Non-Stack Buffer Overflow and Pointer Subterfuge
|
|
- Millicent Mitchell
- 7 years ago
- Views:
Transcription
1 Non-Stack Buffer Overflow and Pointer Subterfuge Wei Wang 1
2 The Memory Layout of Process in Linux Kernel space kernel Objections Stack function related data Heap dynamically allocated memory Data segment global variables & constants Text segment code to execution High Addr Low Addr Kernel Space Environment Variables Program Arguments Stack Heap Data Segment Text (code) Segment 2
3 Like Any Other Data, Buffers do not Only Reside in Stack Buffers can reside in data section global buffers static local buffers of functions Buffers can reside in heap e.g., buffers allocated using malloc Similar to stack, buffer overflow can happen to the buffers in data section and heap as well 3
4 Heap Buffer Overflow: A Simple Example Considering the following code: int main(){ char *buff; char *FileName; buff=(void*)malloc(16); FileName=(void*)malloc(16); strcpy(filename, harmless.txt ); gets(buff); f = fopen(filename, r ); display(f); } return 0; 4
5 Heap Buffer Overflow: A Simple Example cont'd Two buffers buff and FileName are allocated dynamically with malloc. In memory, buff and FileName are next to each other buff some string FileName Harmless.txt gets(buff) has an buffer overflow vulnerability Overrun buff can write to FileName 5
6 Heap Buffer Overflow: A Simple Example cont'd The attacker can easily overrun buff and change the value of FileName Let's try it out 6
7 Heap Buffer Overflow: Arbitrary Memory Write In the above slide, there is gap between buff and FileName. What is in the gap? malloc breaks memory into chuncks The gap is the meta data of each chunk 7
8 Heap Buffer Overflow: Arbitrary Memory Write cont'd Meta data include: prev_size: size of previous chunk Size: size of this chunk PREV_INUSE: whether previous chunk in use fd, bk: forward and backward pointer; used by free chunks to link free chunks into linked-list size size prev_size fd bk Data (e.g., buff) prev_size fd bk PREV INUSE PREV INUSE Data (e.g., FileName) 8
9 Heap Buffer Overflow: Arbitrary Memory Write cont'd The fd and bk pointers links free chunks into a linked list for a fast allocation When free is called, malloc inserts freed chunk into the free linked list Malloc also tries to merge adjacent free chunks into one big free chunk This merge performs some memory writes based on fd and bk pointers. The merge function is call unlink 9
10 Heap Buffer Overflow: Arbitrary Memory Write cont'd The a heap buffer is overrun, the fd and bk pointers may be compromised. Attackers can change the fd and bk pointers to point to some memory they wants to write. The write will happen during free chunk merge, allowing arbitrary memory addressed to be written If interested, more details can be found at 10
11 Stack/Heap Buffer Overflow: In some extreme case, stack/heap buffer overflow can reach each other If interested, check this out: om/resources/misc- 2010/xorg-largememory-attacks.pdf Stack Heap 11
12 Data Section Buffer Overflow: A Simple Example Consider the following code int main(){ static char buff[16]; static char *FileName = harmless.txt ; gets(buff); f = fopen(filename, r ); display(f); } return 0; buff and FileName reside in data section. 12
13 Data Section Buffer Overflow: A Simple Example Similar to the heap buffer overflow example, buff and FileName are close to each other However, in this example, FileName is only a pointer (4-byte address value) buff FileName some string addr of a str Question: how to write the attack string? Assuming you know the address of buff and FileName Compare your attack string with my code example 13
14 Non-stack Buffer Overflow Summary Buffers can also reside in heap and data sections, in addition to stack Heap and data section buffer can be overrun and exploit as well Although heap and data section does not have return address, they are Sometime easier to attack Have other important data, e.g., malloc meta data 14
15 Pointer Subterfuge Consider the following code: int main(){ int *ptr = ; int val = ; char buf[16]; } gets(buf); *ptr = val; return 0; Overrun buf may change the values of both ptr and val, causing arbitrary memory write 15
16 Pointer Subterfuge cont'd Pointer subterfuge is an attack there deliberately modify the value of pointer Originally an attack to overcome stack protection techniques Pointer subterfuge is an powerful attack by itself 16
17 Pointer Subterfuge cont'd Some Pointers subterfuge attacks: Function pointer clobbering (function pointers) Data pointers modification (data pointers) May modify arbitrary memory, including return addres, PLT and GOT PLT: procedure linkage table (for dynamically linked functions) GOT: global offset table (for dynamically linked functions, external variables and position-independent-code) Attacker can change function addresses with in PLT and GOT VPTR smashing (C++ virtual pointers) Virtual pointer points to virtual method table (v-table) Can compromise v-table entries 17
Defense in Depth: Protecting Against Zero-Day Attacks
Defense in Depth: Protecting Against Zero-Day Attacks Chris McNab FIRST 16, Budapest 2004 Agenda Exploits through the ages Discussion of stack and heap overflows Common attack behavior Defense in depth
More informationBypassing Memory Protections: The Future of Exploitation
Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net About me Exploit development since 1999 Research into reliable exploitation techniques: Heap Feng Shui in JavaScript
More informationSoftware Vulnerabilities
Software Vulnerabilities -- stack overflow Code based security Code based security discusses typical vulnerabilities made by programmers that can be exploited by miscreants Implementing safe software in
More informationCS3235 - Computer Security Thirteenth topic: System attacks. defenses
Overflows... Security case studies CS3235 - Computer Security Thirteenth topic: System attacks and defenses Hugh Anderson National University of Singapore School of Computing March/April, 2016 Hugh Anderson
More informationStack Overflows. Mitchell Adair
Stack Overflows Mitchell Adair Outline Why? What? There once was a VM Virtual Memory Registers Stack stack1, stack2, stack3 Resources Why? Real problem Real money Real recognition Still prevalent Very
More informationPractical taint analysis for protecting buggy binaries
Practical taint analysis for protecting buggy binaries So your exploit beats ASLR/DEP? I don't care Erik Bosman Traditional Stack Smashing buf[16] GET / HTTP/1.100baseretnarg1arg2 Traditional
More informationSoftware security. Buffer overflow attacks SQL injections. Lecture 11 EIT060 Computer Security
Software security Buffer overflow attacks SQL injections Lecture 11 EIT060 Computer Security Buffer overflow attacks Buffer overrun is another common term Definition A condition at an interface under which
More informationUnix Security Technologies. Pete Markowsky <peterm[at] ccs.neu.edu>
Unix Security Technologies Pete Markowsky What is this about? The goal of this CPU/SWS are: Introduce you to classic vulnerabilities Get you to understand security advisories Make
More information風 水. Heap Feng Shui in JavaScript. Alexander Sotirov. asotirov@determina.com
風 水 Heap Feng Shui in JavaScript Alexander Sotirov asotirov@determina.com Black Hat Europe 2007 Introduction What is Heap Feng Shui? the ancient art of arranging heap blocks in order to redirect the program
More informationIntroduction to Information Security
Introduction to Information Security 0368-3065, Spring 2015 Lecture 1: Introduction, Control Hijacking (1/2) Eran Tromer Slides credit: Avishai Wool, Tel Aviv University 1 Administration Lecturer: Eran
More informationAdvanced IBM AIX Heap Exploitation. Tim Shelton V.P. Research & Development HAWK Network Defense, Inc. tshelton@hawkdefense.com
Advanced IBM AIX Heap Exploitation Tim Shelton V.P. Research & Development HAWK Network Defense, Inc. tshelton@hawkdefense.com Introduction Our society has become dependent on computers and network systems.
More informationOff-by-One exploitation tutorial
Off-by-One exploitation tutorial By Saif El-Sherei www.elsherei.com Introduction: I decided to get a bit more into Linux exploitation, so I thought it would be nice if I document this as a good friend
More informationAddress Obfuscation: an Efficient Approach to Combat a Broad Range of Memory Error Exploits
Address Obfuscation: an Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Department of Computer Science, Stony Brook University, Stony
More informationBetween Mutual Trust and Mutual Distrust: Practical Fine-grained Privilege Separation in Multithreaded Applications
Between Mutual Trust and Mutual Distrust: Practical Fine-grained Privilege Separation in Multithreaded Applications Jun Wang, Xi Xiong, Peng Liu Penn State Cyber Security Lab 1 An inherent security limitation
More informationChapter 15 Operating System Security
Operating Systems: Internals and Design Principles Chapter 15 Operating System Security Eighth Edition By William Stallings System Access Threats System access threats fall into two general categories:
More informationBuffer Overflows. Code Security: Buffer Overflows. Buffer Overflows are everywhere. 13 Buffer Overflow 12 Nov 2015
CSCD27 Computer and Network Security Code Security: Buffer Overflows 13 Buffer Overflow CSCD27 Computer and Network Security 1 Buffer Overflows Extremely common bug. First major exploit: 1988 Internet
More informationReturn-oriented programming without returns
Faculty of Computer Science Institute for System Architecture, Operating Systems Group Return-oriented programming without urns S. Checkoway, L. Davi, A. Dmitrienko, A. Sadeghi, H. Shacham, M. Winandy
More informationFormat string exploitation on windows Using Immunity Debugger / Python. By Abysssec Inc WwW.Abysssec.Com
Format string exploitation on windows Using Immunity Debugger / Python By Abysssec Inc WwW.Abysssec.Com For real beneficiary this post you should have few assembly knowledge and you should know about classic
More informationLinux Kernel. Security Report
Linux Kernel Security Report September 25 Authors: Andy Chou, Bryan Fulton and Seth Hallem Coverity has combined two years of analysis work carried out in a commercial setting at Coverity with four years
More informationBypassing Browser Memory Protections in Windows Vista
Bypassing Browser Memory Protections in Windows Vista Mark Dowd & Alexander Sotirov markdowd@au1.ibm.com alex@sotirov.net Setting back browser security by 10 years Part I: Introduction Thesis Introduction
More informationAn Implementation of a Tool to Detect Vulnerabilities in Coding C and C++
An Implementation of a Tool to Detect Vulnerabilities in Coding C and C++ GRADUATE PROJECT REPORT Submitted to the Faculty of The School of Engineering & Computing Sciences Texas A&M University-Corpus
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Program Security: Buffer Overflow 1 Buffer Overflow BO Basics Stack smashing Other buffer overflow
More informationExploits: XSS, SQLI, Buffer Overflow
Exploits: XSS, SQLI, Buffer Overflow These vulnerabilities continue to result in many active exploits. XSS Cross Site Scripting, comparable to XSRF, Cross Site Request Forgery. These vulnerabilities are
More informationImplementation Aspects of OO-Languages
1 Implementation Aspects of OO-Languages Allocation of space for data members: The space for data members is laid out the same way it is done for structures in C or other languages. Specifically: The data
More informationSome Anti-Worm Efforts at Microsoft. Acknowledgements
Some Anti-Worm Efforts at Microsoft Helen J. Wang System and Networking Research Group Microsoft Research Oct 29, 2004 1 Acknowledgements Matt Braverman, Opher Dubrovsky, John Dunagan, Louis Lafreniere,
More informationDesign of a secure system. Example: trusted OS. Bell-La Pdula Model. Evaluation: the orange book. Buffer Overflow Attacks
Stware Security Holes and Defenses Design a secure system Follows a ring design. Every object has an associated security attribute. Every subject has a security clearance. Least secure Highest security
More informationData Structure Reverse Engineering
Data Structure Reverse Engineering Digging for Data Structures Polymorphic Software with DSLR Scott Hand October 28 th, 2011 Outline 1 Digging for Data Structures Motivations Introduction Laika Details
More informationDefending Computer Networks Lecture 3: More On Vulnerabili3es. Stuart Staniford Adjunct Professor of Computer Science
Defending Computer Networks Lecture 3: More On Vulnerabili3es Stuart Staniford Adjunct Professor of Computer Science Enrollment Logis;cs Send request to cs- course- enroll@cornell.edu Cc me (sgs235@cornell.edu)
More informationA Security Assessment of the Minos Architecture
A Security Assessment of the Minos Architecture Jedidiah R. Crandall and Frederic T. Chong University of California at Davis Computer Science Department crandall, chong @cs.ucdavis.edu Abstract Minos is
More informationBuffer Overflows. Security 2011
Buffer Overflows Security 2011 Memory Organiza;on Topics Kernel organizes memory in pages Typically 4k bytes Processes operate in a Virtual Memory Space Mapped to real 4k pages Could live in RAM or be
More informationExploiting nginx chunked overflow bug, the undisclosed attack vector
Exploiting nginx chunked overflow bug, the undisclosed attack vector Long Le longld@vnsecurity.net About VNSECURITY.NET CLGT CTF team 2 VNSECURITY.NET In this talk Nginx brief introduction Nginx chunked
More informationSystem Calls Related to File Manipulation
KING FAHD UNIVERSITY OF PETROLEUM AND MINERALS Information and Computer Science Department ICS 431 Operating Systems Lab # 12 System Calls Related to File Manipulation Objective: In this lab we will be
More informationSecure Program Execution via Dynamic Information Flow Tracking
Secure Program Execution via Dynamic Information Flow Tracking G. Edward Suh, Jaewook Lee, Srinivas Devadas Computer Science and Artificial Intelligence Laboratory (CSAIL) Massachusetts Institute of Technology
More informationLecture 11 Doubly Linked Lists & Array of Linked Lists. Doubly Linked Lists
Lecture 11 Doubly Linked Lists & Array of Linked Lists In this lecture Doubly linked lists Array of Linked Lists Creating an Array of Linked Lists Representing a Sparse Matrix Defining a Node for a Sparse
More informationSegmentation and Fragmentation
Segmentation and Fragmentation Operating System Design MOSIG 1 Instructor: Arnaud Legrand Class Assistants: Benjamin Negrevergne, Sascha Hunold September 16, 2010 A. Legrand Segmentation and Fragmentation
More informationMSc Computer Science Dissertation
University of Oxford Computing Laboratory MSc Computer Science Dissertation Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities Author: Sean Heelan Supervisor: Dr. Daniel
More informationDynamic Behavior Analysis Using Binary Instrumentation
Dynamic Behavior Analysis Using Binary Instrumentation Jonathan Salwan jsalwan@quarkslab.com St'Hack Bordeaux France March 27 2015 Keywords: program analysis, DBI, DBA, Pin, concrete execution, symbolic
More informationAn Analysis of Address Space Layout Randomization on Windows Vista
ADVANCED THREAT RESEARCH 2007 Symantec Corporation 1 An Analysis of Address Space Layout Randomization on Windows Vista Ollie Whitehouse, Architect, Symantec Advanced Threat Research Abstract: Address
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 39 System Security Welcome
More informationECS 165B: Database System Implementa6on Lecture 2
ECS 165B: Database System Implementa6on Lecture 2 UC Davis, Spring 2011 Por6ons of slides based on earlier ones by Raghu Ramakrishnan, Johannes Gehrke, Jennifer Widom, Bertram Ludaescher, and Michael Gertz.
More informationReview and Exploit Neglected Attack Surface in ios 8. Tielei Wang, Hao Xu, Xiaobo Chen of TEAM PANGU
Review and Exploit Neglected Attack Surface in ios 8 Tielei Wang, Hao Xu, Xiaobo Chen of TEAM PANGU BlackHat 2015 Agenda ios Security Background Review of Attack Surfaces Fuzz More IOKit and MIG System
More informationSecuring software by enforcing data-flow integrity
Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro, Tim Harris Microsoft Research Cambridge University of Cambridge Software is vulnerable use of unsafe languages
More informationSystem Calls and Standard I/O
System Calls and Standard I/O Professor Jennifer Rexford http://www.cs.princeton.edu/~jrex 1 Goals of Today s Class System calls o How a user process contacts the Operating System o For advanced services
More informationERNW Newsletter 51 / September 2015
ERNW Newsletter 51 / September 2015 Playing With Fire: Attacking the FireEye MPS Date: 9/10/2015 Classification: Author(s): Public Felix Wilhelm TABLE OF CONTENT 1 MALWARE PROTECTION SYSTEM... 4 2 GAINING
More informationhttp://www.nologin.org Bypassing Windows Hardware-enforced Data Execution Prevention
http://www.nologin.org Bypassing Windows Hardware-enforced Data Execution Prevention Oct 2, 2005 skape mmiller@hick.org Skywing Skywing@valhallalegends.com One of the big changes that Microsoft introduced
More informationHow to Sandbox IIS Automatically without 0 False Positive and Negative
How to Sandbox IIS Automatically without 0 False Positive and Negative Professor Tzi-cker Chiueh Computer Science Department Stony Brook University chiueh@cs.sunysb.edu 2/8/06 Blackhat Federal 2006 1 Big
More informationA Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention
A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention John Wilander and Mariam Kamkar Dept. of Computer and Information Science, Linköpings universitet johwi, marka @ida.liu.se
More informationCataloguing and Avoiding the Buffer Overflow Attacks in Network Operating Systems
Abstract: Cataloguing and Avoiding the Buffer Overflow Attacks in Network Operating Systems *P.VADIVELMURUGAN #K.ALAGARSAMY *Research Scholar, Department of Computer Center, Madurai Kamaraj University,
More informationCVE-2012-1535 Adobe Flash Player Integer Overflow Vulnerability Analysis
Your texte here. CVE-2012-1535 Adobe Flash Player Integer Overflow Vulnerability Analysis October 11 th, 2012 Brian MARIANI & Frédéric BOURLA A FEW WORDS ABOUT FLASH PLAYER Your Adobe texte Flash here
More informationI Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation. Mathias Payer, ETH Zurich
I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation Mathias Payer, ETH Zurich Motivation Applications often vulnerable to security exploits Solution: restrict application
More information1) The postfix expression for the infix expression A+B*(C+D)/F+D*E is ABCD+*F/DE*++
Answer the following 1) The postfix expression for the infix expression A+B*(C+D)/F+D*E is ABCD+*F/DE*++ 2) Which data structure is needed to convert infix notations to postfix notations? Stack 3) The
More informationLecture 10: Dynamic Memory Allocation 1: Into the jaws of malloc()
CS61: Systems Programming and Machine Organization Harvard University, Fall 2009 Lecture 10: Dynamic Memory Allocation 1: Into the jaws of malloc() Prof. Matt Welsh October 6, 2009 Topics for today Dynamic
More informationCS5460: Operating Systems
CS5460: Operating Systems Lecture 13: Memory Management (Chapter 8) Where are we? Basic OS structure, HW/SW interface, interrupts, scheduling Concurrency Memory management Storage management Other topics
More informationCOS 318: Operating Systems
COS 318: Operating Systems OS Structures and System Calls Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Outline Protection mechanisms
More informationLinux/UNIX System Programming. POSIX Shared Memory. Michael Kerrisk, man7.org c 2015. February 2015
Linux/UNIX System Programming POSIX Shared Memory Michael Kerrisk, man7.org c 2015 February 2015 Outline 22 POSIX Shared Memory 22-1 22.1 Overview 22-3 22.2 Creating and opening shared memory objects 22-10
More informationEECS 354 Network Security. Introduction
EECS 354 Network Security Introduction Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how to think like an attacker Defense then becomes second-nature
More informationBetriebssysteme KU Security
Betriebssysteme KU Security IAIK Graz University of Technology 1 1. Drivers 2. Security - The simple stuff 3. Code injection attacks 4. Side-channel attacks 2 1. Drivers 2. Security - The simple stuff
More informationComputer security Lecture 06
Computer security Lecture 06 Database security, Software security Jonathan Jogenfors Database security as compared to OS security Operating systems manage data Users create, read, write, and delete data
More informationLeak Check Version 2.1 for Linux TM
Leak Check Version 2.1 for Linux TM User s Guide Including Leak Analyzer For x86 Servers Document Number DLC20-L-021-1 Copyright 2003-2009 Dynamic Memory Solutions LLC www.dynamic-memory.com Notices Information
More informationCSC 405 Introduction to Computer Security
CSC 405 Introduction to Computer Security Topic 3. Program Security -- Part II CSC 405 Dr. Peng Ning 1 Targeted Malicious Code General purpose malicious code Affect users and machines indiscriminately
More informationumps software development
Laboratorio di Sistemi Operativi Anno Accademico 2006-2007 Software Development with umps Part 2 Mauro Morsiani Software development with umps architecture: Assembly language development is cumbersome:
More informationLaboratorio di Sistemi Operativi Anno Accademico 2009-2010
Laboratorio di Sistemi Operativi Anno Accademico 2009-2010 Software Development with umps Part 2 Mauro Morsiani Copyright Permission is granted to copy, distribute and/or modify this document under the
More informationExceptions in MIPS. know the exception mechanism in MIPS be able to write a simple exception handler for a MIPS machine
7 Objectives After completing this lab you will: know the exception mechanism in MIPS be able to write a simple exception handler for a MIPS machine Introduction Branches and jumps provide ways to change
More informationHotpatching and the Rise of Third-Party Patches
Hotpatching and the Rise of Third-Party Patches Alexander Sotirov asotirov@determina.com BlackHat USA 2006 Overview In the next one hour, we will cover: Third-party security patches _ recent developments
More informationHeartbleed. or: I read the news, too. Martin R. Albrecht. Information Security Group, Royal Holloway, University of London
Heartbleed or: I read the news, too Martin R. Albrecht Information Security Group, Royal Holloway, University of London XKCD #1354 XKCD #1354 XKCD #1354 XKCD #1354 XKCD #1354 XKCD #1354 RFC 6520: Transport
More informationAn Attack Simulator for Systematically Testing Program-based Security Mechanisms
An Attack Simulator for Systematically Testing Program-based Security Mechanisms Ben Breech Computer and Info Sciences University of Delaware Newark, DE 19716 breech@cis.udel.edu Mike Tegtmeyer Army Research
More informationKernel Intrusion Detection System
Kernel Intrusion Detection System Rodrigo Rubira Branco rodrigo@kernelhacking.com rodrigo@risesecurity.org Monica's Team!! Brazilian famous H.Q. story Amazon Forest Yeah, Brazilian country! Soccer Brazilian
More informationMemory Management CS 217. Two programs can t control all of memory simultaneously
Memory Management CS 217 Memory Management Problem 1: Two programs can t control all of memory simultaneously Problem 2: One program shouldn t be allowed to access/change the memory of another program
More informationOperating Systems and Networks
recap Operating Systems and Networks How OS manages multiple tasks Virtual memory Brief Linux demo Lecture 04: Introduction to OS-part 3 Behzad Bordbar 47 48 Contents Dual mode API to wrap system calls
More informationCSE 211: Data Structures Lecture Notes VII
CSE 211: Data Structures Lecture Notes VII LINKED LISTS In the previous lectures we have seen the representation of ordered lists using an array and sequential mapping. These representations had the property
More informationIntroduction. Figure 1 Schema of DarunGrim2
Reversing Microsoft patches to reveal vulnerable code Harsimran Walia Computer Security Enthusiast 2011 Abstract The paper would try to reveal the vulnerable code for a particular disclosed vulnerability,
More informationCoverity White Paper. Reduce Your Costs: Eliminate Critical Security Vulnerabilities with Development Testing
Reduce Your Costs: Eliminate Critical Security Vulnerabilities with Development Testing The Stakes Are Rising Security breaches in software and mobile devices are making headline news and costing companies
More informationIllustration 1: Diagram of program function and data flow
The contract called for creation of a random access database of plumbing shops within the near perimeter of FIU Engineering school. The database features a rating number from 1-10 to offer a guideline
More informationIntegrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com
SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration
More informationMPI-Checker Static Analysis for MPI
MPI-Checker Static Analysis for MPI Alexander Droste, Michael Kuhn, Thomas Ludwig November 15, 2015 Motivation 2 / 39 Why is runtime analysis in HPC challenging? Large amount of resources are used State
More informationShort Notes on Dynamic Memory Allocation, Pointer and Data Structure
Short Notes on Dynamic Memory Allocation, Pointer and Data Structure 1 Dynamic Memory Allocation in C/C++ Motivation /* a[100] vs. *b or *c */ Func(int array_size) double k, a[100], *b, *c; b = (double
More informationGSM. Global System for Mobile Communications, 1992. Security in mobile phones. System used all over the world. Sikkerhed04, Aften Trusler
GSM Global System for Mobile Communications, 1992 Security in mobile phones System used all over the world 1 GSM: Threat Model What Cloning Eavesdropping Tracking Who Criminals Secret Services Why Break
More informationLab 4: Socket Programming: netcat part
Lab 4: Socket Programming: netcat part Overview The goal of this lab is to familiarize yourself with application level programming with sockets, specifically stream or TCP sockets, by implementing a client/server
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security
More informationesrever gnireenigne tfosorcim seiranib
esrever gnireenigne tfosorcim seiranib Alexander Sotirov asotirov@determina.com CanSecWest / core06 Reverse Engineering Microsoft Binaries Alexander Sotirov asotirov@determina.com CanSecWest / core06 Overview
More informationPrinciples of Database Management Systems. Overview. Principles of Data Layout. Topic for today. "Executive Summary": here.
Topic for today Principles of Database Management Systems Pekka Kilpeläinen (after Stanford CS245 slide originals by Hector Garcia-Molina, Jeff Ullman and Jennifer Widom) How to represent data on disk
More informationOrganization of Records in Blocks
Organization of Records in Blocks Read Sec. 4.2 Riguzzi et al. Sistemi Informativi Slides derived from those by Hector Garcia-Molina 1 Topic How to lay out records on blocks 2 To represent: Integer (short):
More informationLow-level Software Security: Attacks and Defenses
Low-level Software Security: Attacks and Defenses Úlfar Erlingsson Microsoft Research, Silicon Valley and Reykjavík University, Iceland November, 2007 MSR-TR-07-153 Microsoft Research Microsoft Corporation
More informationWindows Phone 7 Internals and Exploitability
Windows Phone 7 Internals and Exploitability (abridged white paper) Tsukasa Oi Research Engineer 目 次 1. Abstract... 3 2. Introduction: Windows Phone 7 and Analysis... 3 3. Security Analysis Windows Phone
More informationSecurity types to the rescue
Security types to the rescue p. 1 Security types to the rescue David Wagner and Rob Johnson {daw,rtjohnso}@cs.berkeley.edu University of California, Berkeley Security types to the rescue p. 2 Problem statement
More informationNDK: NOVELL NSS AUDIT
www.novell.com/documentation NDK: NOVELL NSS AUDIT Developer Kit August 2015 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation,
More informationJonathan Worthington Scarborough Linux User Group
Jonathan Worthington Scarborough Linux User Group Introduction What does a Virtual Machine do? Hides away the details of the hardware platform and operating system. Defines a common set of instructions.
More informationModern Binary Exploitation Course Syllabus
Modern Binary Exploitation Course Syllabus Course Information Course Title: Modern Binary Exploitation Course Number: CSCI 4968 Credit Hours: 4 Semester / Year: Spring 2015 Meeting Days: Tuesday/Friday
More informationProject 4 DB A Simple database program
Project 4 DB A Simple database program Due Date April (Friday) Before Starting the Project Read this entire project description before starting Learning Objectives After completing this project you should
More informationMWR InfoSecurity Advisory. Interwoven Worksite ActiveX Control Remote Code Execution. 10 th March 2008. Contents
Contents MWR InfoSecurity Advisory Interwoven Worksite ActiveX Control Remote Code Execution 10 th March 2008 2008-03-10 Page 1 of 9 Contents Contents 1 Detailed Vulnerability Description...5 1.1 Introduction...5
More informationSYMANTEC ADVANCED THREAT RESEARCH. An Analysis of Address Space Layout Randomization on Windows Vista
SYMANTEC ADVANCED THREAT RESEARCH An Analysis of Address Space Layout Randomization on Windows Vista Ollie Whitehouse, Architect, Symantec Advanced Threat Research Symantec Advanced Threat Research An
More informationQuiz I Solutions MASSACHUSETTS INSTITUTE OF TECHNOLOGY. 6.858 Fall 2012. Department of Electrical Engineering and Computer Science
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2012 Quiz I Solutions 30 Grade for q1 25 20 15 10 5 0 0 10 20 30 40 50 60 70 80 90 100 Histogram
More informationSecuring software by enforcing data-flow integrity
Securing software by enforcing data-flow integrity Miguel Castro Microsoft Research Manuel Costa Microsoft Research University of Cambridge Tim Harris Microsoft Research Abstract Software attacks often
More informationData Structures and Algorithms Lists
Data Structures and Algorithms Lists Chris Brooks Department of Computer Science University of San Francisco Department of Computer Science University of San Francisco p.1/19 5-0: Abstract Data Types An
More information============================================================= =============================================================
Stephan Lantos Subject: FW: @RISK: The Consensus Security Vulnerability Alert: Vol. 13, Num. 23 In partnership with SANS and Sourcefire, Qualys is pleased to provide you with the @RISK Newsletter. This
More informationCopyright 2007 Ramez Elmasri and Shamkant B. Navathe. Slide 13-1
Slide 13-1 Chapter 13 Disk Storage, Basic File Structures, and Hashing Chapter Outline Disk Storage Devices Files of Records Operations on Files Unordered Files Ordered Files Hashed Files Dynamic and Extendible
More informationWorking with Buffers
University Hamburg Department of Informatics Scientific Computing Research Group Working with Buffers Seminar Paper Seminar Efficient Programming in C Christoph Brauer 0brauer@informatik.uni-hamburg.de
More informationMemory Allocation. Static Allocation. Dynamic Allocation. Memory Management. Dynamic Allocation. Dynamic Storage Allocation
Dynamic Storage Allocation CS 44 Operating Systems Fall 5 Presented By Vibha Prasad Memory Allocation Static Allocation (fixed in size) Sometimes we create data structures that are fixed and don t need
More informationDynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software James Newsome jnewsome@ece.cmu.edu Carnegie Mellon University Abstract Software vulnerabilities
More information