河南中医药大学：《信息安全网络与网络安全》课程教学资源（英文讲稿）第03章 程序与编程 Programs and Programming

SECURITY IN COMPUTING FIETH EDITION Chapter 3: Programs and Programming 授课教师:高海波 可南中医药大学 信息管理与信息系统教研室 From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved

SECURITY IN COMPUTING, FIFTH EDITION Chapter 3: Programs and Programming From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 1 授课教师：高海波 河南中医药大学 信息管理与信息系统教研室

2 Objectives for Chapter 3 Learn about memory organization, buffer overflows and relevant countermeasures Common programming bugs, such as off-by-one errors, race conditions, and incomplete mediation Survey of past malware and malware capabilities Virus detection Tips for programmers on writing code for security From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved

Objectives for Chapter 3 • Learn about memory organization, buffer overflows, and relevant countermeasures • Common programming bugs, such as off-by-one errors, race conditions, and incomplete mediation • Survey of past malware and malware capabilities • Virus detection • Tips for programmers on writing code for security 2 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved

3 Memory Allocation High addresses Stack Heap Static data Code Low addresses From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved

Memory Allocation 3 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved

Data vs Instructions Store sum =7178 XIC0A Execute instruction Jump forward 10 bytes” Me From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved

Data vs. Instructions 4 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved

5 Memory Organization esses Stack Heap Local Data rogram Code System Data System Code ow addresses From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved

Memory Organization 5 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved

6 Buffer Overflows Occur when data is written beyond the space allocated for it, such as a 10th byte in a 9-byte array In a typical exploitable buffer overflow, an attacker's inputs are expected to go into regions of memory allocated for data but those inputs are instead allowed to overwrite memory holding executable code The trick for an attacker is finding buffer overflow opportunities that lead to overwritten memory being executed, and finding the right code to input From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved

Buffer Overflows • Occur when data is written beyond the space allocated for it, such as a 10th byte in a 9-byte array • In a typical exploitable buffer overflow, an attacker’s inputs are expected to go into regions of memory allocated for data, but those inputs are instead allowed to overwrite memory holding executable code • The trick for an attacker is finding buffer overflow opportunities that lead to overwritten memory being executed, and finding the right code to input 6 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved

7 How Buffer Overflows Happen char sample [10 int li for(i=0;i<=9;i++) sample[i] A sample[10] B From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved

How Buffer Overflows Happen char sample[10]; int i; for (i=0; i<=9; i++) sample[i] = ‘A’; sample[10] = ‘B’; 7 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved

8 Where a Buffer can Overflow Users Data Memory (a) Affects users data User's data User's Program Code AAAAAAJAJAAAB (b) Affects users code Users Data System Data (c) Affects system data Users Data System Program Code (d) Affects system code From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved

Where a Buffer Can Overflow 8 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved

9 The stack Stack P3 P2 Direction of growth P1 Prog Ctr Stack Ptr From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved

The Stack 9 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved

The stack after Procedure calls Procedure B Stack Procedure a P3 ca P2 call B P1 Prog ctr Stack ptr Procedure c P2 P1 Prog ctr Stack ptr From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved

The Stack after Procedure Calls 10 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved