PPT-Heap Overflow Attacks

1 What is a heap Heap is a collection of variablesize memory chunks allocated by the program eg malloc free in C creating a new object in Java creating a new object in Java script. Chapter. 15 : . Attacking. . Compiled. Applications. Alexis Kirat - International Student. Native . execution. . environment. Vs. . Compiled. . execution. . environment. The majority of web applications are now written using languages and platforms that run in a managed execution environment in which classic vulnerabilities . Transform and Conquer. Instructor: . Tanvir. What is Transform and Conquer ?. The 4. th. algorithm design technique we are going to study. Three major variations. Instance Simplification:. Transform to a simpler or more convenient instance of the same problem. http://en.wikipedia.org/wiki/Stack_buffer_overflow. What is a stack buffer overflow?. Caused when a program writes more data to a buffer on the stack than what was initially allocated for the buffer. What is an Exploit?. An . exploit. . is any . input. (i.e., a piece of software, an argument string, or sequence of commands) that takes advantage of a bug, glitch or vulnerability in order to cause an attack. & . Rootkits. Warning. Do not use hacking tools unless you are . sure . you have . sysadmin’s. permission.. Company policy .  fired/suspended. Illegal Go to Jail. Honor Code. Just because you have a set of master-keys does NOT give you permission to drive anyone’s car!. Partially adopted from C Plus Data Structure textbook slides. What is a Heap?. Shape. : . complete. binary tree. Order. : . for . each node in the heap, the value stored in that node is . greater than or equal to . Memory Corruption . Attacks. Original slides were created by Prof. Dan . Boneh. Memory corruption attacks. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . Chih. Hung Wang. Reference:. 1. B. Chess and J. West, Secure Programming with Static Analysis, Addison-Wesley, 2007.. 2. R. C. . Seacord. , Secure Coding in C and C , Addison-Wesley, 2006.. 1. Introduction (1). modified from slides of . Lawrie. Brown. Buffer Overflow. a very common attack mechanism. first wide use by the Morris Worm in 1988. prevention techniques known. still of major concern. legacy of buggy code in widely deployed operating systems and applications. CSCI 3110 Nan Chen. Priority Queue. Data structure that stores items and restricts accesses to the highest priority item. STL (Max heap) example. DeleteMax. 3, 88 2 , 6 ,7 . ?. Applications of priority queue. 1. Agenda. SB 850 Overview. HCFC Team Members. HEAP Grant Overview. Eligible Applicants. Available Funding. Application Process. Distribution of Funds. Expenditure Deadlines. Application Timeline . Sam Silvestro, . Hongyu. Liu, Corey Crosser,. Zhiqiang. Lin*, . Tongping Liu. University of Texas at San . Antonio. * University of Texas at Dallas. Common Heap Vulnerabilities. Buffer over-read. Information leakage. 10-1/2" 27-1/226-1/2 39"19"18" 1 -1/2" 28-1/222-3/468 11-1/2" 29-1/227-1/2 47-3/4"20-1/2"16-1/2" 1 -1/2" SPECIFICATIONS without overflow with overflow to top of tub to overflow Dan Fleck. CS469 Security Engineering. Reference: . http://. www.thegeekstuff.com. /2013/06/buffer-overflow/ . Coming up: Buffer Overflows. 1. 1. Buffer Overflows. Buffer overflows occur when some sized portion of memory is overwritten with something bigger..