Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
34 Cards in this Set
- Front
- Back
What are the two types of buffer over flow types |
•Stack (buffer) overflows •Heap overflows |
|
What is another related over flow type? |
-Array Indexing errors |
|
What is the Stack? (3) |
-AKA Call Stack -and area of memoery allocated to a program -holds data for active functions |
|
What is a Stack Frame? |
separate data stored for each program that relates to a function(Method) |
|
Where does the stack memory start being allocated? |
largest memory address of a program |
|
Which direction does the stack grow? |
Downwards |
|
what is the 4 parts of the stack frame |
-Paramaeter Values -Return Address -Saved Frame Pointer -Local Variable Values |
|
What are the two types of Pointers of the Stack? |
-Stack Pointer -Frame Pointer |
|
What is the Stack Pointer? |
Pointer that always points to the top of the stack(lowest Address) |
|
What is the Frame Pointer? |
Pointer that points to the function(method) that is being executed inside the stack |
|
What is one way of manipulating the Stack Frame to achieve harmful results |
-Change the return address section of the stack frame to an evil program! |
|
What are two real world examples of Stack overflow Exploits? |
-SQL Slammer Worm -SQL Server Vunerability |
|
When is the Heap used? |
During RUNTIME
|
|
Why should heap overruns be taken seriously(3) |
-developers dont pay attention to them while coding -no current tool to make heap overruns difficult -no OS to have non-executable heaps |
|
What are two Heap Overflow Examples(2) |
-Graphics Device Interface(JPEG vunerability) -IOS Jailbreaking |
|
How does IOS Jailbreaking work? |
Overflows the Heap to replace the O/S the Phone is running on |
|
What two types of Bufferoverflow security is there |
Prevention Protection |
|
What is Buferoverflow Prevention(3) |
-useing languages with bounds checking(JAVA) -Use safe libraries -Use safe functions |
|
What is Buffer overflow Protection(3) |
-PointGaurd(Encryption) -Non executable Memory -Address Space Layout Randomization(ASLR) |
|
What Are 3 ways to prevennt Buffer Overflow |
-Validate Input ALWAYS -Safe String handling -Use StrnCpy over STRCPY |
|
What are 5 ways buffer overflow happens |
-stack smashing -pointer subterfuge -Register attack -Index out of range -Heap overrun |
|
What is stack smashing? |
standard method of overflowing buffer to change functions return address |
|
What is Pointer Subterfuge |
overwriting local pointer so you can put data in a diff location |
|
What is a register attack |
Overwriting a stored value to later gain control ofa register |
|
What is index out of range |
manipulating an array index that is not range checked |
|
What is Heap Overrun? |
Getting the heap manager to do your evil bidding |
|
Why is C so vulnerable to Heap overflow(3) |
-Strings are represented as null terminated insted of bound pairs? -We use Von Nueman Architectures that store code and data in the same memory -Strings grow up and stacks grow down |
|
What are some protection Mechanisms(4) |
-Canary values on function Frames -Point Gaurd(Encryption on pointers) -Non executable memory(NEM) -Address Space Layout Randomization(ASLR) |
|
What is a canary Value |
add special bytes between variables and if these special bytes arent returns, error! |
|
What are the 3 types of canary types |
-Terminator -Random -Random XOR |
|
What is a Point Gaurd |
Encrypting all pointers inside of memory |
|
What is non executable memory |
-Technique to exclusively allocate Memory to code or data |
|
What is a type of hardware and software implementation(1 each) |
H/W----IA-64 Processor S/W------Data Execution prevention(DEP) |
|
What is Address Space Layout Randomization(ASLR) |
Technique to randomly assign locations of memory to code/data -has a small performace penalty |