PPT-Non Malicious Program Errors (Buffer Overflows)

Gabe Kanzelmeyer CS 450 41410 Overview What is buffer overflow How memory is processed and the stack The threat Stack overrun attack Dangers Prevention What is buffer overflow A buffer arraystring that holds data. More over buffer overflow vulnerabilities dominate the area of remote network penetra tion vulnerabilities where an anonymous Inter net user seeks to gain partial or total control of a host If buffer overflow vulnerabilities could be effectively eli More over buffer overflow vulnerabilities dominate the area of remote network penetra tion vulnerabilities where an anonymous Inter net user seeks to gain partial or total control of a host If buffer overflow vulnerabilities could be effectively eli More over buffer overflow vulnerabilities dominate the area of remote network penetra tion vulnerabilities where an anonymous Inter net user seeks to gain partial or total control of a host If buffer overflow vulnerabilities could be effectively eli Overflow Example. Dan Fleck. CS469 Security Engineering. Reference: . http://. www.thegeekstuff.com. /2013/06/buffer-overflow/ . Coming up: Buffer Overflows. 1. 1. Buffer Overflows. Buffer overflows occur when some sized portion of memory is overwritten with something bigger.. Buffer Overflows for Beginners. Herbert . Bos. VU University Amsterdam. Buffer overflows are…. ancient. First . discussed. in a US Air . Force. document in 70s. Used. in the . first. Internet Worm (. Ben Livshits. Based in part of Stanford class slides from . http://www.stanford.edu/class/cs295. /. and slides from Ben Zorn’s talk slides. My Lectures. Lecture 1. : . Introduction to . static. . C memory layout. We talked about the heap and stack last time.. Heap: dynamically allocated data (so grows and shrinks depending on objects created). Stack: grows and shrinks as functions are called and return. Serious Note. Try a web search for “buffer overflow exploit”.. Check alt.2600, rootshell.com, antionline.com – you can find long lists of . exploits. based on buffer overflow.. Even the original version of . Trausti Saemundsson, . Reykjavik University. Introduction. I am Trausti Saemundsson, a MSc student at Reykjavik University in Iceland . My supervisor is Ymir Vigfusson . I´m here in London doing research with Gregory Chockler on a multitenant cache algorithm . David Brumley. Carnegie Mellon University. You will find. a. t least one . error. on each set of slides. . :). 2. Red. format c:. Blue. vs.. 3. An Epic Battle. Red. format c:. Blue. Bug. 4. Find. . Exploitable. 1. Malware. [SOUP13] defines malware as:. “a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or otherwise annoying or disrupting the victim.” . Troubleshooting Broken Code – In C. There are a number of differences between the Coding .  . Running cycle of C and languages like Python.. The a C program goes through the following stages before it is a proper executable.. Why should we validate data input into a program?. i.e., What might happen if we do not validate input data?. See slides 2 through 5 for details. How can data be input into a program?. i.e., What are the sources of external data?. Dan Fleck. CS469 Security Engineering. Reference: . http://. www.thegeekstuff.com. /2013/06/buffer-overflow/ . Coming up: Buffer Overflows. 1. 1. Buffer Overflows. Buffer overflows occur when some sized portion of memory is overwritten with something bigger..