Question: Review materials: 1. What is a buffer? 2. How can you tell whether a buffer is in the Stack or in the Heap? 3. Buffer

Review materials: 1. What is a buffer? 2. How can you

Review materials: 1. What is a buffer? 2. How can you tell whether a buffer is in the Stack or in the Heap? 3. Buffer overflow is possible in which programming language? 4. Which worm(s) exploited buffer overflow vulnerability? 5. What are the four segments in the memory of an executable, what are stored in each segment, and what are the access rights (i.e., Read/Write/Execute) of each segment? 6. Is the following program vulnerable to buffer overflow? If yes, then explain why is it vulnerable, and how an attacker can exploit the overflow to gain access as root without knowing his password? (See the program in Slide 15, Lecture 2) 7. Show the stack content and CPU registers after function prolog of my_function. (slide 27. Lecture 2). 8. Explain the steps of the function epilog of my function. (slide 27, Lecture 2). 9. What are the two goals of an attacker for performing a code injection attack and how they can be achieved? 10. Given the following program (Slide 39, Lecture 2), show how an attacker can exploit it buffer overflow vulnerability using code injection attack. Show a sample attack input and explain how it is used to achieve the two goals. (answer follows in the slide 40, Lecture 2). 11. What are the three challenges for the attacker? How the third challenge is addressed? 12. What are the two solutions to address the first two challenges. Show with an example. 13. Explain how canary guard solution works? Do you think there is any weakness in the solution? 14. What are the three compiler enhancements? How each of them work? 15. What are the three OS enhancements? How each of them work? 16. What is the Return to libc attack and how ASLR solves it? 17. Give a few examples of secure coding practices to prevent buffer overflow. 18. How is memory allocated in Heap? Why must we free the memory (and how) when we no longer need it? 19. What are the two possible damages due to heap overflow? 20. Given the program (slide 5, Lecture 3), explain why it is vulnerable to heap overflow and why the output is showing buffer 1 and buffer 2 like the ones in slide 7 when a big input is given. Which of the two damages (question 19 ) is done due to this overflow

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

computer security course, please I need help it due 3 hours. 1 Lab Overview The learning objective of this lab is for students to gain the first-hand experience on buffer-overflow vulner- ability by...

Q:

Provide a summary technical report with your own words about Pipelined Execution which is also named as Instruction Level Parallelism, addressing mainly the following areas: 1. What is Pipelined...

Q:

select all applicable. 1. Which of the following types of locations in a process address space where buffer overflow can occur? a) Stack b) Heap c) Code 2. Which of the following are defenses against...

Q:

Please write in CPP language. 1. Overview The first project is going to be a MIPS simulator. In general, you will be building a program that simulates the execution of an assembly language file. The...

Q:

Module 9 Assignment: TOC Answer all the questions and submit your answer report to Module 9 Assignment in Dropbox by the deadline . The report should be typed, single spaced, in one MS Word file. You...

Q:

Lecture Notes DL MGT 5100 - Distribution Management Spring 2017 1.0. Day one, Monday, Monday, 9 Jan 17 1.1. Reading Assignments: Chapters 1 and 2 1.1.1. I intend to follow the book so as to provide a...

Q:

Lecture Notes DL MGT 5100 - Distribution Management Spring 2017 1.0. Day one, Monday, Monday, 9 Jan 17 1.1. Reading Assignments: Chapters 1 and 2 1.1.1. I intend to follow the book so as to provide a...

Q:

Lecture Notes DL MGT 5100 - Distribution Management Spring 2017 1.0. Day one, Monday, Monday, 9 Jan 17 1.1. Reading Assignments: Chapters 1 and 2 1.1.1. I intend to follow the book so as to provide a...

Q:

CERTIFICATE IV IN FINANCE AND MORTGAGE BROKING - FN540820 Page 1 UNIT 3 - COMPLY WITH FINANCIAL SERVICES REGULATION AND INDUSTRY CODES OF PRACTICE Unit Code: FNSFMK515 This unit describes the skills...

Q:

3 COLLEGE ALGEBRA - TRIGONOMETRY Business and Finance (MAT115) This course will start with a review of basic algebra (factoring, solving linear equations, and equalities, etc.) and proceed to a study...

Q:

A 350 pound man interviewed for a job as a Sales Counselor for a weight loss center. He was told by the interviewer that he was the most qualified applicant, but that the regional manager had...

Q:

Q3. A project has the following cash flow with a discount rate of 12%: Annual cash flows: Year 0 $ -520,000 Year1 $170,000 year2 $ 210,000 year3 $ 225,000 Year4 $ 195,000 $520,000 is used in...

Q:

Compute the FUTA and SUTA taxes for both the employer and employee in the scenario below. Carter has worked for Pennsylvania Rugby Den for over 5 years and earns \ ( \ $ 9 0 6 . 5 2 \ ) per week....

Q:

Question 8 ( 8 points ) Abbie and Avery are married. They own 3 houses. They use one as their primary residence and use the other two as vacation homes. Each house a mortgage. The mortgage on their...

Q:

If you were going to use technology to identify training needs for customer service representatives for an e-commerce clothing company, what steps would you take to ensure that the technology was not...

Q:

Explain digital learning. How can it benefit companies? Employees? What are some of its potential limitations?

Q:

3. As the HR manager, you have heard rumors about potential efforts to unionize your warehouse employees. Use the Employment Law Information Network (www.elinfonet.com/human-resources/...