Premium Essay

Nt1310 Unit 4.1 Analysis

Submitted By
Words 869
Pages 4
4 Effectiveness against attacks

To evaluate the effectiveness of data randomization at preventing attacks, we used a benchmark with synthetic exploits and several exploits of real vulnerabilities in existing programs. This section describes the programs and the vulnerabilities. Then it presents an analysis of the security afforded by data randomization.

4.1 Synthetic exploits

This benchmark has run the 18 control-data attacks that exploit buffer overflow vulnerabilities. The attacks are classified according to the technique they use to overwrite control-data, the location of the buffer they overflow, and the control-data they target. There are two techniques to overwrite control-data. The first overflows a buffer until the control-data is …show more content…
SQL server is a relational database from Microsoft that was infected by the infamous Slammer worm. The vulnerability exploited by Slammer causes sprintf to overflow a stack buffer. Data randomization prevents the attack because the wrapper for sprintf randomizes the data that overwrites the current stack frame, including the return address. This causes the server to exit when freeing a local variable that was overwritten. Should the return instruction be reached, the server would jump to an invalid program location and crash.

4.3 Real vulnerabilities

In our final experiment, we tested data randomization's ability to prevent attacks with a set of real vulnerabilities in real applications: SQL server, Ghttpd, Nullhttpd, and …show more content…
The vulnerability that we chose is a stack buffer overflow when logging GET requests inside a call to vsprintf. Data randomization prevents the attack because the wrapper for vsprintf randomizes the value written by the attacker into the return address, causing the server to crash when the return address is used.
Nullhttpd is another HTTP server. This server has a heap overflow vulnerability that can be exploited by sending HTTP POST requests with a negative content length field. These requests cause the server to allocate a heap buffer that is too small to hold the data in the request. While calling recv to read the POST data into the buffer, the server overwrites the heap management data structures maintained by the C library. This vulnerability can be exploited to overwrite arbitrary words in memory. We attacked NullHttpd using the technique described in [18]. The attack works by corrupting the CGI-BIN configuration string. This string identifies a directory holding programs that may be executed while processing HTTP requests. Therefore, by corrupting it, the attacker can force NullHttpd to run arbitrary pro-grams. This is a non-control-data attack because the attacker does not subvert the intended control-flow in the server. Data randomization prevents the attack because the wrapper for recv randomizes the values written over the heap management data structures. This causes the server to crash when the values are used.

Similar Documents

Premium Essay

Test

...ITT Technical Institute IS3340 Windows Security Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory Hours, 30 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisite: NT2580 Introduction to Information Security or equivalent Course Description: This course examines security implementations for a variety of Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program:    IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA    NT2580 NT2670  Introduction to  Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to  Security Auditing for Compliance Countermeasures Information Security Email and Web Services      NT1230 NT1330 Client-Server Client-Server  Networking I Networking II  IS3230 IS3350 NT1230 NT1330  Issues Client-Server Client-Server  SecurityContext in Legal Access Security Networking I Networking II   NT1110...

Words: 2305 - Pages: 10