What are attacks and defenses on the software?

Software security is heavily dependent on the implementation of the code and memory safety. Attackers exploit software through implementation and memory safety flaws left by the programmer. Memory safety refers to ensuring that attackers cannot read or modify memory locations in the program. Implementation flaws can occur through the use of programming languages like C. Some software vulnerabilities and attacks include the following:

Buffer overflow

Buffer Overflow vulnerability occurs due to a lack of adequate bounds-check for array and pointer accesses and out-of-bounds memory access. An attacker can leverage this vulnerability to corrupt the program’s intended output. An example of a vulnerable code written in the C programming language with which does not have any bound checks is as follows:

char arr [20]; 
int pass = 0; 
void get_input() {
gets(arr);
}

In the example above, the attacker can input 21 bytes of data which will overwrite, and set the pass variable to 1, which will give the attacker access. Elsewhere, the attacker can also insert malicious code to gain access to the entire program.

Stack smashing

In this attack, the attacker forces the stack of the application/OS to overflow. In simple terms, this means putting data into a stack beyond its capacity. This additional data is harmful since the data might be stored in stack variables, such as the function’s return address. When the function returns, the malicious code starts executing, which can corrupt the entire system depending on the attacker’s intent.

Format string

Format string vulnerabilities occur in C due to the absence of format string identifiers in the printf() function. The example below shows code with a format string vulnerability:

int main(int argc, char **argv){
char arr[80];
strcpy(arr, argv[1]);
print(arr);
}

The printf function is missing the “%s” format specifier. This will cause the program to crash/core-dump. In addition, the attacker can also learn the contents of the function’s stack frame, exploit the vulnerability to discover sensitive information, or write any value to the memory’s address.

Integer conversion

The integer conversion vulnerability occurs due to the implicit casting of integers in C. An example of a vulnerable code is as follows:


char arr[20];
int length = get_input();
char *ptr = get_string();
if (len > 20) {
return;}
memcpy(arr, ptr, length);

The attacker can exploit this vulnerability by providing a negative value of the variable, length. C will cast this negative value to an unsigned int, a large positive number. This will overflow the buffer.

Memory safety

The vulnerabilities mentioned above are all examples of memory safety bugs. Other examples include using dangling pointers and double-free bugs. Memory safety exploitations often result in malicious code injection and program crashes.

Defenses

Some defenses against implementation and memory safety bugs include:

  • Secure coding practices.

  • Using type-safe and memory-safe programming languages.

  • Runtime checking for errors and bugs.

  • Static analysis and testing of code.

Free Resources

Copyright ©2024 Educative, Inc. All rights reserved