Upload
sandun-perera
View
372
Download
1
Embed Size (px)
DESCRIPTION
This is my presentation 3
Citation preview
Buffer-overflows
How they able to execute arbitrary code in your computer remotely.
Introduction
what is a buffer-overflow? * Major vulnerability among computing. * It's only one class of attack. * there are many more classes of attacks. * Why it's so popular. How it exists in a software system. -lack of software testing. -weak personal. -Two different minds.
It’s Not Your Computer Anymore! WHAT?
what kind of things buffer-overflow can do? - execute the arbitrary code. - alter the program logic flow. - Crash the host program ^ This leads to DDoS. - bench system security. - [in worst] by pass kernel security.
How It’s Works !
Stack overflow is only a one subtype from whole the class of buffer-overflows.Ex- Stack overflow. - x86 machines are using a stack. - How local variables stored. - How return address is stored. - insufficient bounds checking. - So now it's not magic.
Targets Affected - Calculator to Satiate. There are example history stories. - Microsoft windows OS. - Microsoft GDI+ vulnerability link: - x86 computer architecture oses. [Linux , BeOs, MacOs , etc etc] - Web servers. [ Apache , ISS] Examples - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0010 http://www.cert.org/advisories/CA-2003-09.html - Mobil Phones and embedded software. - Most top secured places. [ CIA , Pentagon, NSF are already hackzored ! :P ] - Router and protocol stacks. - car computer to far away satiate.
Fighting Back Against - nothing called abstract security. But there are things to lower the possibility. - Automatic Static code analysis tools. Ex- http://www.klocwork.com/products/insight/klocwork-truepath/index.php - Libraries and compiler extensions. Ex - Stack Guard from USENIX Security. GCC Stack-Smashing Protector. Microsoft Visual Studio /GS option. IBM -qstackprotect option. StackGhost. [static but uses help of hardware] - Dynamic runtime code analysis tools, like ZoneAlarm.
- Dynamic level. Dynamic level protection depends on hardware implementation. - Data Execution Preventation bit. - Hardware based bound checking. - Segmented Protection. - External protection like Antivirus Servers ,IDS firewalls, NAT, DMZ zones etc etc.
Finally• Final Conclusion . No matter what security we invoke or enforce, our software/hardware and computers are still vulnerable to buffer overflows. The most best way to prevent is code very carefully. Go through more code reviews. Computing is a hostile environment !
“ I never travel on a plane ,if plane automatic control electronics uses the software that I have written !” -- James Glossring [author of Java [ programming language and chief software architect of Sun Microsystems]
Thanks.
Thank You !