Host and Application Security Lesson 10: Code Injection.

Slides:



Advertisements
Similar presentations
ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.
Advertisements

Smashing the Stack for Fun and Profit
Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.
Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?
Introduction to Information Security ROP – Recitation 5 nirkrako at post.tau.ac.il itamarg at post.tau.ac.il.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Part III Counter measures The best defense is proper bounds checking but there are many C/C++ programmers and some are bound to forget  Are there any.
Foundations of Network and Computer Security J J ohn Black Lecture #30 Nov 26 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Stack buffer overflow
Chapter 9 Security Authentication Insider Attacks Exploiting Code Bugs.
Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.
Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Maziéres, Dan Boneh
Buffer Overflow Attacks Figure (a) Situation when the main program is running. (b) After the procedure A has been called. (c) Buffer overflow shown.
1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)
Efficient Instruction Set Randomization Using Software Dynamic Translation Michael Crane Wei Hu.
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.
Host and Application Security Lesson 22: Patch Management.
1 - buttons Click “Step Forward” to execute one line of the program. Click “Reset” to start over. “Play,” “Stop,” and “Step Back” are disabled in this.
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
Exploitation: Buffer Overflow, SQL injection, Adobe files Source:
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Win32 Programming Lesson 1: Why We’re All Here. Why We’re Here…  Okay, maybe that’s too grandiose  Windows – in particular Win32 Thirty-what?  What.
Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,
Mitigation of Buffer Overflow Attacks
Brian E. Brzezicki. This tutorial just illustrates the underlying concepts of buffer overflows by way of an extremely simple stack overflow  Most buffer.
1 Application Security: Electronic Commerce and Chapter 9 Copyright 2003 Prentice-Hall.
Rpisec.org/2013/ /exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1.
Exploitation possibilities of memory related vulnerabilities
Overflows & Exploits. In the beginning 11/02/1988 Robert Morris, Jr., a graduate student in Computer Science at Cornell, wrote an experimental, self-replicating,
Lecture 9: Buffer Ovefflows and ROP EEN 312: Processors: Hardware, Software, and Interfacing Department of Electrical and Computer Engineering Spring 2014,
How to Use BO Demos. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. How to Use Buffer Overflow Demos (applets)
A Tool for Pro-active Defense Against the Buffer Overrun Attack D. Bruschi, E. Rosti, R. Banfi Presented By: Warshavsky Alex.
1.4 Representation of data in computer systems Instructions.
Operating Systems Security
Introduction to Information Security ROP – Recitation 5.
On the Effectiveness of Address-Space Randomization Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, Dan Boneh.
A Survey on Runtime Smashed Stack Detection 坂井研究室 M 豊島隆志.
Buffer Overflows Taught by Scott Coté.-. _ _.-. / \.-. ((___)).-. / \ /.ooM \ / \.-. [ x x ].-. / \ /.ooM \ -/ \ /-----\-----/---\--\ /--/---\-----/-----\ / \-
Information Security - 2. A Stack Frame. Pushed to stack on function CALL The return address is copied to the CPU Instruction Pointer when the function.
Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.
Dale Roberts Department of Computer and Information Science, School of Science, IUPUI CSCI 230 Dale Roberts, Lecturer Information.
Foundations of Network and Computer Security J J ohn Black CSCI 6268/TLEN 5550, Spring 2013.
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
Analyzing C/C++ Vulnerabilities -- Mike Gerschefske.
Beyond Stack Smashing: Recent Advances In Exploiting Buffer Overruns Jonathan Pincus and Brandon Baker Microsoft Researchers IEEE Security and.
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Crispin Cowan SANS 2000.
CS703 - Advanced Operating Systems By Mr. Farhan Zaidi.
Introduction to Information Security
Overflows Mark Shtern.
Mitigation against Buffer Overflow Attacks
Module 30 (Unix/Linux Security Issues II)
Introduction to Information Security
Exam Review.
CSC 495/583 Topics of Software Security Return-oriented programming
Summary by - Bo Zhang and Shuang Guo [Date: 03/31/2014]
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
Defeating Instruction Set Randomization Nora Sovarel
Software Security Lesson Introduction
Format String.
CSE 484 Midterm Review “1st half of the quarter in 5 slides”
Smashing the Stack for Fun and Profit
Week 2: Buffer Overflow Part 2.
Understanding and Preventing Buffer Overflow Attacks in Unix
FIGURE Illustration of Stack Buffer Overflow
Return-to-libc Attacks
Presentation transcript:

Host and Application Security Lesson 10: Code Injection

Vulnernabities: Easy!  However, a more interesting class is code injection vulns…

What is code?  Actually, that’s not nearly as simple a question as it sounds  What about interpreted versus native?

Binary (native) code  Ultimately, machine code  Runs directly on the chip  Turns into microcode at the next layer down  Running native code is the holy grail when it comes to exploits

Understanding basic injection  The goal of code injection: Get something that is not code to run as code Why does it have to be not code?

Buffer Overflow  Five pounds of sugar in a four pound bag…  So, in a language like C/C++ what is the implication  Now, how can we turn that into code injection

How functions get called  stdcall calling convention: Parms on the stack, right to left Callee is responsible for cleaning up the stack

Stack-based injection  Let’s work our example now on the stack of a real program

Defenses  No execute flag: mark something in memory that makes memory non-executable  In particular, the non-executable stack  Stack cookies (canaries) help… but they leave a gap in protection

Return to libc attacks  We have a library with a known address (such as libc on Unix)  We have control of the stack, but have a non- executable stack…  What does the stack need to look like before a call? Bingo!

Return Oriented Programming  Much like return to libc, but we jump to “gadgets”  Using our gadgets, we build the program we want to run

Assignment  There’s a vulnerable program in your SVN…  Figure out how to exploit it  If you cannot figure it out, you should tell me what you tried and what you learned  By the midterm, you should read: The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) Smashing the Stack for fun and profit

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.