Software Security Lecture Notes PDF
Document Details
Uploaded by CarefreeBlankVerse5061
Maastricht University
Tags
Summary
This document provides a lecture on software security, focusing on buffer overflow attacks and their consequences, and countermeasures. It includes examples such as the Ariane 5 and NASA Mars Lander incidents. The document is suitable for an undergraduate computer science course.
Full Transcript
06 Softwaresecurity Why should we care? Insecure software can have disastrous consequences Even if no one attacked it on purpose! DEPARTMENT OF ADVANCED COMPUTING SCIENCES, MAASTRICHT UNIVERSITY COMPUTER SECURITY | 2 Examples Ariane V Software of...
06 Softwaresecurity Why should we care? Insecure software can have disastrous consequences Even if no one attacked it on purpose! DEPARTMENT OF ADVANCED COMPUTING SCIENCES, MAASTRICHT UNIVERSITY COMPUTER SECURITY | 2 Examples Ariane V Software of Ariane IV was reused without changes Different hardware led to software failure More Information: http://sunnyday.mit.edu/nasa-class/Ariane5-report.html DEPARTMENT OF ADVANCED COMPUTING SCIENCES, MAASTRICHT UNIVERSITY COMPUTER SECURITY | 3 Examples NASA Mars Lander Bug in translation between imperial and metric units Cost approx. 165 Mio. Dollars More Information: https://www.nature.com/articles/35006700 DEPARTMENT OF ADVANCED COMPUTING SCIENCES, MAASTRICHT UNIVERSITY COMPUTER SECURITY | 4 Exploits A bug most often only causes a system to fail However, it gets worse if an attacker wants to exploit the bug Exploits most often make use of a buffer overflow DEPARTMENT OF ADVANCED COMPUTING SCIENCES, MAASTRICHT UNIVERSITY COMPUTER SECURITY | 5 Examples of Buffer Overflow Attacks Morris worm (1988, overflow in fingerd) infected approx. 6000 machines CodeRed (2001, overflow in MS-IIS) infected approx. 300.000 machines in 14 hours SQL Slammer (2003, overflow in MS-SQL server) infected approx. 75.000 machins in 10 minutes (sic!) DEPARTMENT OF ADVANCED COMPUTING SCIENCES, MAASTRICHT UNIVERSITY COMPUTER SECURITY | 6 What is a buffer overflow? If the buffer of a program is too small for a given input, something beyond gets overwritten In most cases this leads to a program crash, because nonsense is written to the memory DEPARTMENT OF ADVANCED COMPUTING SCIENCES, MAASTRICHT UNIVERSITY COMPUTER SECURITY | 7 What is a buffer overflow? II cmd = read_input(); do_something(cmd); [...] int do_something(char* InputString) { char buffer; strcpy (buffer, InputString); [...] return 0; } DEPARTMENT OF ADVANCED COMPUTING SCIENCES, MAASTRICHT UNIVERSITY COMPUTER SECURITY | 8 How to exploit a buffer overflow? If an attacker knows where the overflow occurs, it can be exploited: return addresses can be overwritten additional code can be injected into the program DEPARTMENT OF ADVANCED COMPUTING SCIENCES, MAASTRICHT UNIVERSITY COMPUTER SECURITY | 9 Memory layout of a program A program's memory normally consists of three different parts: code segment, which contains the program code heap segment, which is used for dynamic memory allocation stack segment, which is used for temporary storage of variables and registers DEPARTMENT OF ADVANCED COMPUTING SCIENCES, MAASTRICHT UNIVERSITY COMPUTER SECURITY | 10 Memory layout of a program II Stack Heap Code DEPARTMENT OF ADVANCED COMPUTING SCIENCES, MAASTRICHT UNIVERSITY COMPUTER SECURITY | 11 Memory layout of a program III A c-program puts parameters of a function, the return address and local variables on the stack Additional information is appended to the stack The data segment of a function is called stackframe DEPARTMENT OF ADVANCED COMPUTING SCIENCES, MAASTRICHT UNIVERSITY COMPUTER SECURITY | 12 Memory layout of a program IV Three values are appended to the stack: the stack pointer (ESP), points to the current end of the stack the base pointer (EBP), points to the start of the stack when a function is called the instruction pointer (EIP), points to the next program instruction DEPARTMENT OF ADVANCED COMPUTING SCIENCES, MAASTRICHT UNIVERSITY COMPUTER SECURITY | 13 Manipulation of the stack if user input is written to the memory without sanitazition, it can overwrite the EIP the actual position of the EIP and therefore the needed length of input can be found by analysis of the program if a special program is written to exploit the buffer overflow, this program is called exploit itself DEPARTMENT OF ADVANCED COMPUTING SCIENCES, MAASTRICHT UNIVERSITY COMPUTER SECURITY | 14 Countermeasures Know what you're doing ;-) Advanced compiler functionality DEPARTMENT OF ADVANCED COMPUTING SCIENCES, MAASTRICHT UNIVERSITY COMPUTER SECURITY | 15