Application program security
Download
1 / 7

Application Program Security - PowerPoint PPT Presentation


  • 89 Views
  • Uploaded on

Application Program Security. DLL Injection. Dynamic Link Library Replace a dll with attack code. Tripwire. File integrity manager Hash all system file and store these hashes in a secure database. Hashes need to be recomputed when system is updated.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Application Program Security' - kim


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Dll injection
DLL Injection

  • Dynamic Link Library

    • Replace a dll with attack code


Tripwire
Tripwire

  • File integrity manager

  • Hash all system file and store these hashes in a secure database.

  • Hashes need to be recomputed when system is updated.

  • Check the hash of all system files. If any do not match, you have a trojan horse.


Integer overflow
Integer Overflow

  • Werner & Frank, “What Dick and Jane Don’t Know About Integers”, Information Systems Education Journal, 2008.


Code fragment 3 3
Code Fragment 3.3

unsigned char connections = 0;

//insert network code

//

connections++;

if(connections < 5)

grant_acccess();

else

deny_access();


Race condition
Race Condition

  • Time of Check/Time of Use Problem

    • (TOCTOU)

  • Pointer to my file

  • Check it

  • Pointer to password file


Code fragment 3 11
Code Fragment 3.11

if(access(argv[1], R_OK) != 0) {

printf(“Cannot access file.\n”);

exit(1);

}

file = open(argv[1], O_RDONLY);


ad