PPT-Heap Overflow Attacks 1 What is a heap?

Heap is a collection of variablesize memory chunks allocated by the program eg malloc free in C creating a new object in Java creating a new object in Java script. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . hijacking application control flow. This lecture: three examples.. Buffer overflow attacks. Transform and Conquer. Instructor: . Tanvir. What is Transform and Conquer ?. The 4. th. algorithm design technique we are going to study. Three major variations. Instance Simplification:. Transform to a simpler or more convenient instance of the same problem. Novark. ,. Emery D. Berger. University of Massachusetts Amherst. DieHarder. : Securing the Heap. ACM CCS’10. 2. Outline. 3. Introduction. Memory Allocators. Threat Model. Heap Overflow . Attacks. A . Defense . Against Heap-spraying . Code . Injection Attacks. Paruj. . Ratanaworabhan. , . Cornell . University. Benjamin . Livshits. , . Microsoft . Research. Benjamin . Zorn,. . Microsoft . Research. 1. What is a heap?. Heap is a collection of variable-size memory chunks allocated by the program. e.g., . malloc. (), free() in C,. creating a new object in Java. . creating a new object in Java script. Basic . Memory Corruption . Attacks. Original slides were created by Prof. Dan . Boneh. Memory corruption attacks. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . Basic . Memory Corruption. . Attacks. Original slides were created by Prof. Dan . Boneh. Memory corruption attacks. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . Memory Corruption . Attacks. Original slides were created by Prof. Dan . Boneh. Memory corruption attacks. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . Memory Corruption. . Attacks. Original slides were created by Prof. Dan . Boneh. Memory corruption attacks. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . Control hijacking attacks. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by hijacking application control flow. Examples:. Buffer overflow and integer overflow attacks. modified from slides of . Lawrie. Brown. Buffer Overflow. a very common attack mechanism. first wide use by the Morris Worm in 1988. prevention techniques known. still of major concern. legacy of buggy code in widely deployed operating systems and . Compile time vs Run time main( argc , argv , envp ) int argc ; char ** argv ; char ** envp ; { int i ; char *name, buf [32]; name = getname (); printf ("your name is %s\n", name); Outline. This topic covers the simplest . Q. (. n. ln(. n. )). sorting algorithm: . heap sort. We will:. define the strategy. analyze the run time. convert an unsorted list into a heap. cover some examples. Code Injection Attacks. Paruj Ratanaworabhan, Cornell University . Ben Livshits and Ben Zorn, Microsoft Research. (Redmond, WA). Heap Spraying is a Problem. Firefox 3.5. July 14, 2009. http://www.web2secure.com/2009/07/mozilla-firefox-35-heap-spray.html.