Question: Problem 6 Defensive Programming a) Explain how a function's return address which is saved on the memory can be overwritten/modified in a stack buffer overflow

Problem 6 Defensive Programming a) Explain how a function's return address

Problem 6 Defensive Programming a) Explain how a function's return address which is saved on the memory can be overwritten/modified in a stack buffer overflow attack. How could this be utilized by a hacker to run his desired program? b) In defensive programming, an important rule is not to assume anything of the future usage of your program. Incorrect handling of program input is one of the most common failings in software security. List two concerns for any input of which invalid handling will lead to security problems. c) Explain how the least previlege principle can be applied in defensive programming

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

I need a solution ASAP please Problem 1: Control hijacking A proposal for preventing stack buffer overflow attacks is based on making a backup copy of the return address when a function starts. The...

Q:

Sample Code to Change: #include #include #include int main(void){ //Useastruct to force local variable memory ordering struct { char buff[5]; char pass; } localinfo; localinfo.pass =0; printf(" Enter...

Q:

6. Secure Programming. StackGuard is a compiler-based technique for defending against stack-based buffer overflows. It detects memory corruption using a canary, a known value stored in each...

Q:

Exercise: Buffer Overflow (85 points) The Buffer Overflow vulnerability has been discovered as early as 1972, and has long been among the most critical application security flaws. It is still very...

Q:

There are two problems due this week (each worth 35 points) as follows. Case 5-1David L. Miller: Portrait of a White-Collar Criminal (page 144). In comprehensive paragraphs, answerrequirements 1?6....

Q:

Stack buffer overflow (25 points) a. (15 points) Memory Architecture. Describe the stack in the address space of the VM, in generalities. Specifically, address where in memory the stack would be...

Q:

1) Stack buffer overflow (25 points) a. (15 points) Memory Architecture. Describe the stack in the address space of the VM, in generalities. Specifically, address where in memory the stack would be...

Q:

Stack buffer overflow Memory Architecture. Describe the stack in the address space of the VM, in generalities. Specifically, address where in memory the stack would be located, what the stack...

Q:

a. Memory Architecture. Describe the stack in the address space of the VM, in generalities. Specifically, address where in memory the stack would be located, what the stack structure looks like when...

Q:

The C programs ( given below ) should be compiled and executed in a Linux environment. In addition, 3 2 - bit binaries can be used and turn off the stack protections. Note that, although you can use...

Q:

A revenue department is under orders to reduce the time small business owners spend filling out pension form ABC-5500. Previously the average time spent on the form was 5.7 hours. In order to test...

Q:

A gas chromatography was used for separating a mixture that contained 3 hydrocarbons (ortho-xylene, meta-xylene, and para-xylene). Internal diameter of the column was 3.9 mm and the length was 3.6 m....

Q:

You have been asked to develop a pro forma statement of cash flow for a plaza. The information given to you is listed below. ( Please treat the CAPEX above the line ) . Property Information:...

Q:

Compared with half a century ago, adoption has become _ _ _ _ _ _ _ _ _ common, but it is more open and acceptabl e , so we probably discuss it _ _ _ _ _ _ _ . fill in the blanks more or much less or...

Q:

7. Calculate the ROI by dividing benefits (operational results) by costs. The ROI gives an estimate of the dollar return expected from each dollar invested in training.

Q:

5. Determine the training costs (direct costs indirect costs development costs overhead costs compensation for trainees).

Q:

1. What can be done to motivate companies to evaluate training programs?