To view a recording of this session Get Adobe Flash player

Dr. Yves YounanYves Younan

Yves Younan is a Senior Research Engineer in the Vulnerability Research Team (VRT) at Sourcefire where he works on vulnerabilities and mitigations. Prior to joining Sourcefire, he worked as a Security Researcher with BlackBerry Security at Research In Motion. Before joining RIM, he was an academic, founding the Native Code Security group within the DistriNet research group at the KU Leuven in Belgium.  He received a Master's degree in Computer Science from the Vrije Universiteit Brussel (VUB) and a PhD in Engineering: Computer Science from KU Leuven. His PhD focused on building efficient mitigations against vulnerability exploitation, several practical mitigations were published and presented at international conferences.

 


 description

C and C++ vulnerabilities, exploits and countermeasures

Learning objectives

Understand

  • the risks associated with the use of unsafe programming languages such as C and C++
  • common vulnerabilities such as buffer overflows, use after free vulnerabilities and integer errors
  • common attack techniques such as return address clobbering and indirect pointer overwriting
  • common defense techniques such as stack canaries, address space layout randomization and other techniques

Overview

The C and C++ programming languages have some serious shortcomings from the point of view of security. Certain kinds of bugs in these languages can have disastrous consequences. Stack- or heap-based buffer overruns, double frees, dangling pointers, race conditions and format-string related vulnerabilities are typical examples of bugs that can make a C/C++ application vulnerable to extremely powerful attacks such as code injection.

In a code injection attack, an attacker succeeds in running code of his choosing on the target machine. This module will discuss the most important types of vulnerabilities, and will demonstrate, by example, how they can be exploited.

Programmers must avoid these vulnerabilities by observing strict coding disciplines to compensate for the freedom offered by the language and execution environment. Recently, improvements to the compiler and run-time environment have aided in mitigating the risk. An overview of such recent infrastructural improvements such as address space randomization and stack canaries is presented. The module also looks at how attackers have developed ways around some of these techniques.

The following papers are useful for the module:

  • Y. Younan, W. Joosen and F. Piessens. Code injection in C and C++: A survey of vulnerabilities and Countermeasures
  • Y. Younan. Efficient countermeasures for software vulnerabilities due to memory management errors
  • Ú. Erlingsson, Y. Younan, F. Piessens, Low-level software security by example

Partners:

Solvay Brussels School of Economics and Management Katholieke Universiteit Leuven

Affiliated organizations:

OWASP NESSoS STREWS
Creative Commons

Contents of the secappdev.org website are licensed under a Creative Commons Attribution-NonCommercial 3.0 License.