Often, people wonder just how someone or some program is able to take control of a computer. I know I do at least. One common way this is accomplished is through a buffer overflow attack. While a computer program is running, it will often make a call to a function within the code. Essentially, this function is a piece of code that can be called more than once, and uses different data each time. This saves a programmer time because it provides an outline of sorts. Suppose a program is required to calculate the interest earned in a bank account for a large number of accounts. Rather than writing the same formula over and over, relevant information is passed into the function and the answer is returned. When the function is actually called, a run time stack is used, much like a stack of cards. All local data relevant to the function is placed on the top of the stack, along with the address of where to return to after the function completes its execution, because the program has to return to the same spot once the function is completed. All of the data is popped off of the stack when the function is finished, with the return address being the last piece.
There are two main types of buffer overflow attacks: a variable attack and a stack attack. A variable attack is when a key variable, or piece of information, is changed. Using the interest program as an example, an attacker may be interested in changing the current balance on the account. The program expects a certain type of information to be uploaded, and allocates space for that type of variable. Memory is concurrent, meaning that there is no space between different variables. More information than the program expects is uploaded, so the information overflows into the next allocated block of space, changing its value.
A stack attack uses a similar approach as a variable attack, however rather than changing the value of key variable it changes the return address. Once the return address is changed, the program does not return to the same spot it was before, but rather returns to the beginning of a piece of inserted malicious code and executes that. Thus the user is expecting to run a program, but a different piece of code is executed, allowing the attacker to take control of the computer.
No comments:
Post a Comment