Download Chapter 1 Security Problems in Computing

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
Document related concepts

Subroutine wikipedia , lookup

Block sort wikipedia , lookup

Transcript 
VM: Chapter 7
Buffer Overflows
Outline

Impact of buffer overflows

What is a buffer overflow?

Types of buffer overflows
heap overflow
stack overflow

Defense against buffer overflows

Examples
csci5233 computer security &
integrity (VM: Ch. 7)
2
Impact of buffer overflows

[Wagner, 2000]: Contributed to as much as 50% of
security problems (see Fig. 7-1, p.136)

The problem is not getting better. (see Fig. 7-2)

Why?
Bad language design (e.g., C/C++)
Poor programming
csci5233 computer security &
integrity (VM: Ch. 7)
3
Impact of buffer overflows

The unsafe C language:
C is inherently unsafe.
There is no bounds checking on array and pointer
references.
It is the programmer’s responsibility to do the
checking.
Unsafe string operations in the standard C lib.
csci5233 computer security &
integrity (VM: Ch. 7)
4
What is buffer overflow?

Buffer is a memory area where contiguous chunks of the same
data type are allocated.

Buffer overflow occurs when a program writes past the bounds
of a buffer.
Buffer Overflow
Overflow
area
P1’s buffer
P2
The bound of P1’s buffer
P2’s memory area
Q: What could be the impact of a buffer overflow? How would the
impact be determined?
csci5233 computer security &
integrity (VM: Ch. 7)
5
The impact of a buffer overflow


Factors that determine the impact of a buffer
overflow:
1.
What data or code in P2 were over-written?
2.
What data were written into the overflow area?
3.
How would P1 access the overflow area?
4.
How would P2 access the overflow area?
Overall, the outcome is unpredictable!
csci5233 computer security &
integrity (VM: Ch. 7)
6
Why are buffer overflows a security problem?

Reason: A malicious program may exploit buffer
overflow to gain privileged access to a system.

The exploit is usually tied to specific architecture of
particular operating systems.
Example: stack smashing – An overflow overwrites
the return address in a stack frame.

Privilege escalation: A privilege is granted to a
sequence of users through a chain of granting
process

In an OS, many applications and/or utilities are
given super user privilege, usually only temporarily,
to perform part of its job that requires the privilege.
 regular mode versus privileged mode
csci5233 computer security &
integrity (VM: Ch. 7)
7
Why are buffer overflows a security
problem?

Threat: When a malicious program (M) gain control
of a process (P), it “inherits” its privileges.

For example: In UNIX, applications such as lpr and
xterm have been abused into giving up root
privileges thru the exploit of buffer overflow in suid
regions of the code.

Another example: A malicious program finds a buffer
overflow in an suid root program, and then exploits
to trigger an interactive shell (with root privilege).
csci5233 computer security &
integrity (VM: Ch. 7)
8
Buffer Overflow and C/C++ Functions

C functions that do not check bounds: pp. 141-149

See also Table 7-1, p.152

Any solution? Defensive programming by
1. Set an upper bound of an argument, or use an
function that allows a bound to be set
Example: strncpy( ) in place of strcpy( )
2. Check the length of an argument before passing
it to a library function  To avoid internal buffer
overflow (p.147)
Example: relpath( ), syslog( ), getopt( ), getpass( ), etc.

Are these the ultimate solutions? Probably not.
csci5233 computer security &
integrity (VM: Ch. 7)
9
Types of Buffer Overflows



Stack overflows versus heap overflows
Compared to other parts of a process (such as data
segment and program segment, which are static),
the stack and the heap are dynamic.
Stack is used for allocating the context of the current
function call, such as non-static local variables,
parameters passed by value, return address, …
 activation record (or stack frame)
Heap is for allocating data requested dynamically by
a user program, such as via malloc( ) in C or
new in C++.
Heap overflows are generally much harder to
exploit than stack overflows. Why?
csci5233 computer security &
integrity (VM: Ch. 7)
10
Heap Overflows



A less likely attack than stack overflows.
The attacker needs to know many things:
1. Which variable(s) are security critical;
2. How the variables are allocated in the heap;
3. The number of bytes allocated to a variable;
4. A buffer that can overflow the target variable;
5. …
Example: pp.155-159.
csci5233 computer security &
integrity (VM: Ch. 7)
11
Stack Overflows

Steps: p.159
1.
2.
3.

Find a stack-allocated buffer that allows us to overwrite the
return address in a stack frame;
Place some hostile code in memory to which we can jump
when the function we’re attacking returns;
Write over the return address on the stack with a value
that causes the program to jump to our hostile code.
Examples: pp.160-177.
csci5233 computer security &
integrity (VM: Ch. 7)
12
“Solutions” to Buffer Overflows
1.
Software scanning tools (VM: Chapter 6) can help
to find and remove buffer overflow problems.
2.
Nonexecutable stacks: requires OS support or
patch
3.
Get a compiler that performs array bounds
checking for C programs.
4.
Stackguard tools adds a little bit of data at the end
of stack-allocated data (called a canary), and later
checks the canary to see whether the allocated
data is still valid.
csci5233 computer security &
integrity (VM: Ch. 7)
13
“Solutions” to Buffer Overflows
5.
Memory integrity checking tools, such as Rational’s
Purify
6.
Replace vulnerable calls with “safe” versions.
7.
Don’t use C. Use a type-safe language such as
Java!
csci5233 computer security &
integrity (VM: Ch. 7)
14
Summary





Buffer overflow is the most common attack at C
programs.
It is difficult to write secure C programs.
The best approach is to use a “safe” language.
The challenge is there exist lots of C/C++ codes out
there.
Next:
– Applying cryptography (VM: Ch 11)
– CSCI5931 Web Security (Spring 2003)
csci5233 computer security &
integrity (VM: Ch. 7)
15
Related documents
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034 M.Sc.
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034 M.Sc.
What Percentage of the Earth`s Surface is Water - edventure-GA
What Percentage of the Earth`s Surface is Water - edventure-GA
Review: Operating Systems - Nipissing University Word
Review: Operating Systems - Nipissing University Word
Introduction CS 239 Security for Networks and System
Introduction CS 239 Security for Networks and System
Slides - MIT Database Group
Slides - MIT Database Group
CMSC 414 Computer (and Network) Security
CMSC 414 Computer (and Network) Security
CIS3360: Security in Computing (online session, Spring 2012)
CIS3360: Security in Computing (online session, Spring 2012)
Applications Security
Applications Security
1 - Georgia Tech
1 - Georgia Tech
slides
slides
Application Security
Application Security
Lazy Garbage Collection of Recovery State for Fault – Tolerant
Lazy Garbage Collection of Recovery State for Fault – Tolerant