Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Programming Dr. X

Published byColeen Hoover Modified over 6 years ago

Similar presentations

Presentation on theme: "Secure Programming Dr. X"— Presentation transcript:

1 Secure Programming Dr. X
Slides adopted from Dr. Steven Bellovin, Columbia University

2 Outline One last presentation for project update
Questions on today’s lab – SQL injection, XSS Buffer overflow SigFree - Louis Secure programming

3 “If our software is buggy, what does that say about its security?”
—Robert H. Morris, creator of the Morris worm

4 It’s all about the software
Most penetrations are due to buggy software Crypto won’t help there: bad software defeats good crypto Design matters, too

5 Security isn’t about Cryptography
Cryptography is necessary (and we’ll talk about it) But it’s possible for cryptographic software to have bugs, too In one recent study, 80% of mobile apps had problems with their cryptography

6 Three separate aspects
Enforcing security Avoiding bugs Proper components and proper composition

7 Avoiding bugs Many simple bugs can be exploited to cause security problems (The C language is a large part of the problem) Much of the trouble is compounded by poor specifications

8 Buffer overflows Once responsible for about half of all security vulnerabilities; still a serious problem Fundamental problems: – Character strings in C are actually arrays of chars – There is no array bounds checking done in C Attacker’s goal: overflow the array in a controlled fashion

9 How can such things happen?
C has lots of built-in functions that don’t check array bounds Programmers frequently don’t check, either The attacker supplies too-long input

10 Java vs. C Java checks array bounds C# checks array bounds
Go checks array bounds More or less everything but C and C++ check. . .

11 ASLR: Address Space Layout Randomization
Put stack at different random location each time program is executed Put heap at different random location as well Defeats attempts to address known locations But—makes debugging harder

12 Non-executable data areas
Modern computer architectures have permission bits for memory pages: can only execute code if the “execute” bit is set Defense: on pages with the “write” bit set, don’t set “execute” The stack is writable, so code injected by the attacker won’t be executable Called “DEP” (Data Execution Prevention) or “W ⊕X”

13 Checking code Look for suspect calls Use static checkers
Use language feature like Perl’s “taint” mode

14 Stack vs Heap Easiest to exploit if the buffer is on the stack
Exploits for heap buffers are also possible, though they’re harder

15 Issues for the attacker
Finding vulnerable programs NUL bytes Uncertainty about addresses

16 Finding vulnerable programs
Use nm and grep to spot use of dangerous routines Probe via very-long inputs Look at source or disassembed/decompiled code

17 NUL Bytes C strings can’t have embedded 0 bytes
Some instructions do have 0 bytes, perhaps as part of an operand Solution: use different instruction sequence

18 Address Uncertainty Pad the evil instructions with NOPs
This is called a landing zone or a NOP sled Set the return address to anywhere in the landing zone

19 Buffer overflow summary
You must check buffer lengths Where you can, use the safer library functions Write your own safe string library (there’s no commonly-available standard) Use C++ and class String Use Java Use anything but raw C!

20 Heap overflow Code execution Memory may be affected Phone jailbreaking
Heap is dynamic Prevention: Sanity checks on heap Randomization Prevent execution Sources on heap overflow java

21 Sources for secure coding
OWASP Security by design: _Guide_v2.pdf

Download ppt "Secure Programming Dr. X"

Similar presentations

ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.

ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson

CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Part III Counter measures The best defense is proper bounds checking but there are many C/C++ programmers and some are bound to forget  Are there any.

Part III Counter measures The best defense is proper bounds checking but there are many C/C++ programmers and some are bound to forget  Are there any.
Java.  Java is an object-oriented programming language.  Java is important to us because Android programming uses Java.  However, Java is much more.

Java.  Java is an object-oriented programming language.  Java is important to us because Android programming uses Java.  However, Java is much more.
Software and Security Buffer Overflow 1.

Software and Security Buffer Overflow 1.
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research

1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research
Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Maziéres, Dan Boneh

Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Maziéres, Dan Boneh
1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research

1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research
Lecture 16 Buffer Overflow

Lecture 16 Buffer Overflow
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.
Safety in the C programming Language Peter Wihl May 26 th, 2005 CS 297 Security and Programming Languages.

Safety in the C programming Language Peter Wihl May 26 th, 2005 CS 297 Security and Programming Languages.
A survey of Buffer overflow exploitation on HTC touch mobile phone Advanced Defense Lab CSIE NCU Chih-Wen Ou.

A survey of Buffer overflow exploitation on HTC touch mobile phone Advanced Defense Lab CSIE NCU Chih-Wen Ou.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.

Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.

Similar presentations

Ads by Google