 Week: Fourth

 Topic: Common vulnerabilities in computer programs

 Sub Topics: Buffer overflow, time-of-check
to time-of-use flow, incomplete mediation.
 Activities: Browse literature, security
articles, collect technical papers, tutorials,
discussions and assessments
Buffer overflow
 A buffer overflow occurs when a program or
process tries to store more data in a buffer
(temporary data storage area) than it was
intended to hold.
 Since buffers are created to contain a finite
amount of data, the extra information - which has
to go somewhere - can overflow into adjacent
buffers, corrupting or overwriting the valid data
held in them.
 buffer overflow is an increasingly common type of
security attack on data integrity.
 Although this may occur accidentally through
programming error,
 In buffer overflow attacks, the extra
data may contain codes designed to
trigger specific actions, in effect sending
new instructions to the attacked
computer that could.
 Eg; damage the user's files, change data, or
disclose confidential information.
 Buffer overflow attacks are said to have
arisen because several programming
language supplied the framework, and
poor programming practices supplied the
vulnerability. Eg: C, C++
TOCTTOU
 TOCTTOU - pronounced as TOCK-too
 This is a file-based race condition that occurs
when a resource is checked for a particular value,
such as whether a file exists or not, and that value
then changes before the resource is used,
invalidating the results of the check.
 Errors can occur when the status changes
unexpectedly, either maliciously or unintentionally,
between a check and a subsequent operation.
 A TOCTTOU attack exploiting such conditions
can lead to privilege escalation, allowing
unauthorized access to resources, such as read
and write access, as well as avoiding log and audit
controls.
TOCTTOU
 This sort of attack is difficult to detect. It
requires not only looking for evidence, but
also determining whether it could be caused
by TOCTOU.
 TOCTTOU race conditions are most
common in Unix file systems, but all systems
are vulnerable.
 There are simpler forms of TOCTTOU
though, such as a Web administrator locking
a page to prevent editing after a user has
already begun editing it. The edits will be
accepted unless the application rechecks the
status of the page.
More info: http://static.usenix.org/event/fast05/tech/full_papers/wei/wei_html/
“time-of-check to time-of-use flow state is
concerned as a major vulnerability of computer
programs”. Explain the meaning of this statement
“time-of-check to time-of-use flow state is
concerned as a major vulnerability of computer
programs”. Explain the meaning of this statement
 The software program checks the state of a
resource before using that resource, but the
resource's state can change between the check
and the use in a way that invalidates the results of
the check. This can cause the software to perform
invalid actions when the resource is in an
unexpected state.
 This weakness can be security-relevant when an
attacker can influence the state of the resource
between check and use. This can happen with
shared resources such as files, memory, or even
variables in multithreaded programs.
Incomplete mediation
 Mediation means checking: the process of intervening
to confirm an actor’s authorization before it takes an
intended action.
 Mediation implements the access control triple that
describes what subject can perform what operation
on what object.
 Incomplete mediation is a security problem that has
been with us for decades: Forgetting to ask “Who
goes there?” before allowing the knight across the
castle drawbridge is just asking for trouble.
 In the same way, attackers are exploiting incomplete
mediation to cause security problems.
 Verifying that the subject is authorized to perform
the operation on an object is called mediation

http://www.informit.com/articles/article.aspx?p=31782&seqNum=2