A trusted system utility i network service daemon i

This preview shows page 38 - 45 out of 51 pages.

A trusted system utility I Network service daemon I Commonly used library code I Shellcode functions I Launch a remote shell when connected to I Create a reverse shell that connects back to the hacker I Use local exploits that establish a shell I Flush firewall rules that currently block other attacks I Break out of a chroot (restricted execution) environment, giving full access to the system
Image of page 38

Subscribe to view the full document.

Buffer Overflow Defenses I Buffer overflows are widely exploited I Two broad defense approaches I Compile-time I Aim to harden programs to resist attacks in new programs I Run-time I Aim to detect attacks and abort in existing programs
Image of page 39
Compile-Time Defenses: Programming Language I Use a modern high-level language I E.g., Java, Python, Perl, C#, ... I Not vulnerable to buffer overflow attacks I Compiler enforces range checks and permissible operations on variables I Disadvantages I Additional code must be executed at runtime to impose checks I Flexibility and safety come at a cost I Distance from the underlying machine language and architecture means that access to some instructions and hardware resources is lost I Limits their usefulness in writing code, such as device drivers, that must interact with such resources
Image of page 40

Subscribe to view the full document.

Compile-Time Defenses: Safe Coding Techniques I C designers placed much more emphasis on space efficiency and performance considerations than on type safety I Assumed programmers would exercise due care in writing code I Programmers need to inspect the code and rewrite any unsafe coding I An example of this is the OpenBSD project I Programmers have audited the existing code base, including the operating system, standard libraries, and common utilities I This has resulted in what is widely regarded as one of the safest operating systems in widespread use
Image of page 41
Examples of Unsafe C Code Unsafe byte copy: int copy_buf(char *to, int pos, char *from, int len) { int i; for (i=0; i<len; i++) { to[pos] = from[i]; pos++; } return pos; } Unsafe byte input: short read_chunk(FILE *fil, char *to) { short len; fread(&len, 2, 1, fil); /* read length of binary data */ fread(to, 1, len, fil); /* read len bytes of binary data */ return len; }
Image of page 42

Subscribe to view the full document.

Compile-Time Defenses: Language Extensions / Safe Libraries I Handling dynamically allocated memory is more problematic because the size information is not available at compile time I Requires an extension and the use of library routines I Programs and libraries need to be recompiled I Likely to have problems with third-party applications I Concern with C is use of unsafe standard library routines I One approach has been to replace these with safer variants I Libsafe is an example I Library is implemented as a dynamic library arranged to load before the existing standard libraries
Image of page 43
Compile-Time Defenses: Stack Protection I Add function entry and exit code to check stack for signs of corruption I Use random canary I Value needs to be unpredictable I Should be different on different systems I Stackshield and Return Address Defender (RAD) I GCC extensions that include additional function entry and exit code I Function entry writes a copy of the return address to a safe region of memory I Function exit code checks the return address in the stack frame against the saved copy I If change is found, aborts the program
Image of page 44

Subscribe to view the full document.

Image of page 45
  • Spring '18
  • Virtual memory, Call stack

{[ snackBarMessage ]}

Get FREE access by uploading your study materials

Upload your study materials now and get free access to over 25 million documents.

Upload now for FREE access Or pay now for instant access
Christopher Reinemann
"Before using Course Hero my grade was at 78%. By the end of the semester my grade was at 90%. I could not have done it without all the class material I found."
— Christopher R., University of Rhode Island '15, Course Hero Intern

Ask a question for free

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern