Buffer overflows


Published on

This is my presentation 3

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Buffer overflows

  1. 1. Buffer-overflows How they able to execute arbitrary code in your computer remotely.
  2. 2. Introduction what is a buffer-overflow? * Major vulnerability among computing. * It's only one class of attack. * there are many more classes of attacks. * Why it's so popular. How it exists in a software system. -lack of software testing. -weak personal. -Two different minds.
  3. 3. It’s Not Your Computer Anymore! WHAT? what kind of things buffer-overflow can do? - execute the arbitrary code. - alter the program logic flow. - Crash the host program ^ This leads to DDoS. - bench system security. - [in worst] by pass kernel security.
  4. 4. How It’s Works ! Stack overflow is only a one subtype from whole the class of buffer-overflows. Ex- Stack overflow. - x86 machines are using a stack. - How local variables stored. - How return address is stored. - insufficient bounds checking. - So now it's not magic.
  5. 5. Targets Affected - Calculator to Satiate. There are example history stories. - Microsoft windows OS. - Microsoft GDI+ vulnerability link: - x86 computer architecture oses. [Linux , BeOs, MacOs , etc etc] - Web servers. [ Apache , ISS] Examples - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0010 http://www.cert.org/advisories/CA-2003-09.html - Mobil Phones and embedded software. - Most top secured places. [ CIA , Pentagon, NSF are already hackzored ! :P ] - Router and protocol stacks. - car computer to far away satiate.
  6. 6. Fighting Back Against - nothing called abstract security. But there are things to lower the possibility. - Automatic Static code analysis tools. Ex- http://www.klocwork.com/products/insight/klocwork-truepath/index.php - Libraries and compiler extensions. Ex - Stack Guard from USENIX Security. GCC Stack-Smashing Protector. Microsoft Visual Studio /GS option. IBM -qstackprotect option. StackGhost. [static but uses help of hardware] - Dynamic runtime code analysis tools, like ZoneAlarm. - Dynamic level. Dynamic level protection depends on hardware implementation. - Data Execution Preventation bit. - Hardware based bound checking. - Segmented Protection. - External protection like Antivirus Servers ,IDS firewalls, NAT, DMZ zones etc etc.
  7. 7. Finally • Final Conclusion . No matter what security we invoke or enforce, our software/hardware and computers are still vulnerable to buffer overflows. The most best way to prevent is code very carefully. Go through more code reviews. Computing is a hostile environment ! “ I never travel on a plane ,if plane automatic control electronics uses the software that I have written !” -- James Glossring [author of Java [ programming language and chief software architect of Sun Microsystems] Thanks.