343 \end{textblock}} |
343 \end{textblock}} |
344 |
344 |
345 \only<2>{ |
345 \only<2>{ |
346 \begin{textblock}{7}(5,8) |
346 \begin{textblock}{7}(5,8) |
347 \footnotesize |
347 \footnotesize |
348 \lstinputlisting[language=C,xleftmargin=5mm,numbers=none]{../progs/example1a.s} |
348 \lstinputlisting[language={[x86masm]Assembler},morekeywords={movl},xleftmargin=5mm,numbers=none]{../progs/example1a.s} |
349 \end{textblock}} |
349 \end{textblock}} |
350 |
350 |
351 \only<3>{ |
351 \only<3>{ |
352 \begin{textblock}{7}(5,8) |
352 \begin{textblock}{7}(5,8) |
353 \footnotesize |
353 \footnotesize |
354 \lstinputlisting[language=C,xleftmargin=5mm,numbers=none]{../progs/example1b.s} |
354 \lstinputlisting[language={[x86masm]Assembler},morekeywords={movl,movw},xleftmargin=5mm,numbers=none]{../progs/example1b.s} |
355 \end{textblock}} |
355 \end{textblock}} |
356 |
356 |
357 \end{frame} |
357 \end{frame} |
358 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
358 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
359 |
359 |
497 \begin{frame}[c] |
497 \begin{frame}[c] |
498 \frametitle{\begin{tabular}{c}Protections against\\ Buffer Overflow Attacks\end{tabular}} |
498 \frametitle{\begin{tabular}{c}Protections against\\ Buffer Overflow Attacks\end{tabular}} |
499 |
499 |
500 \begin{itemize} |
500 \begin{itemize} |
501 \item use safe library functions |
501 \item use safe library functions |
502 \item stack caneries |
502 \item stack canaries |
503 \item ensure stack data is not executable (can be defeated) |
503 \item ensure stack data is not executable (can be defeated) |
504 \item address space randomisation (makes one-size-fits-all more difficult) |
504 \item address space randomisation (makes one-size-fits-all more difficult) |
505 \item choice of programming language (one of the selling points of Java) |
505 \item choice of programming language (one of the selling points of Java) |
506 |
506 \end{itemize} |
507 \end{itemize} |
507 |
508 |
508 \only<2>{ |
|
509 \begin{textblock}{7}(6,1) |
|
510 \begin{bubble}[5cm] |
|
511 \begin{tabular}{cp{2cm}} |
|
512 \begin{tikzpicture}[baseline=40mm,scale=0.8] |
|
513 %\draw[step=1cm] (-3,-1) grid (3,8); |
|
514 \draw[gray!20,fill=gray!20] (-1, 0) rectangle (1,-1); |
|
515 \draw[line width=1mm] (-1,-1.2) -- (-1,7.4); |
|
516 \draw[line width=1mm] ( 1,-1.2) -- ( 1,7.4); |
|
517 \draw (0,-1) node[anchor=south] {\tt main}; |
|
518 \draw[line width=1mm] (-1,0) -- (1,0); |
|
519 \draw (0,0) node[anchor=south] {\tt arg$_3$=3}; |
|
520 \draw[line width=1mm] (-1,1) -- (1,1); |
|
521 \draw (0,1) node[anchor=south] {\tt arg$_2$=2}; |
|
522 \draw[line width=1mm] (-1,2) -- (1,2); |
|
523 \draw (0,2) node[anchor=south] {\tt arg$_1$=1}; |
|
524 \draw[line width=1mm] (-1,3) -- (1,3); |
|
525 \draw (0,3.1) node[anchor=south] {\tt ret}; |
|
526 \draw[line width=1mm] (-1,4) -- (1,4); |
|
527 \draw (0,4) node[anchor=south] {\small\tt last sp}; |
|
528 \draw[line width=1mm] (-1,5) -- (1,5); |
|
529 \draw (0,5) node[anchor=south] {\tt\small\alert{\textbf{random}}}; |
|
530 \draw[line width=1mm] (-1,6) -- (1,6); |
|
531 \draw (0,6) node[anchor=south] {\tt buf}; |
|
532 \draw[line width=1mm] (-1,7) -- (1,7); |
|
533 \end{tikzpicture} & |
|
534 canary: a random value after the local variables |
|
535 \end{tabular} |
|
536 \end{bubble} |
|
537 \end{textblock}} |
|
538 |
|
539 |
509 \end{frame} |
540 \end{frame} |
510 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
541 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
511 |
542 |
512 |
543 |
513 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
544 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |