Presentation is loading. Please wait.

Presentation is loading. Please wait.

Design of a Framework for Testing Security Mechanisms for Program-Based Attacks Ben “Security” Breech and Lori Pollock University of Delaware.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Design of a Framework for Testing Security Mechanisms for Program-Based Attacks Ben “Security” Breech and Lori Pollock University of Delaware."— Presentation transcript:

1 Design of a Framework for Testing Security Mechanisms for Program-Based Attacks Ben “Security” Breech and Lori Pollock University of Delaware

2 Motivation o Unsafe programming practices –Exploited by malicious input (program-based attack) o Vulnerabilities difficult to find and fix –Expensive (time, resources required) –Often wait until exploit is found o Mechanisms proposed to protect programs –Poorly tested –Low confidence in security protection

3 Testing Security Mechanisms o Testing is often poor and non-systematic –Current process: Find program with vulnerability and known exploit. Apply the mechanism and try the exploit. –Finding test subjects can be difficult o Need a framework that provides a systematic, and automatic method of testing security mechanisms –More thorough testing of mechanisms

4 Program-Based Attacks o Malicious attacks initiated as input –Usually buffer overflow o Examples –Stack smashing –Function pointers –Heap variables

5 Example Attack int proc_inp (int a, int b, int c) { char buf1 [3]; int z; char buf2 [5]; gets (buf2) …. } 42 Input: ABCDEFGHIJKLMNOPQRST c -> 6 7 0x1200 b -> a -> return address -> saved fp -> buf1 [] -> 0x150 z -> buf2 [] -> QRST MNOP JKL FGHI ABCDE Caller AR proc_inp AR

6 Example Mechanism: RAD A() { char s [5]; gets (s); B(s) … ret } B(char *s) { C(s) … ret } C(char *s) { … ret } A AR: 0x1200 C AR: 0x1280 B AR: 0x1250 0x1200 0x1250 0x1280 Call Stack: RAD Stack: (Chiueh and Hsu, ICDCS 2001) Input: ABC

7 Our Framework… o Present the design of a framework to test security mechanisms –Enables systematic and automatic testing o Key insight: use dynamic compiler to simulate attacks

8 Framework Design

9 Framework Key Components

10 Framework Requirements o General -- support different languages, vulnerabilities and mechanisms o Systematic -- insert attacks at appropriate points o Automatic -- little user interaction o Support testing of evolving programs o Robust -- few false positives o Low overhead -- both space and time

11 The Testing Process A AR: 0x1200 A AR: 0x5000 C AR: 0x1280 B AR: 0x1250 0x1200 0x1250 0x1280 Call Stack: RAD Stack: B AR: 0x5000 C AR: 0x5000 A() { char s [5]; gets (s); B(s) … ret } B(char *s) { C(s) … ret } C(char *s) { … ret } Input: ABC

12 Prototype Implementation Use the DynamoRIO 1 dynamic compiler 1 (Bruening et al. CGO 03) Native Binary Code Initialization Basic Block Construction Initialization Basic Block Execution Exit Analysis or Optimization Cleanup And Exit DynamoRIO (simplified view) Client Module

13 Implementation Issues o Simulation of attacks -- may not perfectly mimic all effects of attack o Efficiency -- overhead tradeoff o Monitoring -- what to look for? o Key component goals -- tradeoff? –No extra code compiled in –All possible attack points tested o Automatically specifying attacks

14 Summary and Current Status o Presented design of framework for testing security mechanisms for program-based attacks o Proof of concept implementation

Download ppt "Design of a Framework for Testing Security Mechanisms for Program-Based Attacks Ben “Security” Breech and Lori Pollock University of Delaware."

Similar presentations

Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
Introduction to Memory Management. 2 General Structure of Run-Time Memory.

Introduction to Memory Management. 2 General Structure of Run-Time Memory.
Compiler Optimized Dynamic Taint Analysis James Kasten Alex Crowell.

Compiler Optimized Dynamic Taint Analysis James Kasten Alex Crowell.
Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?

Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?
CS457 – Introduction to Information Systems Security Software 3 Elias Athanasopoulos

CS457 – Introduction to Information Systems Security Software 3 Elias Athanasopoulos
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Review: Software Security David Brumley Carnegie Mellon University.

Review: Software Security David Brumley Carnegie Mellon University.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
A Comparison of Online and Dynamic Impact Analysis Algorithms Ben Breech Mike Tegtmeyer Lori Pollock University of Delaware.

A Comparison of Online and Dynamic Impact Analysis Algorithms Ben Breech Mike Tegtmeyer Lori Pollock University of Delaware.
RUGRAT: Runtime Test Case Generation using Dynamic Compilers Ben Breech NASA Goddard Space Flight Center Lori Pollock John Cavazos University of Delaware.

RUGRAT: Runtime Test Case Generation using Dynamic Compilers Ben Breech NASA Goddard Space Flight Center Lori Pollock John Cavazos University of Delaware.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.

Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus Microsoft Research Brandon Baker Microsoft Carl Hartung CSCI 7143:

Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus Microsoft Research Brandon Baker Microsoft Carl Hartung CSCI 7143:
Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.

Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.
Buffer Overflow. Process Memory Organization.

Buffer Overflow. Process Memory Organization.
Dynamic Tainting for Deployed Java Programs Du Li Advisor: Witawas Srisa-an University of Nebraska-Lincoln 1.

Dynamic Tainting for Deployed Java Programs Du Li Advisor: Witawas Srisa-an University of Nebraska-Lincoln 1.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.

Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.

University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.

Similar presentations

Ads by Google