Buffer Overflows & Security Policies

Questions and Answers

Which of the following is a key characteristic of a buffer overflow?

• Writing more data to a buffer than it can hold. (correct)
• Reading data from a buffer without proper authorization.
• Cryptographic key mismanagement.
• Executing code in a privileged CPU mode.

Using strcpy is a recommended approach to prevent buffer overflows.

False (B)

What is the primary goal of a stack overflow attack?

To overwrite the return address on the stack.

A heap overflow corrupts heap ______.

structures

Match the following security mechanisms with their purpose:

Stack Canaries = Detect stack buffer overflows DEP (Data Execution Prevention) = Prevent execution of code in data regions ASLR (Address Space Layout Randomization) = Randomize memory addresses to hinder exploits Input Validation = Verifying user input for security

What is the primary difference between an information security policy and a procedure?

A policy describes what must be done, while a procedure describes how to do it. (B)

Digital signatures ensure both message confidentiality and integrity.

False (B)

What cryptographic key is used to create a digital signature?

Private key

A primary weakness of digital signatures is private key ______.

theft

Match the term with its definition:

Memory Safety = Prevents access to memory outside of valid bounds Type Safety = Ensures variables are only used consistently with their type Type Soundness = Guarantees type rules hold during execution

Which of the following is an example of an unsafe feature in C/C++ that can lead to security vulnerabilities?

Pointer arithmetic. (B)

Java's garbage collection helps prevent memory leaks and dangling pointers.

True (A)

What is a common C++ technique to violate type safety and access private fields of an object?

Casting objects

_______ abstraction provides separation between hardware, OS, language runtime, and apps.

Layered

Match the following terms with their definitions related to access control:

Least Privilege = Granting only the minimum necessary permissions RBAC = Role-Based Access Control Code Sandboxing = Executing code in a restricted environment

Which of the following is the best definition of a threat in the context of software security?

A potential event or actor that can exploit vulnerabilities. (D)

Threat modeling is a process of randomly guessing potential security threats.

False (B)

What does the acronym STRIDE stand for in threat modeling?

Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege

In the DREAD model, 'D' stands for _______.

Damage

Match the following security countermeasures with the threats they mitigate:

HTTPS = Eavesdropping Input Validation = Injection Strong Authentication = Spoofing

Flashcards

Buffer Overflow

Occurs when more data is written to a buffer than it can hold, overwriting adjacent memory.

Stack Overflow

Writing past the buffer on the stack and overwrites the return address.

Heap Overflow

Corrupting the heap memory management structures.

Information Security Policy

Formal document describing rules for protecting information assets.

Digital Signatures

Ensures message integrity and authentication using private/public keys.

Memory Safety

Prevents access to memory outside of valid bounds.

Type Safety

Ensures variables are only used in ways consistent with their type.

Type Soundness

Guarantees type rules hold during program execution.

Layered Abstraction

Separation between hardware, OS, language runtime, and applications.

Least Privilege

Users and software should have only the minimum permissions required.

Threat

A potential event or actor that can exploit vulnerabilities.

Threat Modelling

Identifies and prioritizes security threats in a system.

STRIDE

Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege.

DREAD Model

Damage, Reproducibility, Exploitability, Affected users, Discoverability.

Study Notes

• These are study notes based on a sample exam.

Buffer Overflows

• A buffer overflow happens when a buffer receives more data than it can store, overwriting adjacent memory locations.
• Key elements include the absence of bounds checking on memory buffers and the use of low-level memory access, such as in C/C++.
• Types include stack overflows, heap overflows, and format string attacks.
• Exploitation involves input exceeding buffer size, overwriting the return address with a pointer to malicious code, leading to the execution of attacker's code upon return.
• Prevention strategies are input validation and bounds checking, utilizing bounds-checked functions like strncpy, compiler protections like stack canaries, DEP, ASLR, and employing memory-safe languages like Java or Python.

Information Security Policies & Digital Signatures

• An information security policy constitutes a formal document outlining rules for information protection, covering access control, acceptable use, password rules, and incident response.
• An example includes a password policy mandating strong passwords and regular rotation.
• Distinctions between policy and procedure lie in the "what" (policy) versus the "how" (procedure).
• Digital signatures ensure message integrity and authentication through the use of private/public keys.
• The process involves hashing a message, encrypting the hash with the sender's private key to form a signature and the receiver then hashes the message, decrypts the signature using the sender's public key, and confirms integrity if the hashes match.
• Weaknesses include private key theft and reliance on a trusted Public Key Infrastructure (PKI).

Programming Language Safety & Type Soundness

• Memory safety prevents access to memory outside valid bounds.
• Type safety ensures variables are used consistently with their declared type.
• Type soundness guarantees type rules are maintained during execution.
• Unsafe features include pointer arithmetic (in C/C++) addressed by bounds-checked structures, and manual memory management that can be improved with garbage collection.
• An example of a C++ type violation is casting an object to access private fields, like reinterpreting an object's memory as a long to directly set a value.
• Java offers protections: no pointer arithmetic, array bounds checks, and automatic garbage collection.

Abstractions & Least Privilege

• Layered abstraction involves separation between hardware, OS, language runtime, and applications.
• Each layer enforces boundaries and policies.
• Example failures include a stack overflow crossing into the OS level or a VM escape compromising the host OS.
• Least privilege dictates that users and software should have only the minimum permissions required.
• Examples provided include non-root web server user accounts, Role-Based Access Control (RBAC) within applications, and code sandboxing techniques.
• Each abstraction layer enforces limited access to lower layers.

Threats & Threat Modeling

• A threat represents a potential event or actor that can exploit vulnerabilities.
• Threat modeling identifies and prioritizes security threats in a system.
• STRIDE is a model for classifying threats: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege.
• The threat modeling process involves identifying assets, diagramming architecture, decomposing the application, identifying threats using models like STRIDE, documenting threats and mitigations, and rating threats using DREAD.
• Example countermeasures: HTTPS for eavesdropping, input validation for injection attacks, and strong authentication for spoofing.
• DREAD model components: Damage, Reproducibility, Exploitability, Affected users, Discoverability.