PPT-Heap Overflow Attacks 1 What is a heap?

Heap is a collection of variablesize memory chunks allocated by the program eg malloc free in C creating a new object in Java creating a new object in Java script. Transform and Conquer. Instructor: . Tanvir. What is Transform and Conquer ?. The 4. th. algorithm design technique we are going to study. Three major variations. Instance Simplification:. Transform to a simpler or more convenient instance of the same problem. http://en.wikipedia.org/wiki/Stack_buffer_overflow. What is a stack buffer overflow?. Caused when a program writes more data to a buffer on the stack than what was initially allocated for the buffer. A . Defense . Against Heap-spraying . Code . Injection Attacks. Paruj. . Ratanaworabhan. , . Cornell . University. Benjamin . Livshits. , . Microsoft . Research. Benjamin . Zorn,. . Microsoft . Research. Basic . Memory Corruption . Attacks. Original slides were created by Prof. Dan . Boneh. Memory corruption attacks. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . Basic . Memory Corruption. . Attacks. Original slides were created by Prof. Dan . Boneh. Memory corruption attacks. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . & . Rootkits. Warning. Do not use hacking tools unless you are . sure . you have . sysadmin’s. permission.. Company policy .  fired/suspended. Illegal Go to Jail. Honor Code. Just because you have a set of master-keys does NOT give you permission to drive anyone’s car!. Memory Corruption . Attacks. Original slides were created by Prof. Dan . Boneh. Memory corruption attacks. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . Chih. Hung Wang. Reference:. 1. B. Chess and J. West, Secure Programming with Static Analysis, Addison-Wesley, 2007.. 2. R. C. . Seacord. , Secure Coding in C and C , Addison-Wesley, 2006.. 1. Introduction (1). Control hijacking attacks. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by hijacking application control flow. Examples:. Buffer overflow and integer overflow attacks. CSCI 3110 Nan Chen. Priority Queue. Data structure that stores items and restricts accesses to the highest priority item. STL (Max heap) example. DeleteMax. 3, 88 2 , 6 ,7 . ?. Applications of priority queue. Sam Silvestro, . Hongyu. Liu, Corey Crosser,. Zhiqiang. Lin*, . Tongping Liu. University of Texas at San . Antonio. * University of Texas at Dallas. Common Heap Vulnerabilities. Buffer over-read. Information leakage. 10-1/2" 27-1/226-1/2 39"19"18" 1 -1/2" 28-1/222-3/468 11-1/2" 29-1/227-1/2 47-3/4"20-1/2"16-1/2" 1 -1/2" SPECIFICATIONS without overflow with overflow to top of tub to overflow Code Injection Attacks. Paruj Ratanaworabhan, Cornell University . Ben Livshits and Ben Zorn, Microsoft Research. (Redmond, WA). Heap Spraying is a Problem. Firefox 3.5. July 14, 2009. http://www.web2secure.com/2009/07/mozilla-firefox-35-heap-spray.html. Dan Fleck. CS469 Security Engineering. Reference: . http://. www.thegeekstuff.com. /2013/06/buffer-overflow/ . Coming up: Buffer Overflows. 1. 1. Buffer Overflows. Buffer overflows occur when some sized portion of memory is overwritten with something bigger..