University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.

Slides:



Advertisements
Similar presentations
Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Advertisements

Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.
Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
What is a pointer? First of all, it is a variable, just like other variables you studied So it has type, storage etc. Difference: it can only store the.
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
The Environment of a UNIX Process. Introduction How is main() called? How are arguments passed? Memory layout? Memory allocation? Environment variables.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
. Plab – Tirgul 2 Const, C Strings. Pointers int main() { int i,j; int *x; // x points to an integer i = 1; x = &i; j = *x; ijx 1.
12/2/05CS591-F2005, UCCS Frank Gearhart 1 Why doesn’t “gets()” get it? Or more formally: An investigation into the use of the buffer overflow vulnerability.
September 22, 2014 Pengju (Jimmy) Jin Section E
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.
Peter Juszczyk CS 492/493 - ISGS. // Is this C# or Java? class TestApp { static void Main() { int counter = 0; counter++; } } The answer is C# - In C#
Static Analysis for Security Amir Bazine Per Rehnberg.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
University of Calgary – CPSC 441. C PROGRAM  Collection of functions  One function “main()” is called by the operating system as the starting function.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Fall 2008CS 334: Computer SecuritySlide #1 Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for Fun and Profit.
Computer Security and Penetration Testing
Buffer Overflow Computer Organization II 1 © McQuain Buffer Overflows Many of the following slides are based on those from Complete Powerpoint.
University of Washington Today Memory layout Buffer overflow, worms, and viruses 1.
Mitigation of Buffer Overflow Attacks
1 C - Memory Simple Types Arrays Pointers Pointer to Pointer Multi-dimensional Arrays Dynamic Memory Allocation.
Brian E. Brzezicki. This tutorial just illustrates the underlying concepts of buffer overflows by way of an extremely simple stack overflow  Most buffer.
University of Washington Today Happy Monday! HW2 due, how is Lab 3 going? Today we’ll go over:  Address space layout  Input buffers on the stack  Overflowing.
Smashing the Stack Overview The Stack Region Buffer Overflow
Buffer Overflows Many of the following slides are based on those from
File I/O, Project 1: List ADT Bryce Boe 2013/07/02 CS24, Summer 2013 C.
Overflows & Exploits. In the beginning 11/02/1988 Robert Morris, Jr., a graduate student in Computer Science at Cornell, wrote an experimental, self-replicating,
CPS4200 Unix Systems Programming Chapter 2. Programs, Processes and Threads A program is a prepared sequence of instructions to accomplish a defined task.
Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.
Lecture 9: Buffer Ovefflows and ROP EEN 312: Processors: Hardware, Software, and Interfacing Department of Electrical and Computer Engineering Spring 2014,
Memory Layout, File I/O Bryce Boe 2013/06/27 CS24, Summer 2013 C.
What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.
CNIT 127: Exploit Development Ch 8: Windows Overflows Part 2.
Buffer overflow and stack smashing attacks Principles of application software security.
CS 155 Section 1 PP1 Eu-Jin Goh. Setting up Environment Demo.
Reminder Bomb lab is due tomorrow! Attack lab is released tomorrow!!
Information Security - 2. A Stack Frame. Pushed to stack on function CALL The return address is copied to the CPU Instruction Pointer when the function.
Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.
Chapter 16 Pointers and Arrays Pointers and Arrays We've seen examples of both of these in our LC-3 programs; now we'll see them in C. Pointer Address.
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
Chapter Nine Strings. Char vs String Literals Size of data types: Size of data types: –sizeof(“hello\n”)7 bytes –sizeof(“hello”)6 bytes –sizeof(“X”)2.
CS 3214 Computer Systems Godmar Back Lecture 7. Announcements Stay tuned for Project 2 & Exercise 4 Project 1 due Sep 16 Auto-fail rule 1: –Need at least.
CSE 303 Concepts and Tools for Software Development Richard C. Davis UW CSE – 10/11/2006 Lecture 7 – Introduction to C.
Chapter 10 Chapter 10 Implementing Subprograms. Implementing Subprograms  The subprogram call and return operations are together called subprogram linkage.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2014.
Software Security. Bugs Most software has bugs Some bugs cause security vulnerabilities Incorrect processing of security related data Incorrect processing.
Buffer Overflow By Collin Donaldson.
Buffer Overflow Buffer overflows are possible because C doesn’t check array boundaries Buffer overflows are dangerous because buffers for user input are.
Buffer Overflow Walk-Through
Instructions for test_function
Stack and Heap Memory Stack resident variables include:
The Hardware/Software Interface CSE351 Winter 2013
Pointers & Arrays 1-d arrays & pointers 2-d arrays & pointers.
C Basics.
Recitation: Attack Lab
Buffer Overflow Walk-Through
CMSC 414 Computer and Network Security Lecture 21
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
Software Security Lesson Introduction
Format String.
Buffer Overflows.
Understanding and Preventing Buffer Overflow Attacks in Unix
Format String Vulnerability
Presentation transcript:

University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3

University of Washington Structs as parameters 5/2/13 2 In the previous section, we looked at how integers and pointers were passed as arguments to functions If we were to pass a struct by value to a function (as in not passing a pointer), how would the compiler use assembly instructions to achieve this? Let’s take a look at an example (see pass_struct.c from the section material)

University of Washington Buffer overflows 5/2/13 3 C performs no bounds-checking on array accesses; this makes it fast but also unsafe  What would we need to add to C to support checked array accesses? For example: int arr[10]; arr[15] = 3;  No compiler warning, just memory corruption What symptoms are there when programs write past the end of arrays?

University of Washington Stack layout 5/2/13 4 As we’ve seen previously, when values are declared on the stack, the compiler shifts %rsp (in x86-64 assembly) to allocate space for them When a function returns, the return instruction pointer indicates where to begin executing again Return instruction pointer Saved registers int a int b uint64_t c char d[8]...

University of Washington Stack layout 5/2/13 5 Note that the top of the diagram represents higher addresses, and the bottom is lower addresses To which memory does d[10] refer in this example? Return instruction pointer Saved registers int a int b uint64_t c char d[8]...

University of Washington Buffer overflow attacks 5/2/13 6 In buffer overflow attacks, malicious users pass values to attempt to overwrite important parts of the stack or heap For example, an attacker could overwrite the return instruction pointer with the address of a malicious block of code Return instruction pointer Saved registers int a int b uint64_t c char d[8]...

University of Washington Buffer overflow attacks 5/2/13 7 C has some inherently unsafe functions that facilitate buffer overflows, including gets and strcpy gets(char* s) reads from standard input until reaching a newline character (‘\n’) or EOF (end of file)  How long should s be to contain the entire input string? strcpy(char* dest, const char* src) copies the contents of the src string into the dest string  What happens if dest is smaller than src ?

University of Washington Protecting against overflows 5/2/13 8 As a programmer, you can protect against buffer overflow bugs/attacks by checking buffer lengths and using safer string-related functions  fgets(char* s, int size, FILE* stream) takes a size parameter and will only read that many bytes from the given input stream  strncpy(char* dest, const char* src, size_t n) will copy at most n bytes from src to dest

University of Washington Protecting against overflows 5/2/13 9 Stack canaries  At runtime, programs place a (pseudo-)random integer on the stack immediately before the return instruction pointer. If the integer value doesn’t match when the function returns, the program generates a segmentation fault Data execution prevention  Some parts of memory (notably the stack) are marked as non- executable. The CPU will refuse to execute instructions from such locations and the program will terminate

University of Washington Lab 3: Buffer overflows 5/2/13 10 The purpose of lab 3 is to become familiar with how buffer overflow attacks work The various stages of the lab require different types of attacks to achieve certain goals If you have become comfortable with GDB and understanding assembly instructions, you should have no problem

University of Washington Lab 3: Buffer overflows 5/2/13 11 The exploitable function in lab 3 is called Gets (capital ‘G’) and is called from the getbuf function getbuf allocates a small array and reads user input into it via Gets. If the user input is too long, then certain values on the stack within the getbuf function will be overwritten...

University of Washington Lab 3: Buffer overflows 5/2/13 12 The first thing to do is to become familiar with the provided tools for the lab To generate malicious strings for testing buffer overflows, use the provided sendstring tool. It takes a list of space-separated hex values and translates them to the corresponding Ascii characters Each lab is slightly different as determined by the username given to it; when you run the bufbomb binary, you have to pass in “ -u [cse- username] ” Let’s take a look at how this works

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.