SECURITY IN COMPUTING FIETH EDITION Chapter 3: Programs and Programming 授课教师:高海波 可南中医药大学 信息管理与信息系统教研室 From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
SECURITY IN COMPUTING, FIFTH EDITION Chapter 3: Programs and Programming From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 1 授课教师:高海波 河南中医药大学 信息管理与信息系统教研室
2 Objectives for Chapter 3 Learn about memory organization, buffer overflows and relevant countermeasures Common programming bugs, such as off-by-one errors, race conditions, and incomplete mediation Survey of past malware and malware capabilities Virus detection Tips for programmers on writing code for security From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Objectives for Chapter 3 • Learn about memory organization, buffer overflows, and relevant countermeasures • Common programming bugs, such as off-by-one errors, race conditions, and incomplete mediation • Survey of past malware and malware capabilities • Virus detection • Tips for programmers on writing code for security 2 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
3 Memory Allocation High addresses Stack Heap Static data Code Low addresses From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Memory Allocation 3 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Data vs Instructions Store sum =7178 XIC0A Execute instruction Jump forward 10 bytes” Me From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Data vs. Instructions 4 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
5 Memory Organization esses Stack Heap Local Data rogram Code System Data System Code ow addresses From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Memory Organization 5 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
6 Buffer Overflows Occur when data is written beyond the space allocated for it, such as a 10th byte in a 9-byte array In a typical exploitable buffer overflow, an attacker's inputs are expected to go into regions of memory allocated for data but those inputs are instead allowed to overwrite memory holding executable code The trick for an attacker is finding buffer overflow opportunities that lead to overwritten memory being executed, and finding the right code to input From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Buffer Overflows • Occur when data is written beyond the space allocated for it, such as a 10th byte in a 9-byte array • In a typical exploitable buffer overflow, an attacker’s inputs are expected to go into regions of memory allocated for data, but those inputs are instead allowed to overwrite memory holding executable code • The trick for an attacker is finding buffer overflow opportunities that lead to overwritten memory being executed, and finding the right code to input 6 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
7 How Buffer Overflows Happen char sample [10 int li for(i=0;i<=9;i++) sample[i] A sample[10] B From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
How Buffer Overflows Happen char sample[10]; int i; for (i=0; i<=9; i++) sample[i] = ‘A’; sample[10] = ‘B’; 7 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
8 Where a Buffer can Overflow Users Data Memory (a) Affects users data User's data User's Program Code AAAAAAJAJAAAB (b) Affects users code Users Data System Data (c) Affects system data Users Data System Program Code (d) Affects system code From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Where a Buffer Can Overflow 8 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
9 The stack Stack P3 P2 Direction of growth P1 Prog Ctr Stack Ptr From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
The Stack 9 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
The stack after Procedure calls Procedure B Stack Procedure a P3 ca P2 call B P1 Prog ctr Stack ptr Procedure c P2 P1 Prog ctr Stack ptr From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
The Stack after Procedure Calls 10 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved