Professional Documents
Culture Documents
ch02 SW
ch02 SW
Security
Chapter 02:
Software & OS
Security
Buffer Overflow
• The European Space Agency’s
Ariane 5 Flight 501 was
destroyed 40 seconds after
Taxonomy:
An undesired program behavior
caused by a program vulnerability. How (genesis)
When (time)
Where (location)
Flaws by Genesis
Unintentional Intentional
(Program flaws) (Malicious software)
• SQL Injection • Viruses
• Buffer overflow • Worms
• Incomplete • Other breeds of
mediation malware
Flaws by Time
• During development
• Requirement/specification/design
• Source code
• Object code
• During maintenance
• During operation
Flaws by location
• Software
• OS: System initialization, memory management,
process management, file management,
authentication..., privilege
• Hardware
• CPU design ➔ spectre, meltdown attacks
❑ Two questions:
1. How do we keep programs free
from flaws?
2. How do we protect computing
resources against programs with
flaws?
❑ Early idea was to attack the finished
Basic Ideas program to reveal faults, and then
patch errors → not effective and tend
to introduce new faults
❑ More modern approach: careful
specification and compare behavior
with the expected.
❑ Insecure Interaction between components
o SQL Injection
o OS Command Injection
o Cross-site Scripting
o CSRF
Software o URL Redirection to Untrusted Site
Security ❑ Risky Resource Management
Issues o Buffer copy without checking input size
o Download of code without Integrity
check
o Use of potentially dangerous function
o Uncontrol format string
o ...
Buffer overflow
Defensive programming
Defensive
coding
example
Best practices
1 2 3 4
Never trust user Don’t reinvent the Don’t trust Use immutable
input wheel (Intelligent developers instead of
code reuse) mutable object
Secure Software
^
Dynamic variables(Ex: C-malloc() or C++-
|
new())
Heap
Uninitialized Data
Global uninitialized variables
Segment (bss)
Initialized Data
Global initilalized variables
Segment
Low Address Text Segment Code
Secure Software
buf
flag
ebp
eip
Smashing the stack
flag
ebp
new eip
ret addr
Smashing the stack – Better idea
or
6. Hardware Architecture:
Modern CPUs support NX-bit (No-eXecute) feature:
memory areas when marked as non executable, the CPU will
refuse to execute any code residing in these areas of
memory.
gcc -z execstack option turning off this feature.
Buffer Overflow • A major security threat yesterday,
today, and tomorrow
• The good news?
• It is possible to reduce overflow
attacks (safe languages, NX bit,
ASLR, education, etc.)
• The bad news?
• Buffer overflows will exist for a
long time
• Why? Legacy code, bad
development practices, clever
attacks, etc.