5 \begin{document} |
5 \begin{document} |
6 |
6 |
7 \section*{Handout 3 (Buffer Overflow Attacks)} |
7 \section*{Handout 3 (Buffer Overflow Attacks)} |
8 |
8 |
9 By far the most popular attack method on computers are buffer |
9 By far the most popular attack method on computers are buffer |
10 overflow attacks or variations thereof. The popularity is |
10 overflow attacks or simple variations thereof. The popularity is |
11 unfortunate because we now have technology to prevent them |
11 unfortunate because we now have technology to prevent them |
12 effectively. But these kind of attacks are still very relevant |
12 effectively. But these kind of attacks are still very relevant |
13 even today since there are many legacy systems out there and |
13 even today since there are many legacy systems out there and |
14 also many modern embedded systems do not take any precautions |
14 also many modern embedded systems do not take any precautions |
15 to prevent such attacks. |
15 to prevent such attacks. |
16 |
16 |
17 To understand how buffer overflow attacks work we have to have |
17 To understand how buffer overflow attacks work, we have to have |
18 a look at how computers work ``under the hood'' (on the |
18 a look at how computers work ``under the hood'' (on the |
19 machine level) and also understand some aspects of the C/C++ |
19 machine level) and also understand some aspects of the C/C++ |
20 programming language. This might not be everyday fare for |
20 programming language. This might not be everyday fare for |
21 computer science students, but who said that criminal hackers |
21 computer science students, but who said that criminal hackers |
22 restrict themselves to everyday fare? Not to mention the |
22 restrict themselves to everyday fare? Not to mention the |
23 free-riding script-kiddies who use this technology without |
23 free-riding script-kiddies who use this technology without |
24 knowing what are the underlying ideas. |
24 even knowing what the underlying ideas are. |
25 |
25 |
26 For buffer overflow attacks to work, a number of innocent |
26 For buffer overflow attacks to work, a number of innocent |
27 design decisions, which are really benign on their own, need |
27 design decisions, which are really benign on their own, need |
28 to conspire against you. All these decisions were pretty much |
28 to conspire against you. All these decisions were pretty much |
29 taken in a time when there was no Internet: C was introduced |
29 taken at a time when there was no Internet: C was introduced |
30 around 1973, the Internet TCP/IP protocol was standardised in |
30 around 1973; the Internet TCP/IP protocol was standardised in |
31 1982 by which time there were maybe 500 servers connected |
31 1982 by which time there were maybe 500 servers connected (and |
32 worldwide (all users were well-behaved), Intel's first 8086 |
32 all users were well-behaved, mostly academics); Intel's first |
33 CPUs arrived around 1977. So nobody of the creators can |
33 8086 CPUs arrived around 1977. So nobody of the |
34 really be blamed, but as mentioned above we should already |
34 ``forefathers'' can really be blamed, but as mentioned above |
35 be way beyond the point that buffer overflow attacks are |
35 we should already be way beyond the point that buffer overflow |
36 worth a thought. Unfortunately this is far from the truth. I |
36 attacks are worth a thought. Unfortunately, this is far from |
37 let you think why? |
37 the truth. I let you think why? |
38 |
38 |
39 One such ``benign'' design decision is how the memory is laid |
39 One such ``benign'' design decision is how the memory is laid |
40 out into different regions for each process. |
40 out into different regions for each process. |
41 |
41 |
42 \begin{center} |
42 \begin{center} |