Software Security - Other Attacks and Defenses
Email this Mix
Tags: Software Engineering
Slide 1 - Software Security: Other Attacks and Defenses
- Emerson Murphy-Hill
Slide 2 - Buffer Overflow Attacks
- Condition: A buffer overflow attack occurs when software permits read or write operations on memory located outside of an allocated range.
- If the attacker can overwrite a pointer's worth of memory (usually 32 or 64 bits), he can redirect a function pointer to his own malicious code. Even when the attacker can only modify a single byte, arbitrary code execution can be possible.
- An attacker may be able to access/modify sensitive information, cause the system to crash, alter the intended control flow, or execute arbitrary code.
Slide 3 - Basic buffer overflow
Slide 4 - Specific Solutions
- Use a language with built-in bounds checks
- Use safe(r) libraries
- Divide data memory from instruction memory
- Address space randomization
Slide 5 - A General Solution: Validating Input
- Black list: a list of input types that are expressly forbidden from being used as input into a program
- This list is infinite
- White list: a list of input types that are expressly allowed to be used as input into a program
- Generally expressed as a finite list of regular expressions
- Input validation must (also) be server side
Slide 6 - URL Jumping
- Checkout … then Delivery info … without paying?
Slide 7 - A general problem: Insufficient logging
- When security-critical events are not logged properly, such as a failed login attempt, this can make malicious behavior more difficult to detect and may hinder forensic analysis after an attack succeeds.
- Sufficient data should be logged to enable system administrators to detect attacks, diagnose errors, and recover from attacks.
Slide 8 - Solution: Log Files
- Logs should be written so that the log file attributes are such that only new information can be written (older records cannot be rewritten or deleted).
- Logs should also be written to a write once / read many device such as a CD-R.
- Copies of log files should be made at regular intervals .
- Log files should be copied and moved to permanent storage and incorporated into the organization's overall backup