7COM1028 Secure Systems Programming Practical Coursework Assignment

Verified

Added on  2023/02/01

|9
|2871
|70
Homework Assignment
AI Summary
This assignment solution addresses several aspects of secure systems programming based on the coursework brief from the University of Hertfordshire's 7COM1028 module. The solution begins by identifying and correcting buffer length checking errors in a C program that concatenates strings, addressing vulnerabilities in lines of code that could lead to buffer overflows. It then provides a C program to calculate an average of numbers entered by the user, demonstrating basic input validation and arithmetic operations. The solution also delves into heap overflow vulnerabilities, explaining how an attacker could exploit a program to overwrite the heap and execute arbitrary code, including a detailed analysis of how glibc's malloc can be manipulated. Furthermore, the assignment discusses general security measures to prevent user picture attacks and outlines the principles of symmetric key encryption, digital signatures, and man-in-the-middle attacks. It also explores integer variable declarations, memory leak prevention, and common C coding pitfalls, and discusses the importance of software updates, risk modeling, and data flow diagrams (DFDs) in enhancing system security. Overall, the document offers a practical examination of secure coding practices and security vulnerabilities, providing insights for students in computer science.
tabler-icon-diamond-filled.svg

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
1.
Line Number : 2, 3, 4, 8 causing buffer length checking error.
Fixed Program -
#include <stdio.h>
#include <stdlib.h>
#include <conio.h>
#include <string.h>
int main( void ) {
int YourNumber=0;
YourNumber = 17062267 % 1024;
char in1[YourNumber];
char in2[YourNumber];
char out[2*YourNumber-1];
printf("enter your string");
gets(in1);
printf("enter your string");
gets(in2);
strcpy(out,in1);
int index = strlen(in1);
while(index < 2*YourNumber-1) {
out[index] = in2[index-strlen(in1)];
index = index + 1;
}
printf("Output %s", out);
return 0;
}
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
2.
#include <stdio.h>
#include <stdlib.h>
#include <conio.h>
#include <string.h>
int main( void ) {
int YourNumber=0,num,c=0,number=0;
YourNumber = 17062267 % 1024;
printf("YOUR NUMBER IS %d " ,YourNumber);
do{
printf("Please enter number less than YOUR NUMBER");
scanf("%d", &num);
number = number + num;
c++;
}
while(num > -1);
int average = number/c;
printf("Your Average is %d",average);
return 0;
}
3.
Line [3] of the given program results in heap overflow. Client input 'argv[1]' is replicated to stack cushion
'first' with no size limitation. Henceforth when the client input is more prominent than 666 bytes, its
limited to overwrite lump header of the following piece. This flood prompts subjective code execution.
Document Page
The principle thought of this method is to trap 'glibc malloc' to unlink the 'second' lump. While unlinking
GOT section of free would get overwritten with shellcode address. After effective overwrite, presently
when free is called by helpless program at line [5], shellcode would get executed.
Without aggressor impact, free at line [4] does the following : For non maped lumps, combine in reverse
as well as forward. Find if past piece is free – Previous lump is free, if current liberated lump's
PREV_INUSE (P) bit is disconnected. In any case, for our situation, past lump is assigned since 'first"s
PREV_INUSE bit is set, of course piece past to the absolute first piece of pile memory is distributed
(eventhough it doesnt exists).
Assuming free, unlink (expel) the past piece from its binlist, add past lump size to current size and
change the lump pointer to point to past piece. Be that as it may, for our situation past lump is
distributed, henceforth unlink isnt summoned. Subsequently at present liberated lump 'first' cannot be
merged in reverse. Find if next piece is free – Next lump is free, if by next piece's (from as of now
liberated lump) PREV_INUSE (P) bit is disconnected. To explore to by next lump, add at present liberated
piece's size to its lump pointer, at that point add next lump's size to next lump pointer. For our situation
alongside next piece to as of now liberated 'first' lump is top lump and its PREV_INUSE bit is set.
Therefore next lump 'second' piece isn't free.
Assuming free, merge unlink (expel) the following piece from its binlist and add next lump size to current
size. Yet, for our situation next lump is assigned, consequently unlink isnt summoned. In this manner as
of now liberated piece 'first' cannot be combined forward.
Presently add the solidified piece to unsorted receptacle. For our situation since no union occurs, simply
include the 'primary' lump to unsorted container.
Presently lets state attacker at line [3] overwrites the piece header of 'second' lump as pursues:
prev_size = even number and hence PREV_INUSE bit is unset.
size = -4
fd = free address – 12
bk = shellcode address
With attacker influence, free at line [4] does the following:
For non mmaped chunks, consolidate backward and/or forward.
Duplicate 'second' piece's fd and bk esteems to factors FD and BK, separately. For our situation FD = free
location - 12 and BK = shellcode address (As a feature of heap, assailant puts his shellcode inside 'first'
stack support).
Estimation of BK is duplicated to an area at counterbalance 12 from FD. For our situation adding 12
bytes to FD, focuses to GOT section of free and subsequently now GOT passage of free is overwritten
with shellcode address. Bingo!! Presently on at whatever point free is conjured, shellcode gets
executed!! Consequently executing line [5] in powerless program results in shellcode execution.
Document Page
Presently add the solidified piece to unsorted receptacle.
Double free: Freeing a chunk which is already in free state is prohibited. When attacker overwrites
‘second’ chunk’s size with -4, its PREV_INUSE bit is unset which means ‘first’ is already in free state.
Hence ‘glibc malloc’ throws up double free error.
if (__glibc_unlikely (!prev_inuse(nextchunk)))
{
errstr = "double free or corruption (!prev)";
goto errout;
}
Invalid next size: Next chunk size should lie between 8 bytes to arena’s total system memory. When
attacker overwrites ‘second’ chunk’s size with -4, ‘glibc malloc’ throws up invalid next size error.
if (__builtin_expect (nextchunk->size <= 2 * SIZE_SZ, 0)
|| __builtin_expect (nextsize >= av->system_mem, 0))
{
errstr = "free(): invalid next size (normal)";
goto errout;
}
Courrupted Double Linked list: Previous chunk’s fd and next chunk’s bk should point to currently
unlinked chunk. When attacker overwrites fd and bk with free -12 and shellcode address, respectively,
free and shellcode address + 8 doesnt point to currently unlinked chunk (‘second’). Hence ‘glibc malloc’
throws up corrupted double linked list error.
if (__builtin_expect (FD->bk != P || BK->fd != P, 0))
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
malloc_printerr (check_action, "corrupted double-linked list", P);
4.
There is no single innovation or setup to anticipate all user picture assaults. By and large, encryption and
advanced declarations give a powerful shield against user picture assaults, guaranteeing both the
privacy and honesty of interchanges. In any case, a man-in-the-center assault can be infused into the
center of interchanges so that encryption won't help — for instance, assailant "A" blocks open key of
individual "P" and substitute it with his very own open key. At that point, anybody needing to send an
encoded message to P utilizing P's open key is unwittingly utilizing an open key. Hence, A can peruse the
message expected for P and afterward send the message to P, encoded in P's genuine open key, and P
will never see that the message was undermined. The standard definition alludes to a program or some
code that exploits a security opening (for example a defenselessness) in an application or framework,
with the goal that an aggressor can utilize it for their advantage.
P2 creates a symmetric key and encrypts it with P’s public key.
P2 sends the encrypted symmetric key to P.
P2 computes a hash function of the message and digitally signs it.
P2 encrypts his message and the message’s signed hash using the symmetric key and sends the entire
thing to P.
P is able to receive the symmetric key from P2 because only he has the private key to decrypt the
encryption.
P, and only P, can decrypt the symmetrically encrypted message and signed hash because he has the
symmetric key.
He is able to verify that the message has not been altered because he can compute the hash of received
message and compare it with digitally signed one.
P is also able to prove to himself that P2 was the sender because only P2 can sign the hash so that it is
verified with P2 public key.
5.
a) Software engineers can permit irregularities in their code by not following increasingly secure C
coding parctices while they are pronouncing whole number factors, utilizing the proclaimed number
factors, and explicitly while they are performing math tasks on whole numbers. We examined the
proclaimed sorts of every single neighborhood variable and formal parameters. We decided the
pronounced sort of a variable, checked on the off chance that it is utilized as another kind (hidden type)
in significant settings, and detailed irregularities. We considered the accompanying three use settings as
significant settings:
(1) when a variable is utilized on the left hand side of a task articulation,
(2) when the variable is utilized as a real parameter in a predefined set of basic capacity calls (e.g.,
memcpy),
Document Page
(3) when the variable is utilized as the list of an exhibit get to.
Memory leak happens when developers make a memory in pile and neglect to erase it. Memory spills
are especially major issues for projects like daemons and servers which by definition never end.
Composing secure applications in C can be troublesome in view of a few natural parts of the language.
For instance, C does not keep the software engineer from composing outside an exhibit's limits. This can
result in adulterated memory and present potential security dangers. What's more, the ill-advised
utilization of pointers is frequently at the base of numerous security issues.
filter_none
edit
play_arrow
brightness_4
/* Function with memory leak */
#include <stdlib.h>
void f()
{
int *ptr = (int *) malloc(sizeof(int));
/* Do some work */
return; /* Return without freeing ptr*/
}
To avoid memory leaks, memory allocated on heap should always be freed when no longer needed.
filter_none
edit
play_arrow
Document Page
brightness_4
/* Function without memory leak */
#include <stdlib.h>;
void f()
{
int *ptr = (int *) malloc(sizeof(int));
/* Do some work */
free(ptr);
return;
}
The toupper() function works on most libc implementations by searching for
the correct answer in a lookup table. Several libcs don’t handle a negative argument
correctly and index behind the table in memory. The following definition of
toupper() isn’t uncommon:
int toupper(int c)
{
return _toupper_tab[c];
}
Say you do something like this:
void upperize(char *str)
{
while (*str)
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
{
*str = toupper(*str);
str++;
}
}
If you have a libc implementation that doesn’t have a robust toupper() function, you could end up
making some strange changes to your string. If one of the characters is -1, it gets converted to an integer
with the value -1, and the toupper() function indexes behind its table in memory.
b) All frameworks must have programmed programming refreshes empowered for framework patches
discharged from their particular sellers. Security patches must be introduced inside one month of
discharge from the separate seller and need to pursue the procedure as per change control process.
No single individual ought to have the capacity to actualize changes to the creation data frameworks
without the endorsement of other approved work force.
Risk demonstrating takes a gander at a framework from a foe's point of view to envision security
assaults and depends on the reason that a foe can't assault a framework without a methods for
providing it with information or generally cooperating with it. Archiving the framework's entrance
focuses, i.e., interfaces it has with the remainder of the world, is significant for distinguishing
conceivable vulnerabilities. Danger displaying receives an information way to deal with track the foe's
information and directions as they are handled by the framework and figure out what resources can be
undermined. Any change or activity on benefit of the information could be helpless to security dangers.
For example, a foe can imperil the application's security by straightforwardly conjuring some usefulness
or by providing the application with noxious information, e.g., by altering a design document.
The present risk demonstrating process utilizes DFDs [8], maybe in light of the fact that they are casual,
they have a graphical portrayal, and they are various leveled, along these lines supporting measured
deterioration . One substantial venture at Microsoft has more than 1,400 finished and assessed danger
demonstrating DFDs, so we required a semi-computerized way to deal with help and upgrade the
present danger demonstrating process. DFDs are normally built by advancement groups and later
surveyed by security specialists. Actually, it isn't exceptional for an engineer to create amid a security
audit meeting a DFD of how they think the framework works. By and large, the insignificant
demonstration of having application designers determine the DFD for a subsystem can make a few of its
security aws clear. Despite the fact that this methodology has discovered a noteworthy number of
security structure aws, it sucurers from the accompanying two significant issues Regardless of whether a
segment is multithreaded, and how numerous strings it is permitted to deliver. This permits concurrent
handling of solicitations. b. Regardless of whether a part has lining empowered, and the extent of the
line. For solicitations that can't be handled on the grounds that the part it occupied, it is conceivable to
determine what number of solicitations might be lined before solicitations are disposed of.
The above properties are standard properties required to direct execution investigation; we utilized
comparative properties in a lining hypothesis based way to deal with execution investigation Risk types
indicate the conceivable dangers that can influence the framework, e.g., an infection , forswearing of
Document Page
administration. Since various frameworks might be liable to various sorts of dangers, the designer must
determine each of the danger types that might be presented to the framework. For the most part,
structure choices influencing one quality property will interface with choices influencing different
characteristics The utilization of an engineering based apparatus gives advantage through (1) a
predictable interface for making and seeing the compositional model and the effect of structural choices
on measurements, for example, execution and security; (2) an adaptable combination system for Monte
Carlo reproductions as module examinations that become accessible when certain styles are utilized;
and (3) the capacity to help exchange offs between various examinations, perhaps composed by various
gatherings.
A Cybersecurity Agenda for the 45th President. (2017, January 5). Retrieved
from https://www.csis.org/news/cybersecurity-agenda-45th-president
An Examination of the Cybersecurity Labor Market. (n.d.). Retrieved
from http://www.rand.org/content/dam/rand/pubs/research_reports/RR400/RR430/RAND_RR430.pdf
Applications Now Available for City Colleges of Chicago’s New Cyber Security “Boot Camp”. (2017,
March 18). Retrieved from http://www.ccc.edu/news/Pages/Applications-Now-Available-for-City-
Colleges-of-Chicagos-New-Cyber-Security-Boot-Camp-.aspx
ApprenticeshipUSA Investments. (2017, June 22). Retrieved
from https://www.dol.gov/featured/apprenticeship/grants
Assante, M., Tobey, D. (2011, February 4). Enhancing the Cybersecurity Workforce. Retrieved
from http://ieeexplore.ieee.org/document/5708280/
chevron_up_icon
1 out of 9
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]