Attacker’s goal: – Take over target machine (e.g. web server) Execute arbitrary code on target by hijacking application control.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Statically Detecting Likely Buffer Overflow Vulnerabilities David Larochelle David Evans University of Virginia Department of Computer Science Supported.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Buffer overflows.
Lecture 6: Buffer Overflow CS 436/636/736 Spring 2014 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)
System Programming Topic 19
G53SEC 1 Software Security Overflows, overruns and (some) confusions.
C Programming - Lecture 6 This lecture we will learn: –Error checking in C –What is a ‘wrappered function’? –What is a clean interface? –How to earn your.
University of Washington Today Memory layout Buffer overflow, worms, and viruses 1.
1 Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
Cosc 4765 Software Security. Software security design issues First the challenge of software security: Change: –the conditions under which we established.
Avishai Wool, lecture Introduction to Information Security Lecture 1.
Overflow Examples 01/13/2012. ACKNOWLEDGEMENTS These slides where compiled from the Malware and Software Vulnerabilities class taught by Dr Cliff Zou.
Buffer Overflow. Introduction On many C implementations, it is possible to corrupt the execution stack by writing past the end of an array. Known as smash.
Lecture 8: Buffer Overflow CS 436/636/736 Spring 2013 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)
Control Hijacking Attacks Note: project 1 is out Section this Friday 2pm (Skilling 090)
Buffer Overflow Attack- proofing of Code Binaries Ramya Reguramalingam Gopal Gupta Gopal Gupta Department of Computer Science University of Texas at Dallas.
Information Security - 2. A Stack Frame. Pushed to stack on function CALL The return address is copied to the CPU Instruction Pointer when the function.
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Control Hijacking Attacks Note: project 1 is out Section this Friday 4:15pm (Gates B03)
Buffer Overflow Attacks 1 Basic Idea Sample Attacks Protection , Computer & Network Security.
Basic of Buffer Over Flow
Classic Buffer OVERFLOW ATTACKS CSCE 548 Student Presentation Mouiad Al Wahah.
Chapter 9 Security 9.1 The security environment
Refs: rootshell, antionline, your favorite hacker site…
Buffer Overflow Buffer overflows are possible because C doesn’t check array boundaries Buffer overflows are dangerous because buffers for user input are.
Introduction to Information Security
The Hardware/Software Interface CSE351 Winter 2013
Introduction to Information Security , Spring 2016 Lecture 1: Introduction, Control Hijacking (1/2) Avishai Wool.
Basic Memory Corruption Attacks
Basic Memory Corruption Attacks
Information Security CS 526 Topic 8
CNT4704: Computer Networking Special Topic: Buffer Overflow I: Attack Introduction Cliff Zou Fall 2009.
Basic Control Hijacking Attacks
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
جلسه دوم مبانی امنیت (3) ارائه دهنده: حسین محمدحسن زاده 15 اسفند 1391
Preventing Buffer Overflow Attacks
Lecture 9: Buffer Overflow*
Machine Level Representation of Programs (IV)
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2015.
Buffer Overflows.
Crisis and Aftermath Morris worm.
Buffer Overflow and Stack Smashing
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2016.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2013.
Presentation transcript:

CS703 - Advanced Operating Systems By Mr. Farhan Zaidi

Lecture No. 42

Overview of today’s lecture Trojan Horses Login spoofing attacks Logic bombs Trap doors Buffer and stack overflow attacks Unsafe C library functions

Trojan Horses (from Tanenbaum’s book) Free program made available to unsuspecting user Actually contains code to do harm Place altered version of utility program on victim's computer trick user into running that program

Login Spoofing (a) Correct login screen (b) Phony login screen

Logic Bombs Company programmer writes program potential to do harm OK as long as he/she enters password daily ff programmer fired, no password and bomb explodes

Trap Doors (a) Normal code. (b) Code with a trapdoor inserted

Buffer overflows First major exploit: 1988 Internet Worm. fingerd. Extremely common bug. First major exploit: 1988 Internet Worm. fingerd. 10 years later: over 50% of all CERT advisories: 1997: 16 out of 28 CERT advisories. 1998: 9 out of 13 -”- 1999: 6 out of 12 -”- Often leads to total compromise of host. Fortunately: exploit requires expertise and patience. Two steps: Locate buffer overflow within an application. Design an exploit.

Buffer Overflow (a) Situation when main program is running (b) After program A called (c) Buffer overflow shown in gray

What are buffer overflows? Suppose a web server contains a function: void func(char *str) { char buf[128]; strcpy(buf, str); do-something(buf); } When the function is invoked the stack looks like: What if *str is 136 bytes long? After strcpy: str ret-addr sfp buf top of stack str top of stack *str ret

Basic stack exploit Program P: exec( “/bin/sh” ) Main problem: no range checking in strcpy(). Suppose *str is such that after strcpy stack looks like: When func() exits, the user will be given a shell !! Note: attack code runs in stack. To determine ret guess position of stack when func() is called. Use a stream of NOPs top of stack *str ret Code for P Program P: exec( “/bin/sh” ) (exact shell code by Aleph One)

Some unsafe C lib functions strcpy (char *dest, const char *src) strcat (char *dest, const char *src) gets (char *s) scanf ( const char *format, … ) printf (conts char *format, … ) How does an attacker actually launches this attack. Inspection of source code Help of Debuggers Cramming a lot of data into a program

Exploiting buffer overflows Suppose web server calls func() with given URL. Attacker can create a 200 byte URL to obtain shell on web server. Some complications: Program P should not contain the ‘\0’ character. Overflow should not crash program before func() exists. Sample buffer overflows of this type: Overflow in MIME type field in MS Outlook. Overflow in ISAPI in IIS.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.