Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSC 495/583 Topics of Software Security Stack Overflows

Published byCaren Waters Modified over 6 years ago

Similar presentations

Presentation on theme: "CSC 495/583 Topics of Software Security Stack Overflows"— Presentation transcript:

1 CSC 495/583 Topics of Software Security Stack Overflows
Class5 CSC 495/583 Topics of Software Security Stack Overflows Dr. Si Chen

2 Review

3

4 System Call

5 System Call User code can be arbitrary
User code cannot modify kernel memory The call mechanism switches code to kernel mode

6 System Call 

7 Example: Hello World helloworld.asm

8 “Memory Corruption” What is it?

9 “Memory Corruption” Modifying a binary’s memory in a way that was not intended Broad umbrella term for most of what the rest of this class will be The vast majority of system-level exploits (real-world and competition) involve memory corruption

10 Buffers A buffer is defined as a limited, contiguously allocated set of memory. The most common buffer in C is an array.

11 Buffers A buffer is defined as a limited, contiguously allocated set of memory. The most common buffer in C is an array.

12 A novice C programmer mistake
This example shows how easy it is to read past the end of a buffer; C provides no built-in protection.

13 Another C programmer mistake
Our compiler gives us no warnings or errors!!

14 Crash report

15

16 Stack Frame

17 Overflow.c

18 Overflow.c

19 gdb GNU Debugger - Basics disassemble main (disas main)
set disassembly-flavor intel break main (b main) run stepi (s), step into nexti (n), step over

20 GNU Debugger – Examine Memory
Examine memory: x/NFU address N = number F = format U = unit • Examples x/10xb 0xdeadbeef, examine 10 bytes in hex x/xw 0xdeadbeef, examine 1 word in hex x/s 0xdeadbeef, examine null terminated string

21 Overflowing array results in overwriting other items on the stack

22 Overflow.c

23 Print ABCD

24 Print 100A(s)

25 BASH refresher

26 gdb io

27 Q & A

Download ppt "CSC 495/583 Topics of Software Security Stack Overflows"

Similar presentations

I/O: SPARC Assembly Department of Computer Science Georgia State University Georgia State University Updated Spring 2014.

I/O: SPARC Assembly Department of Computer Science Georgia State University Georgia State University Updated Spring 2014.
The art of exploitation

The art of exploitation
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson

CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Utilizing the GDB debugger to analyze programs Background and application.

Utilizing the GDB debugger to analyze programs Background and application.
Chapter 8: System Software Part of any computer system is the system software –This is software that supports our use of the computer –We will examine.

Chapter 8: System Software Part of any computer system is the system software –This is software that supports our use of the computer –We will examine.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Stack buffer overflow http://en.wikipedia.org/wiki/Stack_buffer_overflow.

Stack buffer overflow
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
Software and Software Vulnerabilities. Synopsis Array overflows Stack overflows String problems Pointer clobbering. Dynamic memory management Integer.

Software and Software Vulnerabilities. Synopsis Array overflows Stack overflows String problems Pointer clobbering. Dynamic memory management Integer.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
OllyDbg Debuger.

OllyDbg Debuger.
1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)

1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.
15-213 Recitation: Bomb Lab June 5, 2015 Dipayan Bhattacharya.

Recitation: Bomb Lab June 5, 2015 Dipayan Bhattacharya.
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.

University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,

Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,

Similar presentations

Ads by Google