PPT-Control hijacking attacks

Attackers goal Take over target machine eg web server Execute arbitrary code on target by hijacking application control flow This lecture three examples Buffer overflow attacks. 8 attacks PINblock formats Attacking PAN with translationverification functions Attacking PIN translation functions Collision attack Conclusion brPage 3br Basic terminology Hardware Security Module HSM Example IBM 4758 depicted below Host device Appl vulnerable to hijacking attempts. Hijackers may target these vehicles not for the cargo they contain, but for perpetrating various types of terrorist activities. These vehicles may be targeted beca Chapter 7. Intrusion. “Intrusion is a type of attack on information assets in which the instigator attempts to gain entry into a system or disrupt the normal operation of system with, almost always, the intent to do malicious harm.”. Iranian Hostage Crisis. 1979-1981. US Embassy Bombing in Beirut. 1983. Caskets of 17 Americans lost in Beirut. Before. After. Marine Barracks Bombing. 1983. Kidnapping of CIA Chief William Buckley. 1984. Shankar Raman. Balaji Venkat. Gaurav Raina. Outline. MPLS VPN Security Issues. Router Configuration. Secure Control Plane Exchange. Label hopping applied to data plane. Tic-Toc based Scheme. Control plane algorithms for PEne. Tongqing Qiu. +. , . Lusheng. . Ji. *. , Dan Pei. *. Jia. Wang. *. , Jun (Jim) . Xu. +. , Hitesh . Ballani. ++. + College of Computing, Georgia Tech. * AT&T Lab – Research. ++ Department of Computer Science, Cornell University . Aviv Zohar. School Computer Science and Engineering. The Hebrew University of Jerusalem . Based on joint work with . Maria . Apostolaki. and . Laurent . Vanbever. Blue: 2. Red: 1. Digital Payments. Eric Chien. Technical Director, Symantec Security Response. 1. Sep 2010. Targeted attacks are similar malicious threats sent to a narrow set of recipients based on their employment industry or direct involvement in an organization to gain access to intellectual property and confidential documents.. Control hijacking attacks. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by hijacking application control flow. Examples:. Buffer overflow and integer overflow attacks. Recap: control hijacking attacks. Stack smashing. : overwrite return address or function pointer. Heap spraying. : reliably exploit a heap overflow. Use after free. : attacker writes to freed control structure, . Aviv Zohar. School Computer Science and Engineering. The Hebrew University of Jerusalem . Based on joint work with . Maria . Apostolaki. and . Laurent . Vanbever. Blue: 2. Red: 1. Digital Payments. Roger Grimes. Data-Driven Defense Evangelist, KnowBe4, Inc.. rogerg@knowbe4.com. Roger A. Grimes. Data-Driven Defense Evangelist. KnowBe4, Inc.. 30-years plus in computer security. Expertise in host and network security, . Computing through . Failures and Cyber Attacks. . Dr. Zbigniew . Kalbarczyk. Coordinated Science Laboratory. Department of Electrical and Computer Engineering. University of Illinois at . Urbana-Champaign. Shankar Raman. Balaji Venkat. Gaurav Raina. Outline. MPLS VPN Security Issues. Router Configuration. Secure Control Plane Exchange. Label hopping applied to data plane. Tic-Toc based Scheme. Control plane algorithms for PEne.