APSI
APSI EN 1
APSI EN 1
Fichier Détails
| Cartes-fiches | 10 |
|---|---|
| Langue | Deutsch |
| Catégorie | Informatique |
| Niveau | Université |
| Crée / Actualisé | 19.11.2021 / 19.11.2021 |
| Lien de web |
https://card2brain.ch/box/20211119_apsi
|
| Intégrer |
<iframe src="https://card2brain.ch/box/20211119_apsi/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
What is a bufferoverflow attack?
Copying more data in a buffer than it can handle
What is the purpose of the following code?
#include <string.h>
#include <stdio.h>
int main (int argc, char *argv[]) {
char s2[4] = "yes"; // set s2 to "yes"
char s1[4] = "abc"; // set s1 to "abc"
strcpy(s1, argv[1]); // copy argv[1] into s1
puts(s2); // print s2
}
To overflow the char array s1 with the programm arguments and overwrite the char array s2.
What naiv approach can be used to secure against bufferoverflows and when does it apply?
A Stack Protection can be implemented. The idea is to place random values on the stack and then verify it. It is usually done to protect the return address of a function:
Stack: <local vars><random value><return address>
What are the problems with Stack Protection?
- Where can it be placed?
- When should it be checked?
- Causes extra effort.
- Does not protect buffer-overflow on the heap
What serious approach can be used to protect against buffer overflows?
Checked Buffers can be used. This should make a size check on every buffer insertion.
How can Checked Buffers be enforced?
- Code style guides that require them
- Code reviews
- Use buffer libraries that do these checks
- Use a language with safe buffers
What is "Data Leakage by Behaviour"?
A system that replies with too specific error codes and leaves room to interprate it's interna.
How to fix data leakage by behavior?
- Central error handling that does not reveal too many details
- Perform exactly the same queries in all situations
What is "Data Leakage by Error Output"?
Displaying information on errors about used libraries, os versions, etc.
It enables attackers to scout for insecure libraries or patches.
What is ransomware?
Software that encrypts all accessible data storage. Attackers usually demand money to supply a decryption key or leak secret information.
