南京大学：《软件安全 Software Security》课程教学资源（PPT课件讲稿）Software Security Overview

Software Security Overview Mao Bing Department of Computer Science NanJing University

Software Security Overview Mao Bing Department of Computer Science NanJing University

Outline ·Background 。 Software Security:Control-flow Hijack Attack Memory Layout,Stack frame,Procedure >Buffer Overflow:Vulnerability,Defenses RILC,Return-Oriented Programming ASLR CFI Software Security:Non-control Data Attack Data Oriented Programming ·Summary 2

2 Outline • Background • Software Security: Control-flow Hijack Attack ➢ Memory Layout , Stack frame, & Procedure ➢ Buffer Overflow: Vulnerability, & Defenses ➢ RILC, Return-Oriented Programming ➢ ASLR & CFI • Software Security: Non-control Data Attack ➢ Data Oriented Programming • Summary

Outline ·Background Software Security:Control-flow Hijack Attack Memory Layout,Stack frame,Procedure Buffer Overflow:Vulnerability,Defenses RILC,Return-Oriented Programming ASLR CFI Software Security:Non-control Data Attack Data Oriented Programming Summary 3

3 Outline • Background • Software Security: Control-flow Hijack Attack ➢ Memory Layout , Stack frame, & Procedure ➢ Buffer Overflow: Vulnerability, & Defenses ➢ RILC, Return-Oriented Programming ➢ ASLR & CFI • Software Security: Non-control Data Attack ➢ Data Oriented Programming • Summary

Computer Security Computer security,also known as cybersecurity or IT security,is the "...protection of information systems from theft(secrecy/confidentiality) or damage (integrity)to the 取7Y hardware,the software,and This picture is from http: to the information on them,..." //securitygem.com/home-security-reviews -Gasser,Morrie(1988)

4 Computer Security Computer security, also known as cybersecurity or IT security, is the “...protection of information systemsfrom theft(secrecy/confidentiality) or damage (integrity) to the hardware, the software, and to the information on them, ...” —Gasser, Morrie (1988)

How Many Vulnerabilities? 8,000 7,000 6,787 6,549 6,253 6.000 5,562 5,291 4.989 5.000 4,842 4.644. 4814 4.000 3.000 2.000 1.000 2006 2007 2008 2009 2010 2011 2012 2013 2014 Total Number of Vulnerabilities,2006-2014 Source:Symantec 5

5 How Many Vulnerabilities?

Before Morris Worm,Computer Security is: Encryption Decryption Access Control ·DAC ·MAC ·Logic Bomb Back Door 6

6 Before Morris Worm, Computer Security is: • Encryption & Decryption • Access Control • DAC • MAC • Logic Bomb • Back Door

Until 1988... Access Control Encryption Decryption Computer Security Logic Bomb Back Door

7 Until 1988… Access Control Encryption & Decryption Logic Bomb Back Door … Computer Security ≠

Morris Worm Author:Robert Tappan Morris Generating IP address(Randomly) Address detection Y Attack, Is the host Is the & real? Vulnerability Infection exist? N N 8

8 Morris Worm Generating IP address(Randomly) Address detection Is the host real? Is the Vulnerability exist? Attack, & Infection Y Y N N Author: Robert Tappan Morris

Morris Worm Vulnerability:Buffer Overflow Attack Infection Hijack control flow execute SHELLCODE Add the virus to the head or tail of the program 9

9 Morris Worm • Vulnerability: Buffer Overflow • Attack & Infection • Hijack control flow & execute SHELLCODE • Add the virus to the head or tail of the program

Effect of Morris Worm The U.S.Government Accountability Office put the cost of the damage at $100,000-10,000,000. Around 6,000 major UNIX machines were infected by the Morris worm(about 60,000 computers attached to the Internet). Prompted DARPA to fund the establishment of the CERT/CC at Carnegie Mellon University 10

10 Effect of Morris Worm • The U.S. Government Accountability Office put the cost of the damage at $100,000–10,000,000. • Around 6,000 major UNIX machines were infected by the Morris worm(about 60,000 computers attached to the Internet). • Prompted DARPA to fund the establishment of the CERT/CC at Carnegie Mellon University