compiler techniques Flashcards

1
Q

Vulnerability:

A

A weakness which allows an attacker to reduce a system’s information
assurance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Exploit:

A

A technique that takes advantage of a vulnerability, and used by the attacker
to attack a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Payload:

A

A custom code that the attacker wants the system to execute

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

are there increased vulnerabilities per year

A

yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what is the significance of Vulnerabilities

A

Taking longer time to remediate

Huge financial and business cost

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what are memory safety violations

A

buffer overflows and over reads

dangling pointers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what are input validation errors

A

format string attacks
SQL injection
code injection
cross site scripting in web apps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

what are race conditions

A

time-to-check-to-time-of-use bugs

Symlink races

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

what are privilege confusion bugs

A

cross site request foregery in web apps
clickjacking
ftp bounce attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what is privilege escalation

A

privilege escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

what is a side channel attack

A

timing attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

adware

A

Display unwanted

advertisement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Ransomware

A

Block user’s data

until a ransom is paid.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Spyware

A

gather information
about the user and
send it to attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Crimeware

A

designed
specifically to
automate
cybercrime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Worms

A

Propagate to different
computers without
user intervention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Viruses

A

Propagate to different
computers. Needs to
be triggered by a user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Trojans

A

Pretend to do
something useful,
but mask malicious
behaviors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Rootkits

A

Obtains root
privileges to
compromise
the computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Backdoor

A

Allow a remote
party to gain access
to the computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Why is C good

A

One of the most common language
 Used in many implementations of operating systems, compilers and system
libraries
 More efficient compared to other high-level languages, like Java and C#.

22
Q

Why is C baed

A

A major source of software bugs:
 Mainly due to more flexible handling of pointers/references.
 Lack of strong typing;
 Manual memory management. Easier for programmers to make mistakes.

23
Q

char

A

(8-bit): characters

24
Q

int

A

(16-bit or 32-bit): signed integers.
 For 32-bit int, value range is −2^31 − 1, 2^31 (one bit reserved for
representing ‘sign’).

25
long
(32-bit or 64-bit): signed integers. |  For 64-bit long, value range is −2^63 − 1, 2^63
26
float
(32-bit): single precision floating points
27
double
(64-bit): double precision floating points
28
pointer
``` Contain memory addresses.  Syntax: add “*” to the type name.  E.g., int* denotes a type which is a pointer to a memory location containing data of type int.  int* x is the same as int *x ```
29
&
Get the memory location of a variable
30
Array
The name of the array is a pointer |  For a n-element array, index starts at 0 and ends at 𝑛-1
31
String
An array of char’s  A string must end with a NULL (or `\0’). So an array of char with length 𝑛 can hold only strings of length 𝑛−1. (The last character in the array is reserved for NULL.)
32
char* strcpy (char* dest, char* src)
Copy string src to dest  No checks on whether either or both arguments are NULL.  No checks on the length of the destination string.
33
int strlen (char* str)
Return the length of the string st
34
char* strcat (char* dest, char* src)
Append the string src to the end of the string dest.
35
malloc
Allocates a block of memory  Takes one argument specifying the size (in bytes) of the memory block to be allocated.  If successful, pointer to the memory block is returned; otherwise, the NULL value is returned
36
Memory layout (for many languages)
code area static data stack heap
37
Code area
: fixed size and read only
38
Static data
: statically allocated data |  variables/constants
39
Stack:
parameters and local variables of methods as they are invoked  Each invocation of a method creates one frame (activation record) which is pushed onto the stack
40
 Heap
: dynamically allocated data  class instances/data array  Stack and heap grow towards each other
41
Stack in depth
Store local variables (including method parameters) and intermediate computation results A stack is subdivided into multiple frames:  A method is invoked: a new frame is pushed onto the stack to store local variables and intermediate results for this method;  A method exits: its frame is popped off, exposing the frame of its caller beneath it
42
Inside a frame for one function
``` Two pointers:  BP: base pointer. Fixed at the frame base  SP: stack pointer. Current pointer in frame A frame consists of the following parts:  Function parameters  Return address of the caller function  When the function is finished, execution continues at this return address  Stack pointer of the caller function  Local variables  Intermediate operands  dynamically grows and shrinks ```
43
what is buffer overflow
More input are placed into a buffer than the capacity allocated, overwriting other information
44
what If the buffer is on stack, heap, global data, overwriting adjacent memory locations:
 corruption of program data  unexpected transfer of control  memory access violation  execution of code chosen by attacker
45
name the common buffer overflow attack mechanisms
1988 Morris Worm  2001 Code Red  2003 Slammer  2004 Sasser
46
what is the problem with strcpy
does not check boundaries
47
what is stack smashing
(1) Inject the malicious code into the memory of the target program  (2) Find a buffer on the runtime stack of the program, and overwrite the return address with the malicious address.  (3) When the function is completed, it jumps to the malicious address and runs the malicious code.
48
How to set the malicious return address?
Need the absolute address of malicious code, which is sometimes infeasible.  Guess the return address.  Incorrect address can cause system crash  Unmapped address, protected kernel code, data segmentation Improve the guess chance  Insert many NOP instructions before the malicious code  NOP: does nothing but advancing to the next instruction
49
Injecting ShellCode
The worst thing the attacker can do  Run any command he wants  Run a shellcode: a program whose only goal is to launch a shell  Convert shellcode from C to assembly code, and then store binary to a buffer
50
Morris Worm
History  Released on 2 November 1988 by Robert Tappan Morris, a graduate student at Cornell University  Launched from the computer system of MIT, trying to confuse the public that this is written by MIT students, not Cornell.  Buffer overflow in sendmail, fingerd network protocol, rsh/rexec, etc. Impact  ~6,000 UNIX machines infected (10% of computers in Internet)  Cost: $100,000 - $10,000,000 Morris’ life  Tried and convicted of violation of Computer Fraud and Abuse Act.  Sentenced to three years' probation, 400 hours of community service, and a fine of $13,326  Had to quit PhD at Cornell. Completed PhD in 1999 at Harvard.  Became a tenured professor at MIT in 2006. Elected to the National Academy of Engineering in 2019
51
Following Morris Worm
Code Red (2001)  Targeting Microsoft's IIS web server. Affected 359,000 machines in 14 hours SQL Slammer (2003)  Targeting Microsoft's SQL Server and Desktop Engine database. Affected 75,000 victims in 10 minutes Sasser (2005)  Targeting LSASS in Windows XP and 2000. Affected around 500,000 machines  Author: 18-year-old German Sven Jaschan. Received 21-month suspended sentence Conficker (2008)  Targeting Windows RPC. Affected around 10 million machines Stuxnet (2010)  Targeting industrial control systems, and responsible for causing substantial damage to the nuclear program of Iran Flame (2012)  Targeting cyber espionage in Middle Eastern countries