Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Lazy Garbage Collection of Recovery State for Fault – Tolerant
Document related concepts
Computer and network surveillance wikipedia , lookup
Airport security wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Address space layout randomization wikipedia , lookup
Computer security wikipedia , lookup
Mobile security wikipedia , lookup
Cross-site scripting wikipedia , lookup
Security-focused operating system wikipedia , lookup
Transcript
Buffer Overflow
Maddikayala, jagadish.
CSCI 5931
Web Security
Prof. T. Andrew Yang
Monday Feb. 23
What is Buffer Overflow?
A buffer is a contiguous allocated chunk of memory,
such as an array or a pointer in C
Buffer overflow occurs when a program or process
tries to store more data in a buffer than it was
intended to hold
Buffer overflows are exploited to change the flow of
a program in execution
Buffer overflows are by far the most commonly
exploited bug on the linux/unix Operating systems
CSCI 5931 Web Security
Process Memory Organization
env, argv strings
High addess
.bss
.data
Heap
char global;
int main(){
int
main(){
char
global = ‘a’;
Char
*var = malloc(3);
….
int main(){
}…
…
env, argv pointers
stack
}}
.data
int main(){
static
int var;to an address which
var
points
int main(){
…
is
in the
static
charheap
var = ‘a’;
}…
.text
}
global
globaland
andvar
varwill
willbe
beinin.bss
.data
heap
.bss
Low address
CSCI 5931 Web Security
Buffer Organization
Storage of xyz buffer.
Buffer “xyz” in memory
Two consecutive
buffers, xyz and abcde.
\0 z
y
x
\0 z
y x
\0 e
Unused byte
d c
b a
1 word = 4 bytes
CSCI 5931 Web Security
Examples
char a[5]="yang";
char b[9]="security";
strcpy(b, "maddikayala");
printf("%s\n", a);
Initial stack organization
\0
g n a y
\0
y t
u c
i r
e s
a
b
After the overflow
g n
\0 a
a
l
\0
y
a
y
d
k
a
i
m
a
d
CSCI 5931 Web Security
a
b
Examples
char a[4]="tom";
char b[8]="michael";
strcpy(b, "maddikayala");
printf("%s\n", a);
Initial stack organization
\0 m o t
\0 l a e
h c i m
a
b
After the overflow
\0 a
y a
d d
l
k
a
a
i
m
a overwritten
b
This is the kind of vulnerability used in buffer overflow exploits
CSCI 5931 Web Security
Buffer Overflow Countermeasures
Write secure code
Non-executable Buffers
Advanced debugging tools
–
–
–
Fault injection tools
Static analysis tools
StackShield and StackGuard
Compilers
–
–
offer warnings on the use of unsafe constructs such as gets
(), strcpy ()
generate the code with built-in safeguards to prevent the
use of illegal addresses
CSCI 5931 Web Security
References
http://mixter.void.ru/exploit.html
http://www.linuxjournal.com/article.php?sid=6701
http://www.linuxjournal.com/article.php?sid=2902
http://www.devbuilder.org/asp/dev_article.asp?aspid=43
http://immunix.org/StackGuard/discex00.pdf
http://www.infosecwriters.com/texts.php?op=display&id=134
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci549
024,00.html
CSCI 5931 Web Security
Thank you
Any Questions???
CSCI 5931 Web Security
