PPT-Heap Overflow Attacks

1 What is a heap Heap is a collection of variablesize memory chunks allocated by the program eg malloc free in C creating a new object in Java creating a new object in Java script. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . hijacking application control flow. This lecture: three examples.. Buffer overflow attacks. Chapter. 15 : . Attacking. . Compiled. Applications. Alexis Kirat - International Student. Native . execution. . environment. Vs. . Compiled. . execution. . environment. The majority of web applications are now written using languages and platforms that run in a managed execution environment in which classic vulnerabilities . A . Defense . Against Heap-spraying . Code . Injection Attacks. Paruj. . Ratanaworabhan. , . Cornell . University. Benjamin . Livshits. , . Microsoft . Research. Benjamin . Zorn,. . Microsoft . Research. What is an Exploit?. An . exploit. . is any . input. (i.e., a piece of software, an argument string, or sequence of commands) that takes advantage of a bug, glitch or vulnerability in order to cause an attack. Basic . Memory Corruption . Attacks. Original slides were created by Prof. Dan . Boneh. Memory corruption attacks. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . Basic . Memory Corruption. . Attacks. Original slides were created by Prof. Dan . Boneh. Memory corruption attacks. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . & . Rootkits. Warning. Do not use hacking tools unless you are . sure . you have . sysadmin’s. permission.. Company policy .  fired/suspended. Illegal Go to Jail. Honor Code. Just because you have a set of master-keys does NOT give you permission to drive anyone’s car!. Memory Corruption . Attacks. Original slides were created by Prof. Dan . Boneh. Memory corruption attacks. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . Memory Corruption. . Attacks. Original slides were created by Prof. Dan . Boneh. Memory corruption attacks. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . Control hijacking attacks. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by hijacking application control flow. Examples:. Buffer overflow and integer overflow attacks. modified from slides of . Lawrie. Brown. Buffer Overflow. a very common attack mechanism. first wide use by the Morris Worm in 1988. prevention techniques known. still of major concern. legacy of buggy code in widely deployed operating systems and . Compile time vs Run time main( argc , argv , envp ) int argc ; char ** argv ; char ** envp ; { int i ; char *name, buf [32]; name = getname (); printf ("your name is %s\n", name); Heap is a collection of variable-size memory chunks allocated by the program. e.g., . malloc. (), free() in C,. creating a new object in Java. . creating a new object in Java script. Dan Fleck. CS469 Security Engineering. Reference: . http://. www.thegeekstuff.com. /2013/06/buffer-overflow/ . Coming up: Buffer Overflows. 1. 1. Buffer Overflows. Buffer overflows occur when some sized portion of memory is overwritten with something bigger..