lecture10

lecture10 - Lecture 10: Buffer Overflow* CS 392/6813:...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
Lecture 10: Buffer Overflow * CS 392/6813: Computer Security Fall 2008 Nitesh Saxena * Adopted from a previous lecture by Aleph One ( Smashing the Stack for Fun and Profit ) and Stanislav Nurilov 11/21/2008 Lecture 9 - Buffer Overflow 2 Course Admin ± HW#4 grades should be out soon ± HW7 was posted: ± Due 11/30 ± Advisable to form teams of two ± Solutions to HW5-6 to be provided very soon ± Final on Thursday, 12/18, 6 – 8:30pm?
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
11/21/2008 Lecture 9 - Buffer Overflow 3 Course Admin: HW #8 ± On Buffer Overflow ± Team up in groups of 2 each ± You will have (root) access to virtual machines in ISIS ± For the exercise, you’ll have to create a user account and work under that account ± Make sure that you don’t mess up the system ± Instructions and homework will follow later 11/21/2008 Lecture 9 - Buffer Overflow 4 Why study buffer overflow? ± Buffer overflow vulnerabilities are the most commonly exploited- account for about half of all new security problems (CERT) ± Are relatively easy to exploit ± Many variations on stack smash- heap overflows, etc. ± We’ll focus upon static buffer overflow vulnerabilities
Background image of page 2
11/21/2008 Lecture 9 - Buffer Overflow 5 Recall the Security Life Cycle Threats Policy Specification Design Implementation Operation and Maintenance Which stage? 11/21/2008 Lecture 9 - Buffer Overflow 6 How Computer Works ± There is a processor that interfaces with various devices ± Processor executes instructions ± Add, sub, mult, jump and various functions
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
11/21/2008 Lecture 9 - Buffer Overflow 7 Where to get the instructions from ± Each process “thinks” that it has 4GB (2^32) of (virtual) memory (assuming 32-bit processor) ± Instructions are loaded into the memory
Background image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 21

lecture10 - Lecture 10: Buffer Overflow* CS 392/6813:...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online