filmov
tv
Operating System #38 How to Prevent Buffer Overflow Attacks
Показать описание
Operating System #38 How to Prevent Buffer Overflow Attacks
01:30 Non-executable stack:
• Mark the stack pages as non-executable
Non Executable Stack Implementations
• In Intel processors, NX bit present to mark stack as non-executable.
• Works for most programs
• Does not work for some programs that NEED to execute from the stack.
– Eg. Linux signal delivery.
04:13 Return to Libc Attack
10:50 Limitation of ret2libc: “Difficult to execute arbitrary code”
Return Oriented Programming Attacks
• Discovered by Hovav Shacham of Stanford University
• Allows arbitrary computation without code injection
– thus can be used with non executable stacks
16:23 Other Precautions for buffer overflows
• Use a programming language that automatically check array bounds
– Example java
• Use securer libraries. For example C11 annex K, gets_s, strcpy_s, strncpy_s, etc.
(_s is for secure)
Canaries:
Known (pseudo random) values placed on stack to monitor buffer overflows.
• A change in the value of the canary indicates a buffer overflow.
• Implemented in gcc by default.
• Evaded if canary is known
Bounds Checking
• Check accesses to each buffer so that it cannot be beyond the bounds
• In C and C++, bound checking performed at pointer calculation time or dereference time.
• Requires run-time bound information for each allocated block.
Address Space Randomization
• Attackers need to know specific locations in the code.
– For instance, where the stack begins
– Where functions are placed in memory, etc.
• Address space layout randomization (ASLR) makes this difficult by randomizing the address space layout of the process
01:30 Non-executable stack:
• Mark the stack pages as non-executable
Non Executable Stack Implementations
• In Intel processors, NX bit present to mark stack as non-executable.
• Works for most programs
• Does not work for some programs that NEED to execute from the stack.
– Eg. Linux signal delivery.
04:13 Return to Libc Attack
10:50 Limitation of ret2libc: “Difficult to execute arbitrary code”
Return Oriented Programming Attacks
• Discovered by Hovav Shacham of Stanford University
• Allows arbitrary computation without code injection
– thus can be used with non executable stacks
16:23 Other Precautions for buffer overflows
• Use a programming language that automatically check array bounds
– Example java
• Use securer libraries. For example C11 annex K, gets_s, strcpy_s, strncpy_s, etc.
(_s is for secure)
Canaries:
Known (pseudo random) values placed on stack to monitor buffer overflows.
• A change in the value of the canary indicates a buffer overflow.
• Implemented in gcc by default.
• Evaded if canary is known
Bounds Checking
• Check accesses to each buffer so that it cannot be beyond the bounds
• In C and C++, bound checking performed at pointer calculation time or dereference time.
• Requires run-time bound information for each allocated block.
Address Space Randomization
• Attackers need to know specific locations in the code.
– For instance, where the stack begins
– Where functions are placed in memory, etc.
• Address space layout randomization (ASLR) makes this difficult by randomizing the address space layout of the process
0:28:57
4:39:24
0:20:05
0:06:05
0:23:36
0:10:24
0:01:00
0:08:32
5:21:53
0:11:33
0:31:37
0:16:04
0:34:37
0:07:29
0:05:45
0:01:38
0:06:05
0:07:40
0:14:28
0:55:33
0:36:15
0:12:38
0:04:18
0:07:07