Answer & Explanation:Dearhere is Assignment 4,please find the attachments.Thanks
assignment4.docx
bufferoverflow.pptx
microsoft_visual_c.doc
Unformatted Attachment Preview
Assignment 4
Buffer Overflow
Summary:
Buffer overflow occurs when data is input or written beyond the allocated bounds of an object, such
as an array, causing a program crash or creating a vulnerability that attackers might exploit.
Description:
A buffer overflow occurs when data is written beyond the boundaries of a fixed length buffer
overwriting adjacent memory locations which may include other buffers, variables, and program flow
instructions. Considered the “nuclear bomb” of the software industry, the buffer overflow is one of the
most persistently exploited security vulnerabilities.
Risk: How Can It Happen?
Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or
cause the execution of malicious code. C++ is particularly vulnerable to buffer overflows.
Example of Occurrence:
Buffer overflow vulnerabilities were exploited by the first major attack on the Internet. Known as the
Morris worm, this attack infected more than 60,000 machines and shut down much of the Internet for
several days in 1988.
Example in Code:
In the code above, buffer has 10 elements but the loop writes 15 elements, which overwrites
important Data.
Assignment 4
Answer the following questions:
Question 1:
A buffer overflow can write over adjacent data such as:
Variables
Program flow instructions
Other buffers
(Hint: Read summary and description sections to answer this question)
Question 2:
An unchecked buffer overflow causes:
Data to be corrupted
A program crash
The program to correct itself
The execution of malicious code
Unexpected behavior
(Hint: Read Risk and Examples of Occurrence sections to answer this question)
Code Responsibly– How Can I Avoid Buffer
Overflow?
•
•
Make sure you have enough space: When using static arrays, be sure that the size of the array
is large enough to hold the maximum amount of data that it may need.
Validate indices: If you have an integer variable, verify that it is within the proper bounds before
you use it as an index to an array. This validation is particularly important for any values that
might have been provided as user input or other untrusted input, such as information that might
be read from a file or from a network connection.
Assignment 4
Answer the following questions:
Question 3:
A variable used for an array index could be obtained from:
A file
A network
User input
(Hint: Read summary and description sections to answer this question)
Question 4:
Given the following array:
int scores[100];
Specify the legal range or bounds for an array index i:
0 < i < 100
0 < i <= 100
0 <= i < 100
0 <= i <= 100
(hint:Read Risk and Examples of Occurrence sections to answer this question )
Assignment 4
Programming assignment:
Type (do not copy and paste) the example in code into a program and compile. Run the
program.
Example in Code:
Question 5:
What happened when you compile and run the example in code? Why?
Question 6:
Fix the error and run again. Paste your code in the word document.
Assignment 4
Type (do not copy and paste) Program 1 and compile. Run the program.
Program 1:
Question 7: Please complete the following table:
Security Checklist
Vulnerability: Buffer Overflow
Task - Check each line of code
1. Finding Arrays:
Type the line of code with an array declaration in the above code
For this array, type the line of code which references the array
2. Index Variables – the range i of legal indices for an array of n elements is
0 <= i < n
2.1. Write the legal range of index i.
2.2. Type the line of code in which the array index (i) is modified
2.3. Type the line of code where a value is assigned to the array.
Gray highlighted areas indicate a buffer overflow vulnerability.
Completed
Assignment 4
Question 8:
The gray highlighted areas in the checklist indicates where the potential buffer could occur. How
could we prevent this?
Buffer Overflow
Questions
• How do we keep programs free from flaws?
• How do we protect computing resources
against programs that contain flaws?
Introduction
• Program flaws take many forms
– Inadvertent human errors
– Malicious human errors
• System attack – exploiting an unintentional
program flaw to perform intentional
damage
Techniques to Stop all Program Flaws?
• Sadly no…
• Almost impossible to ensure that a
program does precisely what was
intended and nothing more
• Programming techniques change and
evolve more rapidly that computer
security techniques
Types of Flaws
• Input validation error
• Inadequate identification and authentication
• Other exploitable logic errors
Buffer Overflows
• Buffer (or array or string) = space in which
data is held
What is a Buffer Overflow?
• It is to overwrite the parts of the memory,
which aren’t supposed to be overwritten, by a
segment of code and making the process
execute it.
• Mostly due to lack of safe string-handling
routines and no run-time checking of array
boundaries.
Buffer overflow
• Depending on the location of the memory and
the size of the overflow, a buffer overflow may
go undetected but can:
– corrupt data
– cause misbehavior
– terminate the program abnormally
Process Memory Organization
Text Segment
• Read-only segment
• Contains the assembly instructions for the
program
• There is instruction pointer that points to the
Next instruction to be executed.
Data Segment
•
•
•
•
Contains static and global Data
Fixed size
Initialized Data Segment
Uninitialized Data Segment
(Also refer to as block storage segment (BSS))
Stack segment
• Stack pointer (register) points to the top of
the stack; either to the last element on the stack
or the next free available memory on the stack,
depends on the implementation.
Activation/Stack Frame
•
•
•
•
Parameters
Local data
Saved state information
Frame pointer
– Base pointer register
– When a function is called the frame pointer of calling
function is also pushed on the stack
• Return address
• Temporary storage
Heap Segment
• Segment of memory which holds dynamic data
that is allocated and deallocated through
library procedures.
• Grows towards the stack
Example
Void main () {
char buf [1024];
gets (buf);
}
Buffer Overflow Sources in C
• No bound check on arrays and pointer
references.
• Several unsafe string operations in C Library
– Strcpy()
– Gets()
Buffer Overflow
bool rootPriv = false;
char name[8];
cin >> name;
• When the program reads the name “Smith”
S
m
i
t
h
char name[8]
false
rootPriv
Buffer Overflow
bool rootPriv = false;
char name[8];
cin >> name;
• When the program reads the name “Armstrong”
A
r
m
s
t
r
char name[8]
o
n
g
rootPriv
Overflow
• A buffer overflow exploit occurs when a user
enters data that exceeds the memory reserved
for the input. The input can change adjacent
data or the return address on the stack.
char myStuff[4];
W X
Y
Z
0
0
0
0
Program Stack
Return address
16
4
4
4
AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAA
buffer
sfp
ret
*str
The return address is overwritten with ‘AAAA’ (0x41414141)
Function exits and goes to execute instruction at 0x41414141…..
Top of memory
Bottom of stack
Bottom of memory
Top of stack
Example
So What?
• We have seen how we can overwrite the return
address of our own program to crash it or skip
a few instructions.
• How can these principles be used by an
attacker to hijack the execution of a program?
Buffer Overrun Results
• If you are lucky, you get an access violation error
– Denial of service against servers
• If you are unlucky, you get instability
– Difficult to debug
• If you are really unlucky, the hacker injects code into
your process and then executes it with the same
privileges as the process
– Hence, use the principle of least privilege
– Use least privileged accounts to run processes
Output to figure out the Next Instr Addr
What can the attackers do once they
are executing code?
• Use any privileges of the process! If the
process is running as root or Administrator, it
can do whatever it wants on the system.
• Even if the process is not running as root, it
can send spam, read files, and interestingly,
attack or subvert other machines behind the
firewall.
why didn’t the OS notice that the
buffer has been overrun?
• As far as the OS is aware, nothing strange has
happened! Remember that, to a first
approximation, the OS only gets invoked when
the program does IO or IPC.
• Other than that, the OS basically sits back and
lets the program execute, relying on hardware
to prevent processes from tampering with
each other’s memory.
Approaches
• Approach #1: Avoid bugs in C code
• Approach #2: Build tools to help programmers
find bugs
• Approach #3: Use a memory-safe language
(JavaScript, C#, Python).
Malicious code
• Malicious code can be:
• A program
• A part of a program
• A program attached to another program
Crafting an Exploit
• Find a vulnerability
• Overwrite the return address to direct the
control flow to a place of your choosing
– Back to injected code on the stack/heap
• Directly or indirectly
– To code already in the program (or libraries)
Shellcode
• A shellcode is a small piece of code used in the
exploitation of a software vulnerability and is
injected into the memory.
• Easily available on the Internet
Kinds of Malicious Code
• Malicious code/rogue program – generic
name for unanticipated or undesired effects
in programs caused by an agent intent on
damage
• Virus – program that can pass on malicious
code to other nonmalicious programs by
modifying them
– Transient – runs with attached program
– Resident – remains active after attached
program ends
Kinds of Malicious Code
(continued)
• Trojan horse – in addition to its primary function, has a
nonobvious malicious effect
• Logic bomb – goes off when a specified condition
occurs
• Time bomb – logic bomb whose trigger is a time or date
• Trapdoor/backdoor – an access to a program other than
the obvious direct call
• Worm – spreads or copies itself through a network
How Viruses Attach
• A virus has to be executed
– Attaches itself to a program and runs whenever
the program runs – simple and effective
Virus
Original
Program
Virus
Original
Program
Problematic Virus Qualities
• Hard to detect
• Hard to destroy or deactivate
• Spreads infection widely
DETECTION AND PREVENTION
OF BUFFER OVERFLOW
ATTACKS
Buffer Overflow
• The goals of buffer overflows are to change
variables, return addresses, or function pointers.
Variables and function pointers may be modified
by overflows in any area, while return addresses
may be modified only on the stack. Changing
return addresses and function pointers alter flow
of control, while changing variables results in
changes to data.
• Example of data buffer overflow: username &
password which were allocated next to each other.
Preventing Buffer Overflows
➢Detect and remove vulnerabilities from the
source code (code auditing)
➢Time consuming and many vulnerabilities will
be missed
➢Prevent code injection
➢Detect code injection
➢Prevent code execution
Kernel-enforced Techniques
• Non-executable memory pages:
– Make the memory that holds the stack, heap,
anonymous memory mappings and any section not
specifically marked as executable.
– Every memory mapping should have permission
attributes.
– Under normal operation, a memory segment may
have both write and execute permissions; however,
to prevent buffer overflows this should not be
allowed.
Kernel-enforced Techniques
• Address Space Layout Randomization
– Randomizes the layout of the process address
space, e.g. the locations of the stack, heap, loaded
libraries and executable binaries, etc.
– It reduces the success rate of an exploit that relies
on hardcoded addresses.
Stack-gap randomization
• Introduce random gaps between objects
– Randomly pad between frame pointer and local
variables
– Randomly pad between static variables
Compiler-enforced Techniques
• Stack Guard
– Places a “canary” on the stack between stack
pointer and the return address
– Initialized to some random number at program
start up
– Before using the return address, it checks the
canary with the initial value. If it is different, there
was an overflow and the program terminates.
Stack Guard
Low address
Local Variables
Old Frame Pointer
Canary Value
Return Address
Arguments
High address
Stack Guard
• Canary value must be either hard to guess or it
may use a special fix value composed of 0,
CR, LF and -1
• These special values are very difficult to be
inserted as part of the exploit
Compiler-enforced Techniques
• ProPolice Stack-Smashing Protection (SSP)
– Re-arranges argument locations, return addresses,
previous frame pointers and local variables.
– Allocate space for the buffers and local variables
below the return address.
– Overflowing a buffer doesn’t overwrite the return
address
ProPolice Stack-Smashing Protection
Low address
Arguments (A)
Return Address
Old Frame Pointer
Canary Value
Arrays (B)
High address
Local Variables (C )
Stack Shield
• A Linux security add-on
• Maintain a different stack of return addresses
in a different data segment (Global Return
Stack).
• Upon return, copies RA from GRS to the run –
time stack.
• Prevents an attack but does not detect it – it
does not compare values.
RAD
• Return address defender (RAD)
• Similar to StackShield stores a copy of return
addresses in a repository.
• It uses the OS memory protection and makes
the repository/ memory page read-only.
Instruction Set Encryption
• Encrypt code segment in memory
• Decrypt on CPU just before execution
• Injected code would need to guess the key to
be able to properly encrypt
• Needs hardware support to be efficient!
Proof-carrying Code
• Binary programs are bundled with a
machine-verifiable “proof” of what the
program is going to do.
• Execution behavior of the program is
observed by a security monitor
• Any deviations will be flagged
SmashGuard
• Hardware supported technique
• Modifies CALL instruction
• Stores copy of the return address within the
processor area.
• Raises a hardware exception if there is a
discrepancy
Microsoft Visual Studio 2013 Cheat Sheet
Creating a new C++ project:
STEP #1. From Start,
Select Programs → Microsoft Visual Studio 2013
STEP #2. On the menu bar, select File → New → Project
Select Visual C++ Projects on the left (under Templates),
select WIN32 on the left (under Visual C++)
and Win32 Console Application on the right
Type the project name (such as Lab0) in the Name text field
If you wish, type a directory in the Location field, Click OK.
STEP #3. Select Application Settings on the left.
Make sure that the Application Type is set to Console Application, select Empty Project
Click Finish.
STEP #4. Can you see the Solution Explorer window? If not, select View → Solution Explorer
STEP #5. In the Solution Explorer window,
Right–click on Source Files
select Add → Add New Item.
Select Visual C++, select C++ File(.cpp)
type the file name (such as Lab0), in the Name text field and click Add.
STEP #6. EDIT: Type in your program.
STEP #7. On the menu bar, select File → Save.
STEP #8. COMPILE: Under Solution Explorer, right click on the file name and select Compile
Errors?
double click the error message
correct any typing/syntax errors in the program and repeat step 8
STEP #9. BUILD: On the menu bar, select BUILD → Build Solution
STEP #10. RUN: On the menu bar, select Debug → Start Debugging.
…
Purchase answer to see full
attachment
