Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Software Systems Gaurav S. Kc Programming Systems Lab 9 th April, 2003.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing Software Systems Gaurav S. Kc Programming Systems Lab 9 th April, 2003."— Presentation transcript:

1 Securing Software Systems Gaurav S. Kc Programming Systems Lab 9 th April, 2003

2 Codiva = Code Diversity Using code diversity to increase software security Approach  Runtime management of processes  Vulnerabilities and attack techniques  Automatic defence mechanisms Implementations  Casper, RiSA Inter-group collaboration  Compilers, OS, Programming Languages, Security  Kaiser, Aho, Edwards, Keromytis

3 Codiva: Casper Compiler-assisted securing of programs at runtime Via added runtime checks as part of function invocations Add protection code  Protect what: control data in stack frames  What from: most stack-smashing attacks  Available as patches: Compiler: gcc-2.95 Debugger: gdb-5.2.1

4 Casper contd. 0xBadAdda0... (“/bin/sh”) exec PC ret. addr := 32-bit XOR ret. addr void function(int x, float y, char* s) { int a; int b; char buffer[SIZE]; int c;... ; strcpy(buffer, s);... } Stacksmashing attack Buffer overrun Code injection Return address overwritten Casper protection 1.Mask original return address value when entering function 2.Unmask and restore the original return address value when returning from function 3.Overwritten value will be “restored” to invalid code address Source function and runtime layout

5 Codiva: Randomised ISAs Unique machine instruction set per process Reversible mapping  machine instruction ↔ garbage bit sequence 1.Post-compilation stage Encode all executable sections with key Store codec key in file header 2.New cycle: fetch, decrypt, decode, execute decrypt: “Processor” restores each block of bytes to valid, original instruction Injected code gets probabilistically transformed to garbage bit-sequence that cannot be decoded

6 Randomised ISAs contd. SOURCE CODE key ENCRYPTED EXECUTABLE FILE key MACHINE EXECUTABLE FILE compile fetch decrypt

7 Codiva: future work Randomised ISA on real machine  Programmable Transmeta chips  Dynamo: Dynamic optimiser of native code Activation records  automatically managed, randomised layout Heap smashing techniques  break type-system  corrupt malloc data, Diversified research  Languages, Compilers: C++, Sun CC, Visual C++  Other architectures: Solaris, Alpha (DLX ;-)

8 Worklets Java-based mobile agent system Code transportation and dynamic integration mechanism

9 Worklets: past projects Dan Phung, Alex Bogomolov Micro-control of junctions  repeat, start-condition, etc. Registration and discovery mechanism Security  encryption, authentication and authorisation Optimised Worklet transportation  Workgroup Cache  Partial compression

Download ppt "Securing Software Systems Gaurav S. Kc Programming Systems Lab 9 th April, 2003."

Similar presentations

Algorithms and data structures

Algorithms and data structures
Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.

Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.
Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.

Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Moving Target Defense in Cyber Security

Moving Target Defense in Cyber Security
Week 7 - Friday.  What did we talk about last time?  Allocating 2D arrays.

Week 7 - Friday.  What did we talk about last time?  Allocating 2D arrays.
Compilers and Software Security Gaurav S. Kc Programming Systems Lab Tuesday, 22 nd April 2003.

Compilers and Software Security Gaurav S. Kc Programming Systems Lab Tuesday, 22 nd April 2003.
Review: Software Security David Brumley Carnegie Mellon University.

Review: Software Security David Brumley Carnegie Mellon University.
Buffer Overflows By Tim Peterson Joel Miller Dan Block.

Buffer Overflows By Tim Peterson Joel Miller Dan Block.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Instruction-Set Randomization “Countering Code-Injection Attacks With Instruction-Set Randomization” G. Kc, A. Keromytis, and V. Prevelakis CCS October.

Instruction-Set Randomization “Countering Code-Injection Attacks With Instruction-Set Randomization” G. Kc, A. Keromytis, and V. Prevelakis CCS October.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus Microsoft Research Brandon Baker Microsoft Carl Hartung CSCI 7143:

Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus Microsoft Research Brandon Baker Microsoft Carl Hartung CSCI 7143:
Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.

Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.
The Procedure Abstraction Part I: Basics Copyright 2003, Keith D. Cooper, Ken Kennedy & Linda Torczon, all rights reserved. Students enrolled in Comp 412.

The Procedure Abstraction Part I: Basics Copyright 2003, Keith D. Cooper, Ken Kennedy & Linda Torczon, all rights reserved. Students enrolled in Comp 412.
Casper / Codiva Compiler-assisted securing of programs at runtime Code diversity –Protection from most stack-smashing attacks void function(int x, float.

Casper / Codiva Compiler-assisted securing of programs at runtime Code diversity –Protection from most stack-smashing attacks void function(int x, float.
Processor Types And Instruction Sets Barak Perelman CS147 Prof. Lee.

Processor Types And Instruction Sets Barak Perelman CS147 Prof. Lee.
Efficient Instruction Set Randomization Using Software Dynamic Translation Michael Crane Wei Hu.

Efficient Instruction Set Randomization Using Software Dynamic Translation Michael Crane Wei Hu.
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.

University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.

Similar presentations

Ads by Google