Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

EPFL Software Security > Attack Vectors > Flashcards

Attack Vectors Flashcards

1
Q

Kinds of Attacker Goals

A
  • Denial of Service
  • Leak information
  • Code execution
    -> extend intended application functionality to execute arbitrary code instead
    -> can be achieved by injecting new code or repurposing existing code through different means
  • Privilege escalation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Software Attack Types

A
  • Code Execution:
    -> Control-Flow Hijacking: redirect control-flow
    -> Code Injection: Inject new code into the process
    -> Code Reuse: Reuse existing code in the process
  • Data Corruption: Corrupt sensitive (privileged) data
  • Information Leak: Output sensitive data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Attack Type: Code Execution

A
  • Code execution requires control over control flow
    1. Attacker must overwrite a code pointer
    -> RIP on the stack
    -> Function pointer
    -> Virtual table pointer
    2. Force program to dereference corrupted code pointer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Attack Type: Code Execution - Hijacking Control-Flow

A
  • CFH is an attack primitive that allows the adversary to redirect flow to locations that would not be reached in a benign execution
  • CFH requires:
    -> Knowledge of the location of the code pointer
    -> Knowledge of the code target
    -> Existing code and control-flow must use the compromised pointer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Attack Type: Code Execution - Code Corruption

A
  • The attacker locates existing code and modifies it to execute the attacker’s computation
  • Code corruption requires:
    -> Knowledge of the code location
    -> Area must be writable
    -> Program must execute that code on benign code path
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Attack Type: Code Execution - Code Injection

A
  • Instead of modifying/overwriting existing code, inject new code into the address space of the process
  • Code injection requires:
    -> Knowledge of the location of a writable memory area
    -> Memory area must be executable
    -> Control-flow must be hijacked/redirected to injected code
    -> Construction of shellcode
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Attack Type: Code Execution - Code Reuse

A
  • Instead of injecting code, reuse existing code of the program. The main idea is to stitch together existing code snippets to execute new arbitrary behavior
  • Code reuse requires:
    -> Knowledge of a writable memory area that contains invocation frames (gadget address and state such as register values)
    -> Knowledge of executable code snippets (gadgets)
    -> Control-flow must be hijacked/redirected to prepared invocation frames
    -> Construction of ROP payload (Return-Oriented Programming)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

EPFL Software Security (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions