SlideShare uma empresa Scribd logo

Dc 12 Chiueh

Transferir como PPT, PDF
W
wollard
TecnologiaNotícias e política
1 de 44
Program semantics-Aware Intrusion Detection Prof. Tzi-cker Chiueh Computer Science Department Stony Brook University [email_address]
Introduction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Control- Hijacking Attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Stack Overflow Attack main() { input(); } input() { int i = 0;; int userID[5]; while ((scanf(“%d”, &(userID[I]))) != EOF) i ++; } STACK LAYOUT 128 Return address of input() 100 FP  124 Previous FP 120 Local variable i 116 userID[4] 112 userID[3] 108 userID[2] INT 80 104 userID[1] SP  100 userID[0]
Palladium (since 1999…) ,[object Object],[object Object],[object Object],[object Object]
Array Bound Checking ,[object Object],[object Object],[object Object],[object Object],[object Object]
Segmentation Hardware ,[object Object],Virtual Address = Segment Selector + Offset Linear Address Physical Address segmentation paging base + offset <= limit
Checking Array bound using Segmentation Hardware ( CASH ) ,[object Object],[object Object],offset = &(B[M]) – B_Segment_Base; for (i = M; i < N; I++) { GS = B_Segment_Selector; B[i] = 5; for (i = M; i < N; i++) { } GS:offset = 5; offset += 4; }
Performance Overhead CASH BCC 83.77% 2.23% Edge Detection 143.77% 1.47% Matrix Multiply 92.40% 1.61% Gaussian Elimination 72.19% 3.95% 2D FFT 126.38% 3.26% Volume Rendering 120.00% 1.82% SVDPACK
Return Address Defense ( RAD ) ,[object Object],[object Object]
Binary RAD Prototype ,[object Object],[object Object],[object Object],[object Object]
Performance Overhead 1.29% Outlook Express 3.44% PowerPoint 1.23% DHCP Server 1.05% BIND Overhead Program
Repairable File Service ( RFS ) ,[object Object],[object Object],[object Object],[object Object]
RFS Architecture Transparent to protected network file server NFS Client NFS Client NFS Client RFS Protected NFS Server Mirroring NFS Server
Fundamental Issues ,[object Object],[object Object],[object Object],[object Object],[object Object]
RFS Prototype ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Performance Results ,[object Object],[object Object],[object Object],[object Object]
Program semantics-Aware Intrusion Detection ( PAID ) ,[object Object],[object Object],[object Object]
System Call Policy/Model ,[object Object],[object Object],[object Object],[object Object],[object Object]
PAID Architecture Application Application Compiler System Call Policy System Call Pattern Legitimacy Check User Kernel Compile Time Extraction Run Time Checking
The Mimicry Attack ,[object Object],[object Object],[object Object]
Mimicry Attack Details ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Countermeasures ,[object Object],[object Object],[object Object],[object Object],[object Object]
Example main() { foo(); foo(); exit (); } foo() { for(….){ sys_foo (); sys_foo (); } } Entry(main) call(foo) return(foo) call(foo) return(foo) Exit() Exit(main) Entry(foo) sys_foo sys_foo Exit(foo)
System Call Policy Extraction ,[object Object],[object Object],[object Object]
Dynamic Branch Targets ,[object Object],[object Object],[object Object],[object Object]
Asynchronous Control Transfer ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
From NFA to DFA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
PAID Example main() { foo(); foo(); exit (); } foo() { for(….){ sys_foo (); sys_foo (); } } foo() { for(….){ { int ret; __asm__ (“movl sys_foo_n, %eax” “ int $0x80” “ sys_foo_call_site_1 :” “ movl %eax, ret” … .); } { int ret; __asm__ (“movl sys_foo_n, %eax” “ int $0x80” “ sys_foo_call_site_2 :” “ movl %eax, ret” … .); } } } Entry(main) sys_foo_call_site_1 sys_foo_call_site_2 sys_foo_call_site_1 sys_foo_call_site_2 exit_call_site_1 Exit(main)
PAID Checks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Ordering Check Only main Buffer Overflow setreuid read open stat write setreuid read open stat write Compromised Call chain Call sequence
Ordering and Site Check main Buffer Overflow setreuid read open stat write Compromised Call chain Call sequence int 0x80
Ordering, Site and Stack Check (1) main Buffer Overflow setreuid read open stat write Call chain Call sequence int 0x80
Ordering, Site and Stack Check (2) main Buffer Overflow exec Call chain Call sequence int 0x80 Stack check passes
Random Insertion of Notify Calls Call sequence int 0x80 main Buffer Overflow exec Call chain notify notify Attack failed
Alternative Approach ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
System Call Argument Check ,[object Object],[object Object],[object Object],[object Object],[object Object]
Dynamic Variables ,[object Object],[object Object]
Vulnerabilities Buffer Overflow Buffer Overflow exec exec notify notify Call chain Call sequence int 0x80 Desired system call follows Immediately Argument replacement
Prototype Implementation ,[object Object],[object Object],[object Object]
Throughput Overhead Apache Qpopper Sendmail Wuftpd PAID PAID/stack PAID/random PAID/stack random 4.89% 5.39% 6.48% 7.09% 5.38% 5.52% 6.03% 6.22% 6.81% 7.73% 9.36% 10.44% 2.23% 2.69% 3.60% 4.38%
Conclusion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Future Work ,[object Object],[object Object],[object Object],[object Object],[object Object]
For more information Project Page: http://www.ecsl.cs.sunysb.edu/PAID Thank You!

Recomendados

Buffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackBuffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackTomer Zait
 
N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)Selomon birhane
 
Exploits
ExploitsExploits
ExploitsKen Sai
 
System calls
System callsSystem calls
System callsAfshanKhan51
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJapneet Singh
 
Libra : A Compatible Method for Defending Against Arbitrary Memory Overwrite
Libra : A Compatible Method for Defending Against Arbitrary Memory OverwriteLibra : A Compatible Method for Defending Against Arbitrary Memory Overwrite
Libra : A Compatible Method for Defending Against Arbitrary Memory OverwriteJeremy Haung
 
Unix system calls
Unix system callsUnix system calls
Unix system callsstellajoseph
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemBikrant Gautam
 

Recomendados

Buffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackBuffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackTomer Zait
 
N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)N_Asm Assembly system calls (sol)
N_Asm Assembly system calls (sol)Selomon birhane
 
Exploits
ExploitsExploits
ExploitsKen Sai
 
System calls
System callsSystem calls
System callsAfshanKhan51
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJapneet Singh
 
Libra : A Compatible Method for Defending Against Arbitrary Memory Overwrite
Libra : A Compatible Method for Defending Against Arbitrary Memory OverwriteLibra : A Compatible Method for Defending Against Arbitrary Memory Overwrite
Libra : A Compatible Method for Defending Against Arbitrary Memory OverwriteJeremy Haung
 
Unix system calls
Unix system callsUnix system calls
Unix system callsstellajoseph
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemBikrant Gautam
 
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackTechSecIT
 
Introduction to Operating Systems - Part2
Introduction to Operating Systems - Part2Introduction to Operating Systems - Part2
Introduction to Operating Systems - Part2Amir Payberah
 
Intrusion Discovery on Windows
Intrusion Discovery on WindowsIntrusion Discovery on Windows
Intrusion Discovery on Windowsdkaya
 
Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Sarod Paichayonrittha
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8Nutan Kumar Panda
 
Os note
Os noteOs note
Os notekaiderellachan
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
LINUX System Call Quick Reference
LINUX System Call Quick ReferenceLINUX System Call Quick Reference
LINUX System Call Quick Referencewensheng wei
 
2.Operating System Structures
2.Operating System Structures2.Operating System Structures
2.Operating System StructuresSenthil Kanth
 
CPU Scheduling - Part1
CPU Scheduling - Part1CPU Scheduling - Part1
CPU Scheduling - Part1Amir Payberah
 
System Calls
System CallsSystem Calls
System CallsAnil Kumar Pugalia
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processorPriyanka Aash
 
FFR GreenKiller - Automatic kernel-mode malware analysis system
FFR GreenKiller - Automatic kernel-mode malware analysis systemFFR GreenKiller - Automatic kernel-mode malware analysis system
FFR GreenKiller - Automatic kernel-mode malware analysis systemFFRI, Inc.
 
Breaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsPriyanka Aash
 
Introduction to Operating Systems - Part3
Introduction to Operating Systems - Part3Introduction to Operating Systems - Part3
Introduction to Operating Systems - Part3Amir Payberah
 
Part 04 Creating a System Call in Linux
Part 04 Creating a System Call in LinuxPart 04 Creating a System Call in Linux
Part 04 Creating a System Call in LinuxTushar B Kute
 
Prog i
Prog iProg i
Prog iSanchit Patil
 
XPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, Intel
XPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, IntelXPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, Intel
XPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, IntelThe Linux Foundation
 
Operating system enhancements to prevent misuse of systems
Operating system enhancements to prevent misuse of systemsOperating system enhancements to prevent misuse of systems
Operating system enhancements to prevent misuse of systemsDayal Dilli
 
Intel processor trace - What are Recorded?
Intel processor trace - What are Recorded?Intel processor trace - What are Recorded?
Intel processor trace - What are Recorded?Pipat Methavanitpong
 
Another great weekend
Another great weekendAnother great weekend
Another great weekendBarbara Polson
 
PresentacióN Ico
PresentacióN IcoPresentacióN Ico
PresentacióN IcoMagakrynski
 

Mais conteúdo relacionado

Mais procurados

An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackTechSecIT
 
Introduction to Operating Systems - Part2
Introduction to Operating Systems - Part2Introduction to Operating Systems - Part2
Introduction to Operating Systems - Part2Amir Payberah
 
Intrusion Discovery on Windows
Intrusion Discovery on WindowsIntrusion Discovery on Windows
Intrusion Discovery on Windowsdkaya
 
Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Sarod Paichayonrittha
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
LINUX System Call Quick Reference
LINUX System Call Quick ReferenceLINUX System Call Quick Reference
LINUX System Call Quick Referencewensheng wei
 
2.Operating System Structures
2.Operating System Structures2.Operating System Structures
2.Operating System StructuresSenthil Kanth
 
CPU Scheduling - Part1
CPU Scheduling - Part1CPU Scheduling - Part1
CPU Scheduling - Part1Amir Payberah
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processorPriyanka Aash
 
FFR GreenKiller - Automatic kernel-mode malware analysis system
FFR GreenKiller - Automatic kernel-mode malware analysis systemFFR GreenKiller - Automatic kernel-mode malware analysis system
FFR GreenKiller - Automatic kernel-mode malware analysis systemFFRI, Inc.
 
Breaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsPriyanka Aash
 
Introduction to Operating Systems - Part3
Introduction to Operating Systems - Part3Introduction to Operating Systems - Part3
Introduction to Operating Systems - Part3Amir Payberah
 
Part 04 Creating a System Call in Linux
Part 04 Creating a System Call in LinuxPart 04 Creating a System Call in Linux
Part 04 Creating a System Call in LinuxTushar B Kute
 
XPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, Intel
XPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, IntelXPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, Intel
XPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, IntelThe Linux Foundation
 
Operating system enhancements to prevent misuse of systems
Operating system enhancements to prevent misuse of systemsOperating system enhancements to prevent misuse of systems
Operating system enhancements to prevent misuse of systemsDayal Dilli
 
Intel processor trace - What are Recorded?
Intel processor trace - What are Recorded?Intel processor trace - What are Recorded?
Intel processor trace - What are Recorded?Pipat Methavanitpong
 

Mais procurados (20)

An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
 
Introduction to Operating Systems - Part2
Introduction to Operating Systems - Part2Introduction to Operating Systems - Part2
Introduction to Operating Systems - Part2
 
Intrusion Discovery on Windows
Intrusion Discovery on WindowsIntrusion Discovery on Windows
Intrusion Discovery on Windows
 
Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8
 
Os note
Os noteOs note
Os note
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
LINUX System Call Quick Reference
LINUX System Call Quick ReferenceLINUX System Call Quick Reference
LINUX System Call Quick Reference
 
2.Operating System Structures
2.Operating System Structures2.Operating System Structures
2.Operating System Structures
 
CPU Scheduling - Part1
CPU Scheduling - Part1CPU Scheduling - Part1
CPU Scheduling - Part1
 
System Calls
System CallsSystem Calls
System Calls
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processor
 
FFR GreenKiller - Automatic kernel-mode malware analysis system
FFR GreenKiller - Automatic kernel-mode malware analysis systemFFR GreenKiller - Automatic kernel-mode malware analysis system
FFR GreenKiller - Automatic kernel-mode malware analysis system
 
Breaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisors
 
Introduction to Operating Systems - Part3
Introduction to Operating Systems - Part3Introduction to Operating Systems - Part3
Introduction to Operating Systems - Part3
 
Part 04 Creating a System Call in Linux
Part 04 Creating a System Call in LinuxPart 04 Creating a System Call in Linux
Part 04 Creating a System Call in Linux
 
Prog i
Prog iProg i
Prog i
 
XPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, Intel
XPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, IntelXPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, Intel
XPDDS18: Intel Processor Trace for Xen Hypervisor - Luwei Kang, Intel
 
Operating system enhancements to prevent misuse of systems
Operating system enhancements to prevent misuse of systemsOperating system enhancements to prevent misuse of systems
Operating system enhancements to prevent misuse of systems
 
Intel processor trace - What are Recorded?
Intel processor trace - What are Recorded?Intel processor trace - What are Recorded?
Intel processor trace - What are Recorded?
 

Destaque

PresentacióN Ico
PresentacióN IcoPresentacióN Ico
PresentacióN IcoMagakrynski
 
Verbesserungsvorschlag
VerbesserungsvorschlagVerbesserungsvorschlag
Verbesserungsvorschlagrogerrabbit
 
Bizcocho De Yogurt
Bizcocho De YogurtBizcocho De Yogurt
Bizcocho De Yogurttransgenico
 
香港六合彩
香港六合彩香港六合彩
香港六合彩wixuc
 
World hunger facts
World hunger factsWorld hunger facts
World hunger factscecilconway
 
User Experience Design
User Experience Design User Experience Design
User Experience Design Prabuddha Vyas
 
Sertifikasi Guru
Sertifikasi GuruSertifikasi Guru
Sertifikasi GuruEKO MULYONO
 
香港六合彩
香港六合彩香港六合彩
香港六合彩wixuc
 
Dc 12 Shmoo
Dc 12 ShmooDc 12 Shmoo
Dc 12 Shmoowollard
 
The Ultimate Incubator 5
The Ultimate Incubator 5The Ultimate Incubator 5
The Ultimate Incubator 5mkgiver
 
Multimedia dalam Pembelajaran
Multimedia dalam PembelajaranMultimedia dalam Pembelajaran
Multimedia dalam PembelajaranEKO MULYONO
 
Olimpiade Fisika Indonesia
Olimpiade Fisika IndonesiaOlimpiade Fisika Indonesia
Olimpiade Fisika IndonesiaEKO MULYONO
 
Pembahasan Soal Fisika Materi Tata Surya
Pembahasan Soal Fisika Materi Tata SuryaPembahasan Soal Fisika Materi Tata Surya
Pembahasan Soal Fisika Materi Tata SuryaEKO MULYONO
 
¿Que es la web 2.0? Concepto y recorrido por aplicaciones practicas.
¿Que es la web 2.0? Concepto y recorrido por aplicaciones practicas.¿Que es la web 2.0? Concepto y recorrido por aplicaciones practicas.
¿Que es la web 2.0? Concepto y recorrido por aplicaciones practicas.Elías Fernández
 

Destaque (20)

Another great weekend
Another great weekendAnother great weekend
Another great weekend
 
PresentacióN Ico
PresentacióN IcoPresentacióN Ico
PresentacióN Ico
 
Verbesserungsvorschlag
VerbesserungsvorschlagVerbesserungsvorschlag
Verbesserungsvorschlag
 
Cute Dog Theory
Cute Dog TheoryCute Dog Theory
Cute Dog Theory
 
Bizcocho De Yogurt
Bizcocho De YogurtBizcocho De Yogurt
Bizcocho De Yogurt
 
Nano Technologi
Nano TechnologiNano Technologi
Nano Technologi
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
World hunger facts
World hunger factsWorld hunger facts
World hunger facts
 
User Experience Design
User Experience Design User Experience Design
User Experience Design
 
Sertifikasi Guru
Sertifikasi GuruSertifikasi Guru
Sertifikasi Guru
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
Dc 12 Shmoo
Dc 12 ShmooDc 12 Shmoo
Dc 12 Shmoo
 
Impetus
ImpetusImpetus
Impetus
 
The Ultimate Incubator 5
The Ultimate Incubator 5The Ultimate Incubator 5
The Ultimate Incubator 5
 
Multimedia dalam Pembelajaran
Multimedia dalam PembelajaranMultimedia dalam Pembelajaran
Multimedia dalam Pembelajaran
 
Olimpiade Fisika Indonesia
Olimpiade Fisika IndonesiaOlimpiade Fisika Indonesia
Olimpiade Fisika Indonesia
 
Coursework 2012
Coursework 2012Coursework 2012
Coursework 2012
 
Pembahasan Soal Fisika Materi Tata Surya
Pembahasan Soal Fisika Materi Tata SuryaPembahasan Soal Fisika Materi Tata Surya
Pembahasan Soal Fisika Materi Tata Surya
 
Guru Efektif
Guru EfektifGuru Efektif
Guru Efektif
 
¿Que es la web 2.0? Concepto y recorrido por aplicaciones practicas.
¿Que es la web 2.0? Concepto y recorrido por aplicaciones practicas.¿Que es la web 2.0? Concepto y recorrido por aplicaciones practicas.
¿Que es la web 2.0? Concepto y recorrido por aplicaciones practicas.
 

Semelhante a Dc 12 Chiueh

Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksKapil Nagrale
 
OPERATING SYSTEM SERVICES, OPERATING SYSTEM STRUCTURES
OPERATING SYSTEM SERVICES, OPERATING SYSTEM STRUCTURESOPERATING SYSTEM SERVICES, OPERATING SYSTEM STRUCTURES
OPERATING SYSTEM SERVICES, OPERATING SYSTEM STRUCTURESpriyasoundar
 
Trap Handling in Linux
Trap Handling in LinuxTrap Handling in Linux
Trap Handling in LinuxYongraeJo
 
W5 system call, DD, OS structure.ppt
W5 system call, DD, OS structure.pptW5 system call, DD, OS structure.ppt
W5 system call, DD, OS structure.pptiqrayounus5
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack webhostingguy
 
SystemCallsAndInvocationMethods_Mayin074.pptx
SystemCallsAndInvocationMethods_Mayin074.pptxSystemCallsAndInvocationMethods_Mayin074.pptx
SystemCallsAndInvocationMethods_Mayin074.pptxBlackGoku18
 
2.Operating System Structures
2.Operating System Structures2.Operating System Structures
2.Operating System StructuresSenthil Kanth
 
Virtual platform
Virtual platformVirtual platform
Virtual platformsean chen
 
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...Area41
 
NNUG Certification Presentation
NNUG Certification PresentationNNUG Certification Presentation
NNUG Certification PresentationNiall Merrigan
 
Real Time Operating System
Real Time Operating SystemReal Time Operating System
Real Time Operating Systemvivek223
 
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Vincenzo Iozzo
 
In C programming please CSCI 4534 Operating Systems Program.pdf
In C programming please CSCI 4534 Operating Systems Program.pdfIn C programming please CSCI 4534 Operating Systems Program.pdf
In C programming please CSCI 4534 Operating Systems Program.pdfankitsrivastava681882
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 

Semelhante a Dc 12 Chiueh (20)

Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
OPERATING SYSTEM SERVICES, OPERATING SYSTEM STRUCTURES
OPERATING SYSTEM SERVICES, OPERATING SYSTEM STRUCTURESOPERATING SYSTEM SERVICES, OPERATING SYSTEM STRUCTURES
OPERATING SYSTEM SERVICES, OPERATING SYSTEM STRUCTURES
 
LINUX Device Drivers
LINUX Device DriversLINUX Device Drivers
LINUX Device Drivers
 
Trap Handling in Linux
Trap Handling in LinuxTrap Handling in Linux
Trap Handling in Linux
 
Software Security
Software SecuritySoftware Security
Software Security
 
W5 system call, DD, OS structure.ppt
W5 system call, DD, OS structure.pptW5 system call, DD, OS structure.ppt
W5 system call, DD, OS structure.ppt
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack
 
SystemCallsAndInvocationMethods_Mayin074.pptx
SystemCallsAndInvocationMethods_Mayin074.pptxSystemCallsAndInvocationMethods_Mayin074.pptx
SystemCallsAndInvocationMethods_Mayin074.pptx
 
2.Operating System Structures
2.Operating System Structures2.Operating System Structures
2.Operating System Structures
 
Virtual platform
Virtual platformVirtual platform
Virtual platform
 
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
 
System Calls
System CallsSystem Calls
System Calls
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723
 
2071
20712071
2071
 
NNUG Certification Presentation
NNUG Certification PresentationNNUG Certification Presentation
NNUG Certification Presentation
 
Procedure
ProcedureProcedure
Procedure
 
Real Time Operating System
Real Time Operating SystemReal Time Operating System
Real Time Operating System
 
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
 
In C programming please CSCI 4534 Operating Systems Program.pdf
In C programming please CSCI 4534 Operating Systems Program.pdfIn C programming please CSCI 4534 Operating Systems Program.pdf
In C programming please CSCI 4534 Operating Systems Program.pdf
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 

Último

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Último (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Dc 12 Chiueh

  • 1. Program semantics-Aware Intrusion Detection Prof. Tzi-cker Chiueh Computer Science Department Stony Brook University [email_address]
  • 2.
  • 3.
  • 4. Stack Overflow Attack main() { input(); } input() { int i = 0;; int userID[5]; while ((scanf(“%d”, &(userID[I]))) != EOF) i ++; } STACK LAYOUT 128 Return address of input() 100 FP  124 Previous FP 120 Local variable i 116 userID[4] 112 userID[3] 108 userID[2] INT 80 104 userID[1] SP  100 userID[0]
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. Performance Overhead CASH BCC 83.77% 2.23% Edge Detection 143.77% 1.47% Matrix Multiply 92.40% 1.61% Gaussian Elimination 72.19% 3.95% 2D FFT 126.38% 3.26% Volume Rendering 120.00% 1.82% SVDPACK
  • 10.
  • 11.
  • 12. Performance Overhead 1.29% Outlook Express 3.44% PowerPoint 1.23% DHCP Server 1.05% BIND Overhead Program
  • 13.
  • 14. RFS Architecture Transparent to protected network file server NFS Client NFS Client NFS Client RFS Protected NFS Server Mirroring NFS Server
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20. PAID Architecture Application Application Compiler System Call Policy System Call Pattern Legitimacy Check User Kernel Compile Time Extraction Run Time Checking
  • 21.
  • 22.
  • 23.
  • 24. Example main() { foo(); foo(); exit (); } foo() { for(….){ sys_foo (); sys_foo (); } } Entry(main) call(foo) return(foo) call(foo) return(foo) Exit() Exit(main) Entry(foo) sys_foo sys_foo Exit(foo)
  • 25.
  • 26.
  • 27.
  • 28.
  • 29. PAID Example main() { foo(); foo(); exit (); } foo() { for(….){ sys_foo (); sys_foo (); } } foo() { for(….){ { int ret; __asm__ (“movl sys_foo_n, %eax” “ int $0x80” “ sys_foo_call_site_1 :” “ movl %eax, ret” … .); } { int ret; __asm__ (“movl sys_foo_n, %eax” “ int $0x80” “ sys_foo_call_site_2 :” “ movl %eax, ret” … .); } } } Entry(main) sys_foo_call_site_1 sys_foo_call_site_2 sys_foo_call_site_1 sys_foo_call_site_2 exit_call_site_1 Exit(main)
  • 30.
  • 31. Ordering Check Only main Buffer Overflow setreuid read open stat write setreuid read open stat write Compromised Call chain Call sequence
  • 32. Ordering and Site Check main Buffer Overflow setreuid read open stat write Compromised Call chain Call sequence int 0x80
  • 33. Ordering, Site and Stack Check (1) main Buffer Overflow setreuid read open stat write Call chain Call sequence int 0x80
  • 34. Ordering, Site and Stack Check (2) main Buffer Overflow exec Call chain Call sequence int 0x80 Stack check passes
  • 35. Random Insertion of Notify Calls Call sequence int 0x80 main Buffer Overflow exec Call chain notify notify Attack failed
  • 36.
  • 37.
  • 38.
  • 39. Vulnerabilities Buffer Overflow Buffer Overflow exec exec notify notify Call chain Call sequence int 0x80 Desired system call follows Immediately Argument replacement
  • 40.
  • 41. Throughput Overhead Apache Qpopper Sendmail Wuftpd PAID PAID/stack PAID/random PAID/stack random 4.89% 5.39% 6.48% 7.09% 5.38% 5.52% 6.03% 6.22% 6.81% 7.73% 9.36% 10.44% 2.23% 2.69% 3.60% 4.38%
  • 42.
  • 43.
  • 44. For more information Project Page: http://www.ecsl.cs.sunysb.edu/PAID Thank You!