DOC PREVIEW
UMD CMSC 433 - Homework #4

This preview shows page 1-2-3-20-21-22-41-42-43 out of 43 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 43 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 43 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 43 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 43 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 43 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 43 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 43 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 43 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 43 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 43 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

CMSC 433Homework 4• write test cases for BoundedAtomicQueue, using MultithreadedTC• Should be atomic, fair, and the correct size• You are given a correct implementation, and 4 broken implementations• Write test cases that distinguish them• Everything open, no release tests– this is a homework, not a project• Due Friday Nov 16th2Missing office hours• I’m going to miss almost of my office hours over through Nov 16th– various meetings, workshops and trips• Schedule for coming days– Monday, Nov 12th noon-2pm– Tuesday, Nov 13th 10:45 - noon– Thursday, Nov 15th, noon-1:30pm3Upcoming stuff• WebGoat security homework• Distributed programming– Map/Reduce and Hadoop–4Timing notes• Turns out, OSX is way better than most other operating systems by default• On OSX (as least on Leopard), Java Thread.sleep resolution is 1 millisecond• On many other platforms, it is 10 milliseconds or 16 milliseconds• Had to adjust tests cases to fit• Project 4 56Software SecurityCMSC 433Bill Pugh7Software Security• Making sure that if your software is misused, it doesn’t do any of the vast number of things you didn’t intend for the software to do8On trusting trust• You can hide a trojan horse in a compiler– or in the operating system9Compiler• Code generateCode(AST method) { if (method.getName() .equals(“authenticateLogin)) { return ... code with trap door ...; .. generate code normally10Slightly cool, but not very interesting• Get spotted in a code audit11CompilerCode generateCode(AST method) { if (method.getName() .equals(“authenticateLogin”)) { return .. code with trap door.. } if (method.getName() .equals(“generateCode”)) { return ... code with special code gen ...; } .. generate code normally}12Trusted code base• Trusted code base is the code that, if compromised, causes all of your security to fail• Typically, includes all your software, your compiler, your operating system, ...• Feeling comfy?13Software defects• Traditional approach to correctness– define precondition– show that if precondition satisfied, output satisfied postcondition• Didn’t examine what happened if input didn’t satisfy precondition14#1 source of security defects• Untrusted, unverified and unexpected input leading to a program doing something completely unexpected– unexpected by developer– intended by attacker• of all the untrusted input problems, # 1 is buffer overruns in C/C++.15Buffer overflows• In C, arrays are just locations in memory• if you write past the allocated end of the array, you write into something else• possibly other variables, return address• can both rewrite return address and deliver payload• http://insecure.org/stf/smashstack.html16Stack layoutint main(int argc, char *argv[]) { int value; char buf1[80]; … }argvargcreturn addressframe pointerbuf1value17gets() is evil• Impossible to use gets() correctlychar buf[20];gets(buf);18C String functionschar buf[20];char * prefix = “http://”;strcpy(buf,prefix);strncat(buf, path, sizeof(buf));19C String functionschar buf[20];char * prefix = “http://”;strcpy(buf,prefix);strncat(buf, path, sizeof(buf) - strlen(buf));20sprintf• char buf[80];sprintf(buf, “%s - %d\n”, path, errno);21safe copy#define MAX_BUF 256void doStuff(char * in) {short len;char buf[MAX_BUF];len = strlen(in);if (len > MAX_BUF) return;strcpy(buf, in);.. do stuff with buf ...}22Huh…?• C doesn't seem to give any warnings when invoking a function that returns an unsigned long long• and assign the result to something smaller– like a signed short or a char• Even with -Wall and -pendantic-errors23Format String• Using untrusted/unchecked string as a format string– printf(s); // just print s, no formatting needed• what if s is “%d”– it prints the value of a value on the stack24The little known %n• One of the least known and most dangerous format specified– %n expects the corresponding parameter to be the address of an int value– writes the number of characters written so far into that address• sprintf(buf, “%d%n”, x, &y)– stores into y the number of characters needed to represent x25Now we have a way to update memory• Some hackers are very clever• Figured out how to turn several instances of this into an exploit– force a program to execute an arbitary payload26References•Newsham, Tim. Format String Attacks.– http://muse.linuxmafia.org/lost+found/format-string-attacks.pdf•scut. Exploiting Format String Vulnerabilities.– http://julianor.tripod.com/teso-fs1-1.pdf27Integer overflows• In C/C++/Java, no warnings or exceptions if an integer value overflows the range of values it can hold• In C (and C++), no warnings when an assignment of a integer value involves two incompatible ranges– e.g., stores an unsigned long in an int28Integer overflows, continued• Even if you are careful, and check to see if x+y > max– if x+y overflows, you won’t catch it.29Insecure Randomness• In Java 1.4 and earlier, new Random uses currentTimeMillis() as a seed• Imagine an on-line Texas hold’em poker game– assume you have access to a copy of the implementation• You see your hole cards and the communal cards–Can check: would Random(1165336371231) have generated those cards?30How fast can you check?• Takes less than 2 seconds to check 3,600,000 possibilities• handles any Random() created in the last hour31Actual exploit• There was an actual exploit for this– developed by a white hat team– http://seclists.org/bugtraq/1999/Sep/0102.html• Poker implemented in Delphi Pascal– 32 bit random number generator• only 2^32 possible decks, much less than the 52! decks that should be possible– Checked 200,000 possible seeds– Required 3 community cards (the first flop)32Solution?• In Java 5 and above, new Random() uses System.nanoTime– nanoTime often has only microsecond resolution– In 2 seconds, can check 4 seconds worth of possible seeds, assuming microsecond resolution.• using one processor33SecureRandom• java.security.SecureRandom– been around since at least Java 1.2• Uses secure seed and secure random number generator– as secure as we know how to generate34SQL InjectionResultSet getEmployees(String data) { Statement stmt = connection.createStatement(); stmt.execute( “select * from employees where id = “ + data); return statement.getResultSet();}35where does data come from?•


View Full Document

UMD CMSC 433 - Homework #4

Documents in this Course
Trace 1

Trace 1

62 pages

Reflection

Reflection

137 pages

Testing

Testing

25 pages

Paradigms

Paradigms

10 pages

Testing

Testing

17 pages

Java RMI

Java RMI

17 pages

Java RMI

Java RMI

17 pages

Java RMI

Java RMI

17 pages

Trace 1

Trace 1

46 pages

Jini

Jini

4 pages

Final

Final

15 pages

Java RMI

Java RMI

13 pages

Testing

Testing

16 pages

Load more
Download Homework #4
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Homework #4 and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Homework #4 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?