2. Introduction
what is a buffer-overflow?
* Major vulnerability among computing.
* It's only one class of attack.
* there are many more classes of attacks.
* Why it's so popular.
How it exists in a software system.
-lack of software testing.
-weak personal.
-Two different minds.
3. It’s Not Your Computer Anymore!
WHAT?
what kind of things buffer-overflow can do?
- execute the arbitrary code.
- alter the program logic flow.
- Crash the host program
^ This leads to DDoS.
- bench system security.
- [in worst] by pass kernel security.
4. How It’s Works !
Stack overflow is only a one subtype from whole
the class of buffer-overflows.
Ex- Stack overflow.
- x86 machines are using a stack.
- How local variables stored.
- How return address is stored.
- insufficient bounds checking.
- So now it's not magic.
5.
6.
7. Targets Affected
- Calculator to Satiate. There are
example history stories.
- Microsoft windows OS.
- Microsoft GDI+ vulnerability
link:
- x86 computer architecture oses.
[Linux , BeOs, MacOs , etc etc]
- Web servers.
[ Apache , ISS]
Examples - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0010
http://www.cert.org/advisories/CA-2003-09.html
- Mobil Phones and embedded software.
- Most top secured places.
[ CIA , Pentagon, NSF are already hackzored ! :P ]
- Router and protocol stacks.
- car computer to far away satiate.
8. Fighting Back Against
- nothing called abstract security.
But there are things to lower the possibility.
- Automatic Static code analysis tools.
Ex- http://www.klocwork.com/products/insight/klocwork-truepath/index.php
- Libraries and compiler extensions.
Ex - Stack Guard from USENIX Security.
GCC Stack-Smashing Protector.
Microsoft Visual Studio /GS option.
IBM -qstackprotect option.
StackGhost. [static but uses help of hardware]
- Dynamic runtime code analysis tools, like ZoneAlarm.
- Dynamic level.
Dynamic level protection depends on hardware implementation.
- Data Execution Preventation bit.
- Hardware based bound checking.
- Segmented Protection.
- External protection like Antivirus Servers ,IDS firewalls, NAT, DMZ zones etc etc.
9. Finally
• Final Conclusion .
No matter what security we invoke or enforce, our
software/hardware and computers are still vulnerable to buffer
overflows. The most best way to prevent is code very carefully. Go
through more code reviews. Computing is a hostile environment !
“ I never travel on a plane ,if plane automatic control electronics uses
the software that I have written !”
-- James Glossring [author of Java
[ programming language and chief software
architect of Sun Microsystems]
Thanks.