The document discusses buffer overflow attacks and preventative measures. A buffer overflow occurs when a program writes more data to a buffer than it has allocated space for. This can overwrite adjacent memory and allow attackers to insert malicious code. There are several types of buffer overflow attacks, including stack, heap, and Unicode overflow attacks. Developers can help prevent attacks through techniques like address space randomization, data execution prevention, and coding in secure languages.

1. BUFFER
OVERFLOW
ATTACKS AND
PREVENTATIVE
MEASURES
PRESENTED BY:
GOLF TEAM

2. WHAT IS A BUFFER?
 A Buffer is temporarily allocated physical memory that is used to transfer data from one place to
another and is typically used to enhance performance (CloudFlare.com, n.d., para. 3).
 An example of this would be when watching videos on the internet, such as YouTube, or Netflix. A
Buffer is used to store x amount of data from the video and the video is streamed from the Buffer to
account for the fluctuation in internet speeds, ensuring your video plays seamlessly (CloudFlare.com,
n.d., para. 3).

3. WHAT IS A BUFFER OVERFLOW?
 Buffers have an allotted amount of space capacity, and a Buffer Overflow is when a program or
software exceeds the capacity of the space allocated for that buffer or space in memory (CloudFlare.com,
n.d., para. 1).
 An example would be a blown fuse. Each fuse has a rating for how much current can pass through it, if
too much current is passed through the fuse, it breaks.
 The same goes for a Buffer. If the buffers capacity is exceeded, adjacent spaces in memory will get
overridden. Attackers will deliberately aim for spaces in memory that contain executable code and can
then take complete control by inserting malicious code into those now empty spaces in memory
(CloudFlare.com, n.d., para. 6).

4. BUFFER OVERFLOW
CONTINUED…
 In the figure, the allocated
buffer space is 8 byte. Its
overflow is by 2 bytes.
Figure 1: Example of a buffer overflow (CloudFlare.com, n.d.).

5. TYPES OF BUFFER OVERFLOW ATTACKS
 Integer Overflow Attacks – “In an integer overflow, an arithmetic operation results in an integer (whole
number) that is too large for the integer type meant to store it; this can result in a buffer overflow”
(CloudFlare.com, n.d., para. 13).
 Stack Overflow Attacks – “This is the most common type of buffer overflow attack and involves overflowing a
buffer on the call stack*” (CloudFlare.com, n.d., para. 13).
 Heap Overflow Attacks – “This type of attack targets data in the open memory pool known as the heap*”
(CloudFlare.com, n.d., para. 13).
 Unicode Overflow Attacks – “A Unicode overflow creates a buffer overflow by inserting Unicode characters
into an input that expect ASCII characters. (ASCII and Unicode are encoding standards that let computers
represent text. For example the letter ‘a’ is represented by the number 97 in ASCII. While ASCII codes only
cover characters from Western languages, Unicode can create characters for almost every written language on
earth. Because there are so many more characters available in Unicode, many Unicode characters are larger
than the largest ASCII character)” (CloudFlare.com, n.d., para. 13).

6. INTEGER OVERFLOW ATTACKS
 An Integer is a type of variable that holds whole numbers (no fractions, or decimal points/floating point
numbers). Depending on the system’s architecture, declaring an integer can allocate different amounts
of memory such as 32-bit, 64-bit, etc. (Blexim., n.d.).
 An Integer Overflow is when the input given to the integer variable is larger than its capacity, causing
an overflow. This overflow usually goes unseen and can cause incorrect calculations or if allocating a
buffer size is when they can become potentially dangerous thus creating a buffer overflow or memory
leak (Blexim., n.d.).

7. STACK OVERFLOW ATTACKS
 A Stack is a limited access data structure, following the LIFO (last in, first out) principle.
 Buffer overflows that are deliberately caused, also known as Attacking the Stack and Stack Smashing.
 An old and reliable way to gain un-authorized access to a computer.
 An attack is carried out is with a stack buffer being filled with more data than it can handle from an un-
authorized user causing Buffer Overflow at the Stack. Eventually executable code is injected into the stack
through this exploitation. Skilled attackers may be able to accomplish a variety of things including:
 Overwriting specific stack variables
 Overwriting stack return addresses
 Overwriting function pointers
 Overwriting local variables

8. VISUAL EXAMPLES OF ATTACKING THE STACK
(Du, W., 2017, p. 9)
(Du, W., 2017, p. 4)

9. HEAP OVERFLOW ATTACKS
 A Heap holds all the dynamically allocated memory which contains program data and heap-based
attacks target data in this open memory pool.
 Heap buffer overflows are not very different from stack buffer overflows. The heap’s buffer is also
allocated with a fixed size but in this case heap memory and can be attacked in a similar fashion as well.
A large string of code can be used to exceed this buffer limit and cause an overflow.
 Heap overflows are exploited by corrupting data in order to override internal structures such as linked
list pointers.

10. UNICODE OVERFLOW: ANSI VS UNICODE
 Windows introduced “code pages” by mapping ASCII and international language character sets to
specific code values. Many of these, including ASCII are considered single-bit character sets because
each character/letter can be represented by a single byte. (Czumak, 2014)
 In 1988 the Unicode standard was founded by Apple and Xerox to better accommodate languages with
large character sets, for example Japanese, Cyrillic, etc. Unicode is a two bit code that represents each
character in two bits. This provides a more efficient and standardized method to represent all the
international characters. (Czumak, 2014)

11. UNICODE OVERFLOW ATTACK
 Basically performed by inserting Unicode characters into an input that expect ASCII characters. While
ASCII only covers characters from Western languages, Unicode can create characters for almost every
written language on earth. Therefore, many Unicode characters are larger than the largest ASCII
character, resulting in a buffer overflow. (What is Buffer OVerflow?, 2020)

12. PROTECTING AGAINST BUFFER OVERFLOW ATTACKS
 There are several ways developers can mitigate buffer overflow attacks:
 Address space randomization
 Data execution prevention
 Write in languages that have built-in protection
New overflow vulnerabilities continue to be discovered by developers. When new vulnerabilities are discovered,
engineers need to patch the affected software.

13. CONCLUSION
 Buffer overflow is an anomaly that occurs when software writing data to a buffer overflows the buffer’s
capacity, resulting in adjacent memory locations being overwritten. (What is Buffer OVerflow?, 2020)
 Buffer overflows can be exploited by attackers with a goal of modifying a computer’s memory in order to
undermine or take control of program execution. (What is Buffer OVerflow?, 2020)
 Buffer overflow attacks can be mitigated by address space randomization and data execution prevention.
(What is Buffer OVerflow?, 2020)
 Many modern program languages have built-in features that help reduce the chances of buffer overflow.
(What is Buffer OVerflow?, 2020)

14. REFERENCES
 CloudFlare.com. (n.d.). What Is Buffer Overflow? Retrieved from
https://www.cloudflare.com/learning/security/threats/buffer-overflow/
 Blexim. (n.d.). Basic Integer Overflows. Retrieved from
https://www.cs.utexas.edu/~shmat/courses/cs380s_fall09/blexim.txt
 Czumak, M. (2014, September 3). Windows Exploit Development-Part 7 Unicode Buffer Overflows . Retrieved
from securitysift.com: https://www.securitysift.com/windows-exploit-development-part-7-
unicode-buffer-overflows/
 Du, W. (Ed.). (2017). Computer Security: A Hands-on Approach. Retrieved from
http://www.cis.syr.edu/ ~wedu/seed/Book/book_sample_buffer.pdf