Protecting against Buffer Overflow Attacks - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

Protecting against Buffer Overflow Attacks

Description:

collection of items stored in contiguous memory locations ... canary. 11. Background. Attack mechanism. Protection mechanisms. Summary ... – PowerPoint PPT presentation

Number of Views:41
Avg rating:3.0/5.0
Slides: 12
Provided by: thoma423
Category:

less

Transcript and Presenter's Notes

Title: Protecting against Buffer Overflow Attacks


1
Protecting against Buffer Overflow Attacks
  • Greta Yorsh

Tel Aviv University
Workshop on Security
2
Protecting against Buffer Overflow Attacks
  • Background and motivation
  • Attack mechanism
  • Protection Mechanism

3
Objectives
  • Recognize programs with possible BOF
  • Implement BOF attack
  • Write programs without BOF
  • Understand existing protection mechanism
  • Evaluate new protection mechanisms

4
Background
  • What is security ?
  • What damage is caused by the attack ?
  • send email to all neighbors
  • restart computer
  • erase all files
  • denial of service
  • run spy programs learn passwords, read
    confidential data
  • How attack works ?

5
Terminology
  • Buffer (array)
  • collection of items stored in contiguous memory
    locations
  • Overflow cause by placing more data in the
    buffer than it can contain
  • Types of BOF attacks
  • stack
  • heap
  • Programmers mistake

6
Motivation
  • 60 of security flaws caused by buffer overflow
    attacks

7
Example
stack
code
1684 1260 1120 1100 876 874 872 772 0
  • char baz
  • void foo() char BUF100 strcpy(BUF,
    baz) printf("s\n", BUF)
  • int main() baz getenv("HOME") foo() exit(
    0)

globals
baz
(1200)
return address (1640)
heap
8
Example
stack
code
1684 1260 1120 1100 876 874 872 772 0
  • char baz
  • void foo() char BUF100 strcpy(BUF,
    baz) printf("s\n", BUF)
  • int main() baz getenv("HOME") foo() exit(
    0)

globals
baz
(1200)
heap
9
Example
stack
code
1684 1260 1120 1100 876 874 872 772 0
  • void foo(char bar) char BUF100 strcpy(BUF,
    bar) printf("s\n", BUF)
  • int main() char baz baz
    getenv("HOME") foo() exit(0)

globals
\0 774 f a
101 100 99 0
baz
(1200)
774
f b a
99 1 0
BUF
heap
10
Protection Mechanism
stack
code
1684 1260 1120 1100 876 874 872 772 0
  • non-executable stacks
  • array-bounded check added by the compiler
  • StackGuard
  • StackShield

globals
\0 744 f a
101 100 99 0
baz (1200)
return address (1640)
canary
1640
heap
11
Summary
  • Correct programs can not be attacked by BOF
  • Protection mechanism exists
  • Protection mechanisms can be attacked
Write a Comment
User Comments (0)
About PowerShow.com