Stack Smashing Defense: A Buffer Overflow Lab Exercise
According to statistics from Carnegie Mellon’s Computer Emergency Response Team, buffer overflow vulnerabilities accounted for about 50% of all reported security vulnerabilities in 2000. Most buffer overflow attacks compromise the victim application by overwriting the return address of the currently executing function with an address that points to malicious code stored at the beginning of the buffer. Typically the malicious code spawns a command shell with root level access. Other types of buffer overflow attacks are possible, such as application-specific attacks that overwrite local variables located higher up on the stack, corrupting the data used by the victim application. This exercise exposes students to a simple buffer overflow attack and covers the best known methods for protecting systems from these attacks.
Student prerequisites- Familiarity with the C programming language.
- Familiarity with the Linux command line terminal and a Linux text editor.
- Familiarity with the basic concept of a buffer overflow attack (from lecture).
- Familiarity with the basic idea of canary-based stack protection mechanisms (from lecture).
- Students will be able to describe how a stack smashing buffer overflow attack works.
- Students will be able to protect a C program against stack smashing attacks by using SSP, a modified version of GCC that inserts canary values onto the runtime stack.
- Students will be able to identify the limitations of canary–based buffer overflow protections.
- Students will be able to analyze an existing application or system for vulnerability to stack smashing attacks.
- Students will be able to design and build applications and systems that are resistant to stack smashing attacks.
- Students will be able to protect already existing systems and applications from stack smashing attacks.
- Students will be able to make informed decisions regarding the trade offs involved in protecting appli- cations and systems from stack smashing attacks.
Download Exercise Materials