User Account

All Pages

What is Address Space Randomization

Assignment Help Computer Engineering
Reference no: EM133227692

Secure Software Systems Assignment - Lab in secure software systems

Lab - Buffer Overflow

Exercise: Buffer Overflow

The Buffer Overflow vulnerability has been discovered as early as 1972, and has long been among the most critical application security flaws. It is still very relevant today. This vulnerability happens when a program writes in a buffer, and overrunns its boundaries, writing in the adjacent memory locations. Because data (buffers) and control (return addresses) storage are mixed, buffer overflows can allow malicious users to execute arbitrary pieces of code, for example. In this lab, you will get an experience of this attack, and understand how it works.

1. Lab setup

1.1 Buffer overflows

(a) The program in Figure 1 contains a buffer overflow vulnerability. Locate the line where it occurs. Which simple countermeasures could one take to fix the code?

(b) Suppose that str is composed of 20 characters. Draw the stack frame for bof. Mark the direction in which the stack grows. In which direction does strcpy write? How does the program know where to continue executing when it finishes executing bof?

(c) What happens when str is composed of 517 characters? Draw the stack. What will the program do when it finishes executing bof?

(d) Draw what the stack should look like for a successful buffer overflow attack. Note that badfile is controlled by the user, and contains your shellcode, ie. The malicious code that you want executed.

1.2 gdb

For this lab, you will need to use a disassembler. gdb is installed on the Linux VM. You can also use other tools if you are more familiar with them, but this does not exempt you from gdb-specific questions.

Save the code in Figure 1. Compile it and run it with gdb. What are the commands for the following tasks:

(a) Run the program

(b) List the registers

(c) List the functions

(d) Print the assembly code for a function

(e) Set a breakpoint

(f) Print a stack frame

1.3 Ubuntu security mechanisms

In Linux, several security mechanisms are implemented to hamper buffer overflow attacks. We first need to disable them.

(a) What is Address Space Randomization? Briefly explain how this mechanism helps against buffer overflow attacks.

Disable ASR: sysctl -w kernel.randomize_va_space=0

(b) StackGuard is a protection mechanism implemented by the GCC compiler. This set of patches will prevent buffer overflows from working. Which gcc option allows to compile a program with StackGuard disabled?

(c) Ubuntu used to allow executable stacks but for security reasons, a program now has to declare whether it requires executable stacks or not. The decision of making the stack executable or not is taken by the Kernel or the dynamic linker. What is the gcc option to mark an executable's header with the executable stack flag? The non-executable flag?

2. Attack

2.1 Preparing the attack

(a) For a buffer overflow attack, you need a shellcode. The shellcode you will use is stored in the variable below. What does it do?

Verify that the shellcode works by running the main function. When compiling it, make sure to enable the require executable stack option.

(b) What are Set-UID programs? What are they typically used for? Which commands can be used to make a regular program a Set-UID program?

(c) For the exploit to work, you will also need vulnerable code. Save the code from Figure 1 in vulnerable.c. Compile it, making sure that StackGuard is disabled and executable stacks are required. Set the executable's owner as root and make it Set-UID program. If, from a normal user account, you run the vulnerable program, with which privileges will it run?

(d) The badfile is under control of the user. Imagine that the file contains your shellcode. What should happen when the vulnerable program is run?

2.2 Exploiting the vulnerability

(a) To make your exploit work, you need to craft a suitable badfile. Complete the following code snippet so that your exploit works in gdb. Join your code to your report and detail why and how you crafted your payload. Screenshots are welcome.

(b) Does your exploit work when running it outside of gdb? Why? What could you do so that it works?

(c) What is the user id of your new process? What should you change to get a real root process? Explain why.

3. Securities

3.1 Address Randomization

(a) Enable ASR: sysctl -w kernel.randomize_va_space=2. What should happen when you run the vulnerable program?

(b) Your program will not work every time you run it. Why? What can you do to get it to work more often?

3.2 StackGuard

Make sure ASR is disabled: sysctl -w kernel.randomize_va_space=0.

(a) Recompile your vulnerable program without the disabled StackGuard option. Does your exploit still work? Report your observations.

3.3 Non-executable Stack

Make sure ASR is disabled: sysctl -w kernel.randomize_va_space=0.

(a) Recompile your vulnerable program with the non-executable flag on. Does the exploit work? Report your observations.

(b) Does the non-executable stack protection mechanism prevent any buffer overflow attack from working? If yes, explain why. If no, give a short example of a working attack.

4. Conclusion

Summarize what you learnt about the Buffer Overflow attack. Include the following observations:

What is it? Why is it dangerous?

What are the requirements to launch such an attack? (outside of security mechanism concerns)

What are the current protections in Ubuntu against buffer overflows? Can they prevent any type of buffer overflow attack?

What should a developer be especially wary about in order to avoid such attacks?

Attachment:- Secure Software Systems Assignment File.rar

Reference no: EM133227692

Questions Cloud

Ethics codes apply to project selection-capital budgeting : How do ethics codes apply to project selection and capital budgeting? What are the potential risks to a company of unethical behaviors
Determine the geographic service area : Current Environmental Analysis - Determine the geographic service area. Analyze the competitors within that service area for strengths and vulnerabilities
Planning for retirement : Suppose that you are planning for retirement. You plan to work for 25 years. For the next 15 years, you can save $6,000 per year
Securities Exchange Act : The Securities Exchange Act of 1934 limits, but does not prohibit, corporate insiders from trading in their own firm's shares.
What is Address Space Randomization : CSCE 4565/5565 Secure Software Systems Assignment - Lab in secure software systems, University of North Texas - What is Address Space Randomization
Potential investment projects : Suppose that the firm you work for has placed you in charge of determining whether potential investment projects are worthwhile.
Examine trend in bank failures : Examine the trend in bank failures from 2006-2014. In which states did the most failures occur?
Aspiring entrepreneur : Jeff is an aspiring entrepreneur. His dream is to open a microwavable food company. Jeff has $ 100,000 in his bank account
Define the basic accounting equation : Define the basic accounting equation? Apply the basic accounting equation to your personal finances and share what that looks like

Reviews

Write a Review

Computer Engineering Questions & Answers

  Mathematics in computing

Binary search tree, and postorder and preorder traversal Determine the shortest path in Graph

  Ict governance

ICT is defined as the term of Information and communication technologies, it is diverse set of technical tools and resources used by the government agencies to communicate and produce, circulate, store, and manage all information.

  Implementation of memory management

Assignment covers the following eight topics and explore the implementation of memory management, processes and threads.

  Realize business and organizational data storage

Realize business and organizational data storage and fast access times are much more important than they have ever been. Compare and contrast magnetic tapes, magnetic disks, optical discs

  What is the protocol overhead

What are the advantages of using a compiled language over an interpreted one? Under what circumstances would you select to use an interpreted language?

  Implementation of memory management

Paper describes about memory management. How memory is used in executing programs and its critical support for applications.

  Define open and closed loop control systems

Define open and closed loop cotrol systems.Explain difference between time varying and time invariant control system wth suitable example.

  Prepare a proposal to deploy windows server

Prepare a proposal to deploy Windows Server onto an existing network based on the provided scenario.

  Security policy document project

Analyze security requirements and develop a security policy

  Write a procedure that produces independent stack objects

Write a procedure (make-stack) that produces independent stack objects, using a message-passing style, e.g.

  Define a suitable functional unit

Define a suitable functional unit for a comparative study between two different types of paint.

  Calculate yield to maturity and bond prices

Calculate yield to maturity (YTM) and bond prices

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd