Stack and Buffer Attacks in Operating Systems - Essay Example

Due: Stack and Buffer Attacks in Operating Systems Introduction A buffer attack is a programming error that attempts to store data beyond the required maximum storage of fixed size buffer. Stack and buffer attacks occur when an application puts more data into a memory address such that it cannot handle. The results of buffer attacks may cause corruption in the neighboring data on the stack. The aftermath may also be a systems crash if the overflow was provoked by mistake. Buffer overflows from the past ten years have dominated in the areas of remote network penetrations especially in cases where a user has a total control of a host. Buffer overflow vulnerability gives an attacker with the option to generate and run a code; the code then attacks the vulnerable application allowing the user to define the term of bias on the application giving an attacker the option to control a system (Crispin Cowan 1999) The first buffer attack was widely used by the Morris Worm in the year 1988. Afterwards malicious crackers discovered the vulnerability and designed ways to exploit the advantage of vulnerability attack on system. In 1995, a buffer overflow was discovered in NCSA httpd 3 (this an open source web server for nix systems) then published on the Bugtrag mailing list by Lopatic Thomas. The bug caused the system to crash. The server had MAX_STRING_LEN defined into 256 characters, such that when a user request was larger than 256, the server would crash. In the access process, a user request looked like a normal request and most of the users were not able to detect any error on log file. The bug was later fixed by redefining the MAX_STRING_LEN to a bigger number. In the year 1996, Aleph One a registered Acorn developer best known for producing high speed processor cards, published the ‘ Smashing The Stack The Stack For Fun And Profit’ in Phrack magazine showing the procedure of exploiting the stack based buffer overflow vulnerabilities. Year 2001, a buffer overflow vulnerability was detected in Microsoft IIS 5.0 running on windows 2000 by Eye Digital Security . The vulnerability allowed a remote hacker to execute an arbitrary code on a targeted user by allowing the intruder to have a full administration control of the targeted computer. The gate way for the attackers was the internet printing protocol extension installed in windows 2000. To counteract this, a patch was made by Microsoft allowing windows 2000 users to patch from Microsoft. Another historical buffer overflows happened2003 in Microsoft SQL server 2000 using a “Slammer worm”. In this case an attacker could cause partial memory loss of a system memory by crafting packets onto the SQL server resolution Centre allowing them to execute the attacking code. This caused massive failure of the SQL server service. The vulnerability could be avoided by blocking port 1431 through the systems firewall or by restarting the SQL server on the affected systems (Organick 1983). The latest buffer attack happened in 2004 in Microsoft windows XP 2000 where by, an attacker could send vulnerable message to TCP 139 port or 445 on the targeted computer allowing the attacker to execute arbitrary codes on the system unit. For the Microsoft XP 2000 attack to be successful, an intruder would first code an executable application. The attack was mostly affected the clients systems and the terminal servers. Microsoft resolved this error by upgrading the service pack for Microsoft windows XP. Disadvantages caused by buffer and stack overflow outweigh the advantages. Through buffer attacks, users have gone to extend of spending a lot of money in upgrading the attacked systems. Cases such as the attack of the Microsoft windows XP in 2004, Microsoft fixed the bug by fully upgrading the systems kernel. The only legit advantage from buffer and stack overflow attack is the process can be used to randomly access and alter files if an application malfunctions. In other cases the method of attack can be used by detectives to spoof a suspect data (Patel 2002). Data loss as well as hardware malfunction have resulted due to buffer attacks. A slammer worm that affected the Microsoft SQL caused the affected systems to have a partial or full memory loss depending on the size of the overflow. If a system has experiences cumulated overflow attacks, it may cause the system hard disks to be unreadable as it causes patches on the memory through formatting string. In today’s era various techniques in software development have been used to heighten security of executable programs by detecting buffer and stack overflows. The techniques works by modifying the storage of data in the stack data structure or a run time stack in a subroutine. A system would show overflow when a canary added to the subroutine is destroyed. Various techniques implemented to prevent buffer and stack attacks include; Use of stock guard, a stock guard is compiler that checks activation codes for return address. The technique works by executing small patches that emit code functions through placing a canary word adjacent to the stack return address. In order to prevent forgery of the canary word, the stock guard uses a terminator canary and random canary. An attacker would not be able to use the symbols in the embedded terminator canary, such as the standard string CR, EOF. The copying mechanism of attack will end if an attacker hits the implanted symbols. The random canary uses a 32 bit numbers which are used after the program execution. An attacker would not spoof the numbers as they are stored secretly and hard to guess. Onother method of preventing stack and buffer attack include the use of coded hand stack examining. The stack examines the system unit in order to detect buffer overflows by providing protection in the LIBC codes. This method is not widely used for protection as it does not protect programs that do not use the LIBC vulnerability. Bound checking the compiler is also another way of protecting buffer flow attacks. The technique works through by adding unique information to different memory units then executing the pointers against the runtime. In latest software upgrade in order to prevent attacks, Programmers use the most sophisticated compiler application, the Pro police. This application, re-arranges the local variables in such a way that the CHAR buffers are allocated at the top of the stack then protected by a guard value. However this method is now widely used as it does not run as accordingly with small buffers. (Patel 2002) Tagging technique is also used to detect buffer overflows. Developed in 19th century, the compiler based technique performs by tagging different slots of data in a memory. The latest software to be made available is the stack ghost application coded with java from the Sun Microsystems. The application protects the pointers by detecting any modifications then automatically protects the installed software without the use of source code. Stack ghost is the most widely used technique as the GNU debugger in the application is enabled. Computer users are widely reminded to limit the buffer size. This can be done by never allowing much data to be stored in a buffer against the manufacture’s limit size. Following the advantages and disadvantages of stack and buffer attacks, it can be concluded that buffer overflows constitute most of the vulnerability problems. Combination of different techniques for preventing such attacks would hinder overflow and stack attack, if they were fully implemented. Attacks such as the one used by Morris in 1988 is uncommon and modern attacks and would not be widely prevented using the current methods of protection. Administrators can avoid buffer overflows by taking their time in considering the buffer size and avoid buffer overflow. Software users should take full responsibility of their codes in order to secure a program thus ensuring the production of more and safer programs. Works cited Crispin Cowan, Steve Beattie, John Johansen, and Perry Wagle, “PointGuard: Protecting Pointers From Buffer Overflow Vulnerabilities,” Proceedings of the 12th USENIX Security , 2003 J. Xu, S. Patel, “Architecture Support for Defending Against Buffer Overflow Attacks”, Workshop on Evaluating and Architecting Systems for Dependability .2002 Organick, A programmers View of the Intel 432 System, McGraw York, N.Y 1983 Crispin Cowan, Steve Beattie, “Protecting Systems from Stack Smashing Attacks with StackGuard”. Raleigh, NC, May 1999. C. Cowan et al., “StackGuard: Automatic Adaptive Detec-tion and Prevention of Buffer overrun attacks ”, www.immunix.com/pdfs/usenixsc98.pdf. Proc. Usenix Security Symp. 1998 Read More