Lecture 14 Page 1 CS 236 Online Variable Initialization Some languages let you declare variables without specifying their initial values And let you use.

Slides:



Advertisements
Similar presentations
Dynamic Memory Management
Advertisements

CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Chapter 15 : Attacking Compiled Applications Alexis Kirat - International Student.
C Language Elements (II) H&K Chapter 2 Instructor – Gokcen Cilingir Cpt S 121 (June 22, 2011) Washington State University.
Nov 10, Fall 2006IAT 8001 Debugging. Nov 10, Fall 2006IAT 8002 How do I know my program is broken?  Compiler Errors –easy to fix!  Runtime Exceptions.
CS414 C Programming Tutorial Ben Atkin
Teaching Buffer Overflow Ken Williams NC A&T State University.
More on protocol implementation Packet parsing Memory management Data structures for lookup.
Teaching Buffer Overflow Ken Williams NC A&T State University.
Software and Software Vulnerabilities. Synopsis Array overflows Stack overflows String problems Pointer clobbering. Dynamic memory management Integer.
CS 61C L03 C Arrays (1) A Carle, Summer 2005 © UCB inst.eecs.berkeley.edu/~cs61c/su05 CS61C : Machine Structures Lecture #3: C Pointers & Arrays
Memory and C++ Pointers.  C++ objects and memory  C++ primitive types and memory  Note: “primitive types” = int, long, float, double, char, … January.
. Memory Management. Memory Organization u During run time, variables can be stored in one of three “pools”  Stack  Static heap  Dynamic heap.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
CS 11 C track: lecture 5 Last week: pointers This week: Pointer arithmetic Arrays and pointers Dynamic memory allocation The stack and the heap.
Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.
Computer Security and Penetration Testing
C++ Programming: From Problem Analysis to Program Design, Second Edition1 Objectives In this chapter you will: Learn about the pointer data type and pointer.
Storage Management. The stack and the heap Dynamic storage allocation refers to allocating space for variables at run time Most modern languages support.
Pointers OVERVIEW.
Programming in C Advanced Pointers. Pointers to Pointers Since a pointer is a variable type, a pointer may point to another pointer.Since a pointer is.
1 C++ Classes and Data Structures Jeffrey S. Childs Chapter 4 Pointers and Dynamic Arrays Jeffrey S. Childs Clarion University of PA © 2008, Prentice Hall.
Pointers in C++. 7a-2 Pointers "pointer" is a basic type like int or double value of a pointer variable contains the location, or address in memory, of.
Copyright 2005, The Ohio State University 1 Pointers, Dynamic Data, and Reference Types Review on Pointers Reference Variables Dynamic Memory Allocation.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 13 Page 1 CS 236 Online Principles for Secure Software Following these doesn’t guarantee security But they touch on the most commonly seen security.
Java Basics Opening Discussion zWhat did we talk about last class? zWhat are the basic constructs in the programming languages you are familiar.
Lecture 13 Page 1 CS 236 Online Major Problem Areas for Secure Programming Certain areas of programming have proven to be particularly prone to problems.
CSE 332: C++ Statements C++ Statements In C++ statements are basic units of execution –Each ends with ; (can use expressions to compute values) –Statements.
CSE 374 Programming Concepts & Tools Hal Perkins Fall 2015 Lecture 10 – C: the heap and manual memory management.
Lecture 7 Page 1 CS 111 Summer 2013 Another Option Fixed partition allocations result in internal fragmentation – Processes don’t use all of the fixed.
1 Lecture07: Memory Model 5/2/2012 Slides modified from Yin Lou, Cornell CS2022: Introduction to C.
Sairajiv Burugapalli. This chapter covers three main categories of classic software vulnerability: Buffer overflows Integer vulnerabilities Format string.
Lecture 14 Page 1 CS 136, Fall 2014 Secure Programming, Continued Computer Security Peter Reiher December 4, 2014.
Announcements You will receive your scores back for Assignment 2 this week. You will have an opportunity to correct your code and resubmit it for partial.
Lecture 15 Page 1 CS 236 Online Choosing Technologies Different technologies have different security properties –Operating systems –Languages –Object management.
Lecture 8 Page 1 CS 236, Spring 2008 Operating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Software Security. Bugs Most software has bugs Some bugs cause security vulnerabilities Incorrect processing of security related data Incorrect processing.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
Lecture 5 Page 1 CS 111 Summer 2013 Bounded Buffers A higher level abstraction than shared domains or simple messages But not quite as high level as RPC.
Lecture 14 Page 1 CS 136, Spring 2016 Secure Programming, Continued Computer Security Peter Reiher May 17, 2016.
Lecture 5 Page 1 CS 111 Online Process Creation Processes get created (and destroyed) all the time in a typical computer Some by explicit user command.
CSE 332: C++ Exceptions Motivation for C++ Exceptions Void Number:: operator/= (const double denom) { if (denom == 0.0) { // what to do here? } m_value.
Lecture 14 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 17 Page 1 CS 136, Fall 2010 Secure Programming, Continued CS 136 Computer Security Peter Reiher November 30, 2010.
Outline Introduction Principles for secure software
Outline Introduction Principles for secure software
C++ Catastrophes “if C allows you to shoot yourself in the foot, then C++ is giving you a machine gun!” James Prince.
Secure Coding Techniques
Major Problem Areas for Secure Programming
EGR 2261 Unit 11 Pointers and Dynamic Variables
Protecting Memory What is there to protect in memory?
YAHMD - Yet Another Heap Memory Debugger
Overview 4 major memory segments Key differences from Java stack
Protecting Memory What is there to protect in memory?
Module 30 (Unix/Linux Security Issues II)
Protecting Memory What is there to protect in memory?
Choosing Technologies
CSC 253 Lecture 8.
CSC 253 Lecture 8.
Overview 4 major memory segments Key differences from Java stack
Outline Introduction Principles for secure software
Outline Introduction Principles for secure software
NASA Secure Coding Rules
CS5123 Software Validation and Quality Assurance
Outline Introduction Memory protection Buffer overflows
Understanding and Preventing Buffer Overflow Attacks in Unix
Outline Introduction Memory protection Buffer overflows
Presentation transcript:

Lecture 14 Page 1 CS 236 Online Variable Initialization Some languages let you declare variables without specifying their initial values And let you use them without initializing them –E.g., C and C++ Why is that a problem?

Lecture 14 Page 2 CS 236 Online Variable Initialization Some languages let you declare variables without specifying their initial values And let you use them without initializing them –E.g., C and C++ Why is that a problem?

Lecture 14 Page 3 CS 236 Online A Little Example main() { foo(); bar(); } foo() { int a; int b; int c; a = 11; b = 12; c = 13; } bar() { int aa; int bb; int cc; printf("aa = %d\n",aa); printf("bb = %d\n",bb); printf("cc = %d\n",cc); }

Lecture 14 Page 4 CS 236 Online What’s the Output? lever.cs.ucla.edu[9]./a.out aa = 11 bb = 12 cc = 13 Perhaps not exactly what you might want

Lecture 14 Page 5 CS 236 Online Why Is This Dangerous? Values from one function “leak” into another function If attacker can influence the values in the first function, Maybe he can alter the behavior of the second one

Lecture 14 Page 6 CS 236 Online Variable Cleanup Often, programs reuse a buffer or other memory area If old data lives in this area, might not be properly cleaned up And then can be treated as something other than what it really was E.g., bug in Microsoft TCP/IP stack –Old packet data treated as a function pointer

Lecture 14 Page 7 CS 236 Online Use-After-Free Bugs Increasingly popular security bug type Related to memory management –Memory structures are dynamically allocated on the heap Either explicitly or implicitly freed –Depending on language and context In some cases, pointers can be used to access freed memory –E.g., in C and C++

Lecture 14 Page 8 CS 236 Online An Example Use-After-Free Bug In OpenSSL (from 2009)... frag->fragment,frag->msg_header.frag_len); } dtls1_hm_fragment_free(frag); pitem_free(item); if (al==0) { *ok = 1; return frag->msg_header.frag_len; } dtls1_hm_fragment_free(frag); return frag->msg_header.frag_len

Lecture 14 Page 9 CS 236 Online What Was the Effect? Typically, crashing the program But it would depend When combined with other vulnerabilities, could be worse E.g., arbitrary code execution Often making use of poor error handling code

Lecture 14 Page 10 CS 236 Online Recent Examples of Use-After- Free Bugs Internet Explorer (2014, several in ) Adobe Reader and Acrobat (2014) Mozilla, multiple products (2012) Google Chrome (2012)

Lecture 14 Page 11 CS 236 Online Some Other Problem Areas Handling of data structures –Indexing error in DAEMON Tools Arithmetic issues –Integer overflow in Sophos antivirus –Signedness error in XnView Errors in flow control –Samba error that causes loop to use wrong structure Off-by-one errors –Denial of service flaw in Clam AV

Lecture 14 Page 12 CS 236 Online Yet More Problem Areas Null pointer dereferencing –Xarrow SCADA system denial of service Side effects Punctuation errors Typos and cut-and-paste errors –Recent iOS vulnerability based on inadvertent duplication of a goto statement There are many others

Lecture 14 Page 13 CS 236 Online Why Should You Care? A lot of this stuff is kind of exotic Might seem unlikely it can be exploited Sounds like it would be hard to exploit without source code access Many examples of these bugs probably unexploitable

Lecture 14 Page 14 CS 236 Online So...? Well, that’s what everyone thinks before they get screwed “Nobody will find this bug” “It’s too hard to figure out how to exploit this bug” “It will get taken care of by someone else” –Code auditors –Testers –Firewalls

Lecture 14 Page 15 CS 236 Online That’s What They Always Say Before their system gets screwed Attackers can be very clever –Maybe more clever than you Attackers can work very hard –Maybe harder than you would Attackers may not have the goals you predict

Lecture 14 Page 16 CS 236 Online But How to Balance Things? You only have a certain amount of time to design and build code Won’t secure coding cut into that time? Maybe But less if you develop code coding practices If you avoid problematic things, you’ll tend to code more securely

Lecture 14 Page 17 CS 236 Online Some Good Coding Practices Validate input Be careful with failure conditions and return codes Avoid dangerous constructs –Like C input functions that don’t specify amount of data Keep it simple

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.