A buffer overflow
results from programming errors and testing failures and is common to
all operating systems. These flaws permit attacking programs to gain
control over other computers by sending long strings with certain patterns
of data. Over half of the security advisories from CERT, e.g. the August 2001 "Code Red", trace to
this widespread weakness of the software industry. This module of Java
applets is developed to educate student and industrial programmers to
avoid the practices that cause buffer overflows as one step controlling
the continuing effects of this avoidable problem.
Funding Source:
NSF Award No. 0113627, "Increasing
Security Expertise in Aviation-oriented Computing Education: A Modular
Approach", at Embry-Riddle Aeronautical University in Prescott,
Arizona.
This module is
still in progress with additional educational evaluation and technical
content to be added. As is, the module may be used by an instructor
knowledgeable about runtime envrionments and C programming in classes
such as: operating systems, C/C++ and assembly programming, compiler
and software tools, surveys of programming languages, and computer security.
Contacts:
For questions, comments, or source code for the buffer overflow module,
Jed Crandall. General comments
and feedback to Dr. Susan Gerhart.
Background reading:
For basic prerequisuite knowledge of buffer overflows a good reading
is http://www.rsasecurity.com/rsalabs/technotes/buffer/buffer_overflow.html.
Module Structure:
Each module uses an abstract machine with a small memory (on the right)
showing the run-time stack.
For the abstract
machine, there are some assumptions the user should be made aware of.
(1) all library functions, such as gets() and puts(), are compiled inline
and therefore don't require a function call, (2) allocation for a function's
parameters and for its local variables takes place at the same time,
and the return address is put on the stack last, (3) the stack grows
"up" in memory, (4) it does not necessarily reflect the workings of
any architecture or C compiler.
Module Applets:
Each applet requires Java 1.3 plug-in. Click the animation buttons at
the top.
- Jumps:
An introduction to the way languages like C use stack frames to store
local variables, pass variables from function to function by value
and by reference, and also return control to the calling subroutine
when the called subroutine exits. This uses pseudocode in the place of C.
- Stacks:
The same as above but using C instead of pseudocode.
- Spock:
Demonstrates what is commonly called a "variable attack" buffer overflow,
where the target is data.
- Smasher:
Demonstrates a "stack attack," more commonly refered to as "stack
smashing."
- StackGuard:
This demo shows how the StackGaurd compiler can help prevent "stack
attacks."
- bodemo:
This is a mock attack on a linux system demonstrating how an attacker
can get a root shell.
- its4demo:
Shows the output of ITS4, a static analyzer, on two different C programs.