SlideShare une entreprise Scribd logo

Dc 12 Chiueh

Télécharger en tant que PPT, PDF
W
wollard
TechnologieActualités & Politique
1  sur  44
Program semantics-Aware Intrusion Detection Prof. Tzi-cker Chiueh Computer Science Department Stony Brook University [email_address]
Introduction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Control- Hijacking Attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Stack Overflow Attack main() { input(); } input() { int i = 0;; int userID[5]; while ((scanf(“%d”, &(userID[I]))) != EOF) i ++; } STACK LAYOUT 128 Return address of input() 100 FP  124 Previous FP 120 Local variable i 116 userID[4] 112 userID[3] 108 userID[2] INT 80 104 userID[1] SP  100 userID[0]
Palladium (since 1999…) ,[object Object],[object Object],[object Object],[object Object]
Array Bound Checking ,[object Object],[object Object],[object Object],[object Object],[object Object]
Segmentation Hardware ,[object Object],Virtual Address = Segment Selector + Offset Linear Address Physical Address segmentation paging base + offset <= limit
Checking Array bound using Segmentation Hardware ( CASH ) ,[object Object],[object Object],offset = &(B[M]) – B_Segment_Base; for (i = M; i < N; I++) { GS = B_Segment_Selector; B[i] = 5; for (i = M; i < N; i++) { } GS:offset = 5; offset += 4; }
Performance Overhead CASH BCC 83.77% 2.23% Edge Detection 143.77% 1.47% Matrix Multiply 92.40% 1.61% Gaussian Elimination 72.19% 3.95% 2D FFT 126.38% 3.26% Volume Rendering 120.00% 1.82% SVDPACK
Return Address Defense ( RAD ) ,[object Object],[object Object]
Binary RAD Prototype ,[object Object],[object Object],[object Object],[object Object]
Performance Overhead 1.29% Outlook Express 3.44% PowerPoint 1.23% DHCP Server 1.05% BIND Overhead Program
Repairable File Service ( RFS ) ,[object Object],[object Object],[object Object],[object Object]
RFS Architecture Transparent to protected network file server NFS Client NFS Client NFS Client RFS Protected NFS Server Mirroring NFS Server
Fundamental Issues ,[object Object],[object Object],[object Object],[object Object],[object Object]
RFS Prototype ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Performance Results ,[object Object],[object Object],[object Object],[object Object]
Program semantics-Aware Intrusion Detection ( PAID ) ,[object Object],[object Object],[object Object]
System Call Policy/Model ,[object Object],[object Object],[object Object],[object Object],[object Object]
PAID Architecture Application Application Compiler System Call Policy System Call Pattern Legitimacy Check User Kernel Compile Time Extraction Run Time Checking
The Mimicry Attack ,[object Object],[object Object],[object Object]
Mimicry Attack Details ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Countermeasures ,[object Object],[object Object],[object Object],[object Object],[object Object]
Example main() { foo(); foo(); exit (); } foo() { for(….){ sys_foo (); sys_foo (); } } Entry(main) call(foo) return(foo) call(foo) return(foo) Exit() Exit(main) Entry(foo) sys_foo sys_foo Exit(foo)
System Call Policy Extraction ,[object Object],[object Object],[object Object]
Dynamic Branch Targets ,[object Object],[object Object],[object Object],[object Object]
Asynchronous Control Transfer ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
From NFA to DFA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
PAID Example main() { foo(); foo(); exit (); } foo() { for(….){ sys_foo (); sys_foo (); } } foo() { for(….){ { int ret; __asm__ (“movl sys_foo_n, %eax” “ int $0x80” “ sys_foo_call_site_1 :” “ movl %eax, ret” … .); } { int ret; __asm__ (“movl sys_foo_n, %eax” “ int $0x80” “ sys_foo_call_site_2 :” “ movl %eax, ret” … .); } } } Entry(main) sys_foo_call_site_1 sys_foo_call_site_2 sys_foo_call_site_1 sys_foo_call_site_2 exit_call_site_1 Exit(main)
PAID Checks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Ordering Check Only main Buffer Overflow setreuid read open stat write setreuid read open stat write Compromised Call chain Call sequence
Ordering and Site Check main Buffer Overflow setreuid read open stat write Compromised Call chain Call sequence int 0x80
Ordering, Site and Stack Check (1) main Buffer Overflow setreuid read open stat write Call chain Call sequence int 0x80
Ordering, Site and Stack Check (2) main Buffer Overflow exec Call chain Call sequence int 0x80 Stack check passes
Random Insertion of Notify Calls Call sequence int 0x80 main Buffer Overflow exec Call chain notify notify Attack failed
Alternative Approach ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
System Call Argument Check ,[object Object],[object Object],[object Object],[object Object],[object Object]
Dynamic Variables ,[object Object],[object Object]
Vulnerabilities Buffer Overflow Buffer Overflow exec exec notify notify Call chain Call sequence int 0x80 Desired system call follows Immediately Argument replacement
Prototype Implementation ,[object Object],[object Object],[object Object]
Throughput Overhead Apache Qpopper Sendmail Wuftpd PAID PAID/stack PAID/random PAID/stack random 4.89% 5.39% 6.48% 7.09% 5.38% 5.52% 6.03% 6.22% 6.81% 7.73% 9.36% 10.44% 2.23% 2.69% 3.60% 4.38%
Conclusion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Future Work ,[object Object],[object Object],[object Object],[object Object],[object Object]
For more information Project Page: http://www.ecsl.cs.sunysb.edu/PAID Thank You!

Recommandé

Buffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackBuffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackTomer Zait
 
N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)Selomon birhane
 
Exploits
ExploitsExploits
ExploitsKen Sai
 
System calls
System callsSystem calls
System callsAfshanKhan51
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJapneet Singh
 
Libra : A Compatible Method for Defending Against Arbitrary Memory Overwrite
Libra : A Compatible Method for Defending Against Arbitrary Memory OverwriteLibra : A Compatible Method for Defending Against Arbitrary Memory Overwrite
Libra : A Compatible Method for Defending Against Arbitrary Memory OverwriteJeremy Haung
 
Unix system calls
Unix system callsUnix system calls
Unix system callsstellajoseph
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemBikrant Gautam
 

Recommandé

Buffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackBuffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackTomer Zait
 
N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)Selomon birhane
 
Exploits
ExploitsExploits
ExploitsKen Sai
 
System calls
System callsSystem calls
System callsAfshanKhan51
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJapneet Singh
 
Libra : A Compatible Method for Defending Against Arbitrary Memory Overwrite
Libra : A Compatible Method for Defending Against Arbitrary Memory OverwriteLibra : A Compatible Method for Defending Against Arbitrary Memory Overwrite
Libra : A Compatible Method for Defending Against Arbitrary Memory OverwriteJeremy Haung
 
Unix system calls
Unix system callsUnix system calls
Unix system callsstellajoseph
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemBikrant Gautam
 
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackTechSecIT
 
Introduction to Operating Systems - Part2
Introduction to Operating Systems - Part2Introduction to Operating Systems - Part2
Introduction to Operating Systems - Part2Amir Payberah
 
Intrusion Discovery on Windows
Intrusion Discovery on WindowsIntrusion Discovery on Windows
Intrusion Discovery on Windowsdkaya
 
Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Sarod Paichayonrittha
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8Nutan Kumar Panda
 
Os note
Os noteOs note
Os notekaiderellachan
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
LINUX System Call Quick Reference
LINUX System Call Quick ReferenceLINUX System Call Quick Reference
LINUX System Call Quick Referencewensheng wei
 
2.Operating System Structures
2.Operating System Structures2.Operating System Structures
2.Operating System StructuresSenthil Kanth
 
CPU Scheduling - Part1
CPU Scheduling - Part1CPU Scheduling - Part1
CPU Scheduling - Part1Amir Payberah
 
System Calls
System CallsSystem Calls
System CallsAnil Kumar Pugalia
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processorPriyanka Aash
 
FFR GreenKiller - Automatic kernel-mode malware analysis system
FFR GreenKiller - Automatic kernel-mode malware analysis systemFFR GreenKiller - Automatic kernel-mode malware analysis system
FFR GreenKiller - Automatic kernel-mode malware analysis systemFFRI, Inc.
 
Breaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsPriyanka Aash
 
Introduction to Operating Systems - Part3
Introduction to Operating Systems - Part3Introduction to Operating Systems - Part3
Introduction to Operating Systems - Part3Amir Payberah
 
Part 04 Creating a System Call in Linux
Part 04 Creating a System Call in LinuxPart 04 Creating a System Call in Linux
Part 04 Creating a System Call in LinuxTushar B Kute
 
Prog i
Prog iProg i
Prog iSanchit Patil
 
XPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, Intel
XPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, IntelXPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, Intel
XPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, IntelThe Linux Foundation
 
Operating system enhancements to prevent misuse of systems
Operating system enhancements to prevent misuse of systemsOperating system enhancements to prevent misuse of systems
Operating system enhancements to prevent misuse of systemsDayal Dilli
 
Intel processor trace - What are Recorded?
Intel processor trace - What are Recorded?Intel processor trace - What are Recorded?
Intel processor trace - What are Recorded?Pipat Methavanitpong
 
Another great weekend
Another great weekendAnother great weekend
Another great weekendBarbara Polson
 
PresentacióN Ico
PresentacióN IcoPresentacióN Ico
PresentacióN IcoMagakrynski
 

Contenu connexe

Tendances

An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackTechSecIT
 
Introduction to Operating Systems - Part2
Introduction to Operating Systems - Part2Introduction to Operating Systems - Part2
Introduction to Operating Systems - Part2Amir Payberah
 
Intrusion Discovery on Windows
Intrusion Discovery on WindowsIntrusion Discovery on Windows
Intrusion Discovery on Windowsdkaya
 
Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Sarod Paichayonrittha
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
LINUX System Call Quick Reference
LINUX System Call Quick ReferenceLINUX System Call Quick Reference
LINUX System Call Quick Referencewensheng wei
 
2.Operating System Structures
2.Operating System Structures2.Operating System Structures
2.Operating System StructuresSenthil Kanth
 
CPU Scheduling - Part1
CPU Scheduling - Part1CPU Scheduling - Part1
CPU Scheduling - Part1Amir Payberah
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processorPriyanka Aash
 
FFR GreenKiller - Automatic kernel-mode malware analysis system
FFR GreenKiller - Automatic kernel-mode malware analysis systemFFR GreenKiller - Automatic kernel-mode malware analysis system
FFR GreenKiller - Automatic kernel-mode malware analysis systemFFRI, Inc.
 
Breaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsPriyanka Aash
 
Introduction to Operating Systems - Part3
Introduction to Operating Systems - Part3Introduction to Operating Systems - Part3
Introduction to Operating Systems - Part3Amir Payberah
 
Part 04 Creating a System Call in Linux
Part 04 Creating a System Call in LinuxPart 04 Creating a System Call in Linux
Part 04 Creating a System Call in LinuxTushar B Kute
 
XPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, Intel
XPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, IntelXPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, Intel
XPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, IntelThe Linux Foundation
 
Operating system enhancements to prevent misuse of systems
Operating system enhancements to prevent misuse of systemsOperating system enhancements to prevent misuse of systems
Operating system enhancements to prevent misuse of systemsDayal Dilli
 
Intel processor trace - What are Recorded?
Intel processor trace - What are Recorded?Intel processor trace - What are Recorded?
Intel processor trace - What are Recorded?Pipat Methavanitpong
 

Tendances (20)

An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
 
Introduction to Operating Systems - Part2
Introduction to Operating Systems - Part2Introduction to Operating Systems - Part2
Introduction to Operating Systems - Part2
 
Intrusion Discovery on Windows
Intrusion Discovery on WindowsIntrusion Discovery on Windows
Intrusion Discovery on Windows
 
Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8
 
Os note
Os noteOs note
Os note
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
LINUX System Call Quick Reference
LINUX System Call Quick ReferenceLINUX System Call Quick Reference
LINUX System Call Quick Reference
 
2.Operating System Structures
2.Operating System Structures2.Operating System Structures
2.Operating System Structures
 
CPU Scheduling - Part1
CPU Scheduling - Part1CPU Scheduling - Part1
CPU Scheduling - Part1
 
System Calls
System CallsSystem Calls
System Calls
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processor
 
FFR GreenKiller - Automatic kernel-mode malware analysis system
FFR GreenKiller - Automatic kernel-mode malware analysis systemFFR GreenKiller - Automatic kernel-mode malware analysis system
FFR GreenKiller - Automatic kernel-mode malware analysis system
 
Breaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisors
 
Introduction to Operating Systems - Part3
Introduction to Operating Systems - Part3Introduction to Operating Systems - Part3
Introduction to Operating Systems - Part3
 
Part 04 Creating a System Call in Linux
Part 04 Creating a System Call in LinuxPart 04 Creating a System Call in Linux
Part 04 Creating a System Call in Linux
 
Prog i
Prog iProg i
Prog i
 
XPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, Intel
XPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, IntelXPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, Intel
XPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, Intel
 
Operating system enhancements to prevent misuse of systems
Operating system enhancements to prevent misuse of systemsOperating system enhancements to prevent misuse of systems
Operating system enhancements to prevent misuse of systems
 
Intel processor trace - What are Recorded?
Intel processor trace - What are Recorded?Intel processor trace - What are Recorded?
Intel processor trace - What are Recorded?
 

En vedette

PresentacióN Ico
PresentacióN IcoPresentacióN Ico
PresentacióN IcoMagakrynski
 
Verbesserungsvorschlag
VerbesserungsvorschlagVerbesserungsvorschlag
Verbesserungsvorschlagrogerrabbit
 
Bizcocho De Yogurt
Bizcocho De YogurtBizcocho De Yogurt
Bizcocho De Yogurttransgenico
 
香港六合彩
香港六合彩香港六合彩
香港六合彩wixuc
 
World hunger facts
World hunger factsWorld hunger facts
World hunger factscecilconway
 
User Experience Design
User Experience Design User Experience Design
User Experience Design Prabuddha Vyas
 
Sertifikasi Guru
Sertifikasi GuruSertifikasi Guru
Sertifikasi GuruEKO MULYONO
 
香港六合彩
香港六合彩香港六合彩
香港六合彩wixuc
 
Dc 12 Shmoo
Dc 12 ShmooDc 12 Shmoo
Dc 12 Shmoowollard
 
The Ultimate Incubator 5
The Ultimate Incubator 5The Ultimate Incubator 5
The Ultimate Incubator 5mkgiver
 
Multimedia dalam Pembelajaran
Multimedia dalam PembelajaranMultimedia dalam Pembelajaran
Multimedia dalam PembelajaranEKO MULYONO
 
Olimpiade Fisika Indonesia
Olimpiade Fisika IndonesiaOlimpiade Fisika Indonesia
Olimpiade Fisika IndonesiaEKO MULYONO
 
Pembahasan Soal Fisika Materi Tata Surya
Pembahasan Soal Fisika Materi Tata SuryaPembahasan Soal Fisika Materi Tata Surya
Pembahasan Soal Fisika Materi Tata SuryaEKO MULYONO
 
¿Que es la web 2.0? Concepto y recorrido por aplicaciones practicas.
¿Que es la web 2.0? Concepto y recorrido por aplicaciones practicas.¿Que es la web 2.0? Concepto y recorrido por aplicaciones practicas.
¿Que es la web 2.0? Concepto y recorrido por aplicaciones practicas.Elías Fernández
 

En vedette (20)

Another great weekend
Another great weekendAnother great weekend
Another great weekend
 
PresentacióN Ico
PresentacióN IcoPresentacióN Ico
PresentacióN Ico
 
Verbesserungsvorschlag
VerbesserungsvorschlagVerbesserungsvorschlag
Verbesserungsvorschlag
 
Cute Dog Theory
Cute Dog TheoryCute Dog Theory
Cute Dog Theory
 
Bizcocho De Yogurt
Bizcocho De YogurtBizcocho De Yogurt
Bizcocho De Yogurt
 
Nano Technologi
Nano TechnologiNano Technologi
Nano Technologi
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
World hunger facts
World hunger factsWorld hunger facts
World hunger facts
 
User Experience Design
User Experience Design User Experience Design
User Experience Design
 
Sertifikasi Guru
Sertifikasi GuruSertifikasi Guru
Sertifikasi Guru
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
Dc 12 Shmoo
Dc 12 ShmooDc 12 Shmoo
Dc 12 Shmoo
 
Impetus
ImpetusImpetus
Impetus
 
The Ultimate Incubator 5
The Ultimate Incubator 5The Ultimate Incubator 5
The Ultimate Incubator 5
 
Multimedia dalam Pembelajaran
Multimedia dalam PembelajaranMultimedia dalam Pembelajaran
Multimedia dalam Pembelajaran
 
Olimpiade Fisika Indonesia
Olimpiade Fisika IndonesiaOlimpiade Fisika Indonesia
Olimpiade Fisika Indonesia
 
Coursework 2012
Coursework 2012Coursework 2012
Coursework 2012
 
Pembahasan Soal Fisika Materi Tata Surya
Pembahasan Soal Fisika Materi Tata SuryaPembahasan Soal Fisika Materi Tata Surya
Pembahasan Soal Fisika Materi Tata Surya
 
Guru Efektif
Guru EfektifGuru Efektif
Guru Efektif
 
¿Que es la web 2.0? Concepto y recorrido por aplicaciones practicas.
¿Que es la web 2.0? Concepto y recorrido por aplicaciones practicas.¿Que es la web 2.0? Concepto y recorrido por aplicaciones practicas.
¿Que es la web 2.0? Concepto y recorrido por aplicaciones practicas.
 

Similaire à Dc 12 Chiueh

Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksKapil Nagrale
 
OPERATING SYSTEM SERVICES, OPERATING SYSTEM STRUCTURES
OPERATING SYSTEM SERVICES, OPERATING SYSTEM STRUCTURESOPERATING SYSTEM SERVICES, OPERATING SYSTEM STRUCTURES
OPERATING SYSTEM SERVICES, OPERATING SYSTEM STRUCTURESpriyasoundar
 
Trap Handling in Linux
Trap Handling in LinuxTrap Handling in Linux
Trap Handling in LinuxYongraeJo
 
W5 system call, DD, OS structure.ppt
W5 system call, DD, OS structure.pptW5 system call, DD, OS structure.ppt
W5 system call, DD, OS structure.pptiqrayounus5
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack webhostingguy
 
SystemCallsAndInvocationMethods_Mayin074.pptx
SystemCallsAndInvocationMethods_Mayin074.pptxSystemCallsAndInvocationMethods_Mayin074.pptx
SystemCallsAndInvocationMethods_Mayin074.pptxBlackGoku18
 
2.Operating System Structures
2.Operating System Structures2.Operating System Structures
2.Operating System StructuresSenthil Kanth
 
Virtual platform
Virtual platformVirtual platform
Virtual platformsean chen
 
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...Area41
 
NNUG Certification Presentation
NNUG Certification PresentationNNUG Certification Presentation
NNUG Certification PresentationNiall Merrigan
 
Real Time Operating System
Real Time Operating SystemReal Time Operating System
Real Time Operating Systemvivek223
 
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Vincenzo Iozzo
 
In C programming please CSCI 4534 Operating Systems Program.pdf
In C programming please CSCI 4534 Operating Systems Program.pdfIn C programming please CSCI 4534 Operating Systems Program.pdf
In C programming please CSCI 4534 Operating Systems Program.pdfankitsrivastava681882
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 

Similaire à Dc 12 Chiueh (20)

Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
OPERATING SYSTEM SERVICES, OPERATING SYSTEM STRUCTURES
OPERATING SYSTEM SERVICES, OPERATING SYSTEM STRUCTURESOPERATING SYSTEM SERVICES, OPERATING SYSTEM STRUCTURES
OPERATING SYSTEM SERVICES, OPERATING SYSTEM STRUCTURES
 
LINUX Device Drivers
LINUX Device DriversLINUX Device Drivers
LINUX Device Drivers
 
Trap Handling in Linux
Trap Handling in LinuxTrap Handling in Linux
Trap Handling in Linux
 
Software Security
Software SecuritySoftware Security
Software Security
 
W5 system call, DD, OS structure.ppt
W5 system call, DD, OS structure.pptW5 system call, DD, OS structure.ppt
W5 system call, DD, OS structure.ppt
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack
 
SystemCallsAndInvocationMethods_Mayin074.pptx
SystemCallsAndInvocationMethods_Mayin074.pptxSystemCallsAndInvocationMethods_Mayin074.pptx
SystemCallsAndInvocationMethods_Mayin074.pptx
 
2.Operating System Structures
2.Operating System Structures2.Operating System Structures
2.Operating System Structures
 
Virtual platform
Virtual platformVirtual platform
Virtual platform
 
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
 
System Calls
System CallsSystem Calls
System Calls
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723
 
2071
20712071
2071
 
NNUG Certification Presentation
NNUG Certification PresentationNNUG Certification Presentation
NNUG Certification Presentation
 
Procedure
ProcedureProcedure
Procedure
 
Real Time Operating System
Real Time Operating SystemReal Time Operating System
Real Time Operating System
 
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
 
In C programming please CSCI 4534 Operating Systems Program.pdf
In C programming please CSCI 4534 Operating Systems Program.pdfIn C programming please CSCI 4534 Operating Systems Program.pdf
In C programming please CSCI 4534 Operating Systems Program.pdf
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 

Dernier

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

Dernier (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

Dc 12 Chiueh

  • 1. Program semantics-Aware Intrusion Detection Prof. Tzi-cker Chiueh Computer Science Department Stony Brook University [email_address]
  • 2.
  • 3.
  • 4. Stack Overflow Attack main() { input(); } input() { int i = 0;; int userID[5]; while ((scanf(“%d”, &(userID[I]))) != EOF) i ++; } STACK LAYOUT 128 Return address of input() 100 FP  124 Previous FP 120 Local variable i 116 userID[4] 112 userID[3] 108 userID[2] INT 80 104 userID[1] SP  100 userID[0]
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. Performance Overhead CASH BCC 83.77% 2.23% Edge Detection 143.77% 1.47% Matrix Multiply 92.40% 1.61% Gaussian Elimination 72.19% 3.95% 2D FFT 126.38% 3.26% Volume Rendering 120.00% 1.82% SVDPACK
  • 10.
  • 11.
  • 12. Performance Overhead 1.29% Outlook Express 3.44% PowerPoint 1.23% DHCP Server 1.05% BIND Overhead Program
  • 13.
  • 14. RFS Architecture Transparent to protected network file server NFS Client NFS Client NFS Client RFS Protected NFS Server Mirroring NFS Server
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20. PAID Architecture Application Application Compiler System Call Policy System Call Pattern Legitimacy Check User Kernel Compile Time Extraction Run Time Checking
  • 21.
  • 22.
  • 23.
  • 24. Example main() { foo(); foo(); exit (); } foo() { for(….){ sys_foo (); sys_foo (); } } Entry(main) call(foo) return(foo) call(foo) return(foo) Exit() Exit(main) Entry(foo) sys_foo sys_foo Exit(foo)
  • 25.
  • 26.
  • 27.
  • 28.
  • 29. PAID Example main() { foo(); foo(); exit (); } foo() { for(….){ sys_foo (); sys_foo (); } } foo() { for(….){ { int ret; __asm__ (“movl sys_foo_n, %eax” “ int $0x80” “ sys_foo_call_site_1 :” “ movl %eax, ret” … .); } { int ret; __asm__ (“movl sys_foo_n, %eax” “ int $0x80” “ sys_foo_call_site_2 :” “ movl %eax, ret” … .); } } } Entry(main) sys_foo_call_site_1 sys_foo_call_site_2 sys_foo_call_site_1 sys_foo_call_site_2 exit_call_site_1 Exit(main)
  • 30.
  • 31. Ordering Check Only main Buffer Overflow setreuid read open stat write setreuid read open stat write Compromised Call chain Call sequence
  • 32. Ordering and Site Check main Buffer Overflow setreuid read open stat write Compromised Call chain Call sequence int 0x80
  • 33. Ordering, Site and Stack Check (1) main Buffer Overflow setreuid read open stat write Call chain Call sequence int 0x80
  • 34. Ordering, Site and Stack Check (2) main Buffer Overflow exec Call chain Call sequence int 0x80 Stack check passes
  • 35. Random Insertion of Notify Calls Call sequence int 0x80 main Buffer Overflow exec Call chain notify notify Attack failed
  • 36.
  • 37.
  • 38.
  • 39. Vulnerabilities Buffer Overflow Buffer Overflow exec exec notify notify Call chain Call sequence int 0x80 Desired system call follows Immediately Argument replacement
  • 40.
  • 41. Throughput Overhead Apache Qpopper Sendmail Wuftpd PAID PAID/stack PAID/random PAID/stack random 4.89% 5.39% 6.48% 7.09% 5.38% 5.52% 6.03% 6.22% 6.81% 7.73% 9.36% 10.44% 2.23% 2.69% 3.60% 4.38%
  • 42.
  • 43.
  • 44. For more information Project Page: http://www.ecsl.cs.sunysb.edu/PAID Thank You!