To view a recording of this session Get Adobe Flash player

Prof. dr. ir. Frank PiessensFrank Piessens

Frank Piessens is a professor at the Department of Computer Science of the Katholieke Universiteit Leuven, Belgium. His research interests lie in software security, including security in operating systems and middleware, architectures, applications, Java and .NET, and software interfaces to security technologies.

He is an active participant in both fundamental research and industrial application-driven projects, provides consultancy to industry on distributed system security and serves on programme committees for various security-related international scientific conferences.

Frank teaches software security at the Katholieke Universiteit Leuven, and at various academic and industrial conferences.


description

C and C++ vulnerability exploits and countermeasures

Learning objectives

Understand

  • the risks associated with the use of unsafe programming languages such as C and C++
  • common attack techniques such as return address clobbering and indirect pointer overwriting
  • common defense techniques such as stack canaries and address space layout randomization

 

Overview

This module introduces common low-level security problems and solutions by example. Focusing on the C language, we discuss four common attack techniques that attackers can use to gain control over the execution of software:

  • Return address clobbering, where an attacker gains control by overwriting a return address on the stack
  • Function pointer overwrites, where an attacker redirects a function pointer to his own attack code
  • Return-to-libc attacks, where an attacker steers the execution of existing code in memory rather than injecting new code
  • Data-only attacks, where an attacker modifies critical data variables of the software under attack

 

We also discuss four practical examples of defense techniques. These are selected because of their good trade-off in effectiveness versus deployment and performance cost:

  • Stack canaries
  • Non-executable data memory
  • Control Flow Integrity, and
  • Address Space Layout Randomization.

 

The following paper is used as lecture notes for this module: Ulfar Erlingsson, Yves Younan, Frank Piessens, Low-level software security by example, Handbook of Information and Communication Security, pages 663-658, 2010.

Partners:

Solvay Brussels School of Economics and Management Katholieke Universiteit Leuven

Affiliated organizations:

OWASP NESSoS iMinds
Creative Commons

Contents of the secappdev.org website are licensed under a Creative Commons Attribution-NonCommercial 3.0 License.