DSCI 525 Heartbleed attack


Assignment 3
Objective
The objective of this assignment is to provide you the opportunity to apply secure software
development concepts studied in class.
Task 1 (50 points)
Answer the following questions.
1. The following program is vulnerable to a buffer overflow (assuming the absence of automated
defenses like ASLR, etc.).
a. What is the name of the buffer that can be overflowed?
b. What line of code can overflow the vulnerable buffer?
c. Recall the vulnerable overflow from the previous two questions. We can change one line of
code and make the buffer overrun go away. Which one-line change will eliminate the
vulnerability?
d. Which of the attacks that we studied do you think the program is susceptible to?
e. If we changed printf("%s",buf) to printf(buf) then the program would be
vulnerable to what sort of attack?
2. Recall Heartbleed attack.
a. What type of exploitation of the Heartbleed bug permits?
b. Why is it that anti-virus scanners would not have found an exploitation of Heartbleed?
3. Consider the following code:
char *foo(char *buf) {
 char *x = buf +s trlen(buf);
 char *y = buf;
 while (y != x) {
 if (*y == 'r')
 break;
 y++;
 }
 return y;
 }
 void bar() {
 char input[10] = "test123";
 foo(input);
 }
The definition of spatial safety models pointers as capabilities, which are triples (p,b,e) where
p is the pointer, b is the base of the memory region the pointer is allowed to access, and e is
the extent of that region. Assuming characters are 1 byte in size, what is a triple (p,b,e) for the
variable y when it is returned at the end of the code?
4. In a return-oriented program (ROP), what is the role of the stack pointer?
5. A colleague proposes using a heap allocator that randomizes the addresses of allocated objects.
What is the impact of this  写DSCI 525 Heartbleed attackdesign on security and performance?
6. Recall that classic enforcement of CFI requires adding labels prior to branch targets, and adding
code prior to the branch that checks the label to see if it's the one that is expected. Now consider
the following program:
To ensure that the instrumented program runs correctly when not being attacked, which of the
following functions would have to be given the same label?
7. Suppose you design software for a bank and the bank's customers may remotely log into its site
using commodity PCs. Which threat model (network-only, snooping, co-located) makes the most
sense for you to consider, when designing the bank's site? Briefly explain.
8. Suppose that x and y in the following program are symbolic. When the symbolic executor
reaches the line that prints "Hi" what will the path condition be?
/* assume x and y are both symbolic */
void foo(int x, int y) {
 if (x > 5)
 if (y > 7) {
 printf("here\n");
 } else {
 if (x < 20)
printf("Hi\n");
 else
printf("Bye\n");
 }
}
9. Suppose that x in the following program is symbolic. When the symbolic executor reaches the
line that prints "now" what will the path condition be?
void bar(int x) {
 int z;
 if (x > 5)
 z = 5;
 else
 z = 1;
 if (z > 3)
 printf("now\n");
}
10. Which of the following styles of fuzzer is more likely to explore paths covering every line of
code in the following program?
• Black Box
• Grammar based
• White Box
Task 2 (50 points)
Research the design of the Google Fuchsia OS (please do more than just reading Wikipedia). The code is
available here: https://fuchsia.googlesource.com.
Describe the techniques (studied in class and those that were not discussed in class) that this new OS uses
for security. For this task write a 3-page report. Include your references.
Deliverable and Grading
Upload your written report to D2L “Homework3” folder. For task1, each question is worth 5 points.
WX:codinghelp

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值