software vulnerability (2)
TRANSCRIPT
![Page 1: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/1.jpg)
1
Software Vulnerability
A. Gholami && M. Khajavi
![Page 2: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/2.jpg)
2
• Vulnerability o Intersectiono Managemento Classificationo V-Window
• ISO 27K
• Definitionso Open Groupo ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
VulnerabilitySystem
InformationAttacker
Attack Surface
![Page 3: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/3.jpg)
3
• Vulnerability o Intersectiono Managemento Classificationo V-Window
• ISO 27K
• Definitionso Open Groupo ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
SystemFlaw
AttackerAccess
AttackerCapability
Vulnerability
![Page 4: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/4.jpg)
4
• Vulnerability Intersectiono Managemento Classificationo V-Window
• ISO 27K
• Definitionso Open Groupo ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
IdentifyingMitigatingRemediatingClassifying
![Page 5: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/5.jpg)
5
• Vulnerability Intersection Managemento Classificationo V-Window
• ISO 27K
• Definitionso Open Groupo ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
• Humidity• Dust• Unprotected Storage
Hardware
• Insufficient Testing• Lack Of Audit TrailSoftware
• Unprotected Communication Lines• Insecure Network ArchitectureNetwork
• Inadequate Security Awareness• Inadequate Recruiting ProcessPersonnel
![Page 6: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/6.jpg)
6
• Vulnerability Intersection Management Classificationo V-Window
• ISO 27K
• Definitionso Open Groupo ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
Access is removed A security fix is deployed The attacker is disabled
![Page 7: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/7.jpg)
7
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitionso Open Groupo ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
• Deliberate Risk Taking• Organizations are encouraged
to assess the security risks
ISO 27000ISO
International Standard Organization
![Page 8: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/8.jpg)
8
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitionso Open Groupo ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
Open Group
IBM
Oracle
ETC.
% (Threat Capability) > % (Resistance)
![Page 9: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/9.jpg)
9
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Groupo ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
ENISA
European
Network
Information
Security
Agency
Design error compromising the security of the system.
![Page 10: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/10.jpg)
10
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
?Buffer
![Page 11: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/11.jpg)
11
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
Buffer zone?? [region separating two areas]
Buffer gas? [non flammable gas]
Buffer solution!? [controlling the Ph.]
Buffer
Compute
r Science
Data Buffer
![Page 12: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/12.jpg)
12
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
Data buffer(computer science)
Area 1 Area 2Buffer storage is limited!
Input Device
[mouse]Keyboard][electronic
chipset data]
MemoryHard Disk Storage
![Page 13: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/13.jpg)
13
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
![Page 14: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/14.jpg)
14
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
Insufficient bounds checking
Getting input data
Copying data from one buffer to another
![Page 15: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/15.jpg)
15
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
First Examplechar A[8] = "";unsigned short B = 1979;
strcpy (A, "excessive");
![Page 16: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/16.jpg)
16
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
Solution for boundary overrunning
Bounds Checking!
strncpy (A, "excessive", sizeof(A));
![Page 17: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/17.jpg)
17
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
Second Exampleint main(){ char buff[3]; int pass = 0;
printf("\n Enter the password : \n"); gets(buff);
if(strcmp(buff, “Khu")) printf ("\n Wrong Password \n"); else{ printf ("\n Correct Password \n"); pass = 1; } if(pass) { /* Now Give root or admin rights to user*/ printf ("\n Root privileges given to the user \n"); } return 0;}
![Page 18: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/18.jpg)
18
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
Let’s the run the program with correct password ‘Khu’ :
Enter the password:KhuCorrect Password
Root privileges given to the user
![Page 19: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/19.jpg)
19
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
gets() function does checkthe array bounds
Enter the password:Tes
Root privileges given to the user
t
NOT
Wrong Password
![Page 20: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/20.jpg)
20
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
Call Stack
![Page 21: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/21.jpg)
21
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
An Example
![Page 22: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/22.jpg)
22
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stacko Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
Another Example
![Page 23: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/23.jpg)
23
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stack Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
If the call stack pointer exceeds the stack bound
Stack Overflow
![Page 24: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/24.jpg)
24
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stack Structure
• Stack Overflowo Infinite Recursion
o Tail Call Optimization
Call stack size
Programming Language
Machine Architecture
Available Memory
![Page 25: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/25.jpg)
25
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stack Structure
• Stack Overflow Infinite Recursion
o Tail Call Optimization
int function(){ function(); return 0;}
Infinite recursion
Each address
Special case in recursion also called “tail recursive”
On The Stack 4 bytes
![Page 26: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/26.jpg)
26
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stack Structure
• Stack Overflow Infinite Recursion
o Tail Call Optimization
If a function
Returns the result of
calling itself
As its last operation
Tail recursion
![Page 27: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/27.jpg)
27
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stack Structure
• Stack Overflow Infinite Recursion
o Tail Call Optimization
Exampleunsigned fac_tailrec (unsigned acc, unsigned n){ if (n < 2) return acc; return fac_tailrec (n * acc, n - 1);}
unsigned fac_tailrec (unsigned acc, unsigned n){TOP: if (n < 2) return acc; acc = n * acc; n = n - 1; goto TOP;}
![Page 28: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/28.jpg)
28
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stack Structure
• Stack Overflow Infinite Recursion
o Tail Call Optimization
Let’s make it clear ;)unsigned fac (unsigned n){ unsigned acc = 1;
for (true ; n > 1 ; --n) acc *= n;
return acc;}
![Page 29: Software Vulnerability (2)](https://reader036.vdocuments.us/reader036/viewer/2022062823/587431761a28ab72188b7a13/html5/thumbnails/29.jpg)
29
• Vulnerability Intersection Management Classification V-Window
• ISO 27K
• Definitions Open Group ENISA
• Buffer Overflow
• Call Stack Structure
• Stack Overflow Infinite Recursion
Tail Call Optimization
Finished, We Guess!