C-Based Application Exploits and Countermeasures - Yves Younan

The C and C++ programming languages have some serious shortcomings from the point of view of security. Certain kinds of bugs in these languages can have disastrous consequences. Stack- or heap-based buffer overruns, double frees, dangling pointers, race conditions and format-string related vulnerabilities are typical examples of bugs that can make a C/C++ application vulnerable to extremely powerful attacks such as code injection.
In a code injection attack, an attacker succeeds in running code of his choosing on the target machine. This module will discuss the most important types of vulnerabilities, and will demonstrate, by example, how they can be exploited.
Programmers must avoid these vulnerabilities by observing strict coding disciplines to compensate for the freedom offered by the language and execution environment. Recently, improvements to the compiler and run-time environment have aided in mitigating the risk. Desktop operating system vendors have been using these mitigations for a while to make it harder for attackers to exploit these vulnerabilities. However with the growing popularity of mobile apps, these bugs have also gained importance on mobile devices, where these bugs carry over into both the Native Development Kit for Android and Objective C on iPhone. As a result mobile phone vendors have also added several of these mitigations to their operating systems.
An overview of these improvements such as address space randomization and stack canaries is presented. The module also looks at how attackers have developed ways around some of these mitigations.
The following papers are useful for the module:
Y. Younan, W. Joosen and F. Piessens. Code injection in C and C++: A survey of vulnerabilities and Countermeasures
Y. Younan, W. Joosen and F. Piessens, Runtime countermeasures for code injection attacks against C and C++ programs
Ú. Erlingsson, Y. Younan, F. Piessens, Low-level software security by example

Learning objectives

Understand
the risks associated with the use of unsafe programming languages such as C, C++ and Objective C
common vulnerabilities such as buffer overflows, use after free vulnerabilities and integer errors
common attack techniques such as return address clobbering and indirect pointer overwriting
common defense techniques such as stack canaries, address space layout randomization and other techniques

This is a recording of a lecture by Yves Younan at SecAppDev Leuven 2013.

Yves Younan is a Senior Research Engineer in the Vulnerability Research Team (VRT) at Sourcefire where he works on vulnerabilities and mitigations. Prior to joining Sourcefire, he worked as a Security Researcher with BlackBerry Security at Research In Motion. Before joining RIM, he was an academic, founding the Native Code Security group within the DistriNet research group at the KU Leuven in Belgium. He received a Master's degree in Computer Science from the Vrije Universiteit Brussel (VUB) and a PhD in Engineering: Computer Science from KU Leuven. His PhD focused on building efficient mitigations against vulnerability exploitation, several practical mitigations were published and presented at international conferences.