Security Paper -- first draft

[iago]

For my Computer Security class, we have to do a final "project" (paper).  The requirements are >=5 pages on a relevant topic.

I'm still writing it, but I thought I'd post what I have here.  I'm trying to direct it at people who don't really know this stuff (like, for instance, my professor).  So if there's anything in there I don't explain or that's too technical, please feel free to point it out.

So far, I've basically done the introduction.  It's long because I'm trying to explain the background of three major vulnerabilities (Stack overflow, Heap overflow, and Format String vulnerability).  I'm done Stack and Heap, along with example code that I partly wrote and partly copied (haven't cited source yet).  I've run it all, and it all runs great.  After I'm done outlining them, I'm going to be showing some ways that have been used to prevent them (backtracing, non-executable stack, etc) and ways to counter those (fake stack frames, returning into libc, respectively).  But that's not done (or started) yet.

The more feedback/criticism I get here, the better.  It's due in 9 days, and I'll be posting updates as I make them.

Thanks to anybody who reads it!

http://www.javaop.com/~iago/Paper.pdf

[Quik]

Very well written, and will appeal to those who do not know these things already. It gives alot of background information and examples, I like it. How advanced are you supposed to get? What about polymorphing shellcode? What's to say you don't just take crap out of The Art of Exploitation? :p

[iago]

Very well written, and will appeal to those who do not know these things already. It gives alot of background information and examples, I like it. How advanced are you supposed to get? What about polymorphing shellcode? What's to say you don't just take crap out of The Art of Exploitation? :p

Thanks!

It's a research paper, we're allowed to use papers and books all we want.  The Stack Overflow example and Shellcode are taken from Art of Exploitation, although I made changes to them.  It'll all be cited when I'm done.

I'd like to get into polymorphic and alphanumeric shellcode.  According to the guidelines, I have to do "Comparison and criticism of exisiting solutions. This is the creative part where you try to point out any of the defficiences of the existing solutions. You may suggest some combination of approaches or even new approaches which you think may work in the future. This is not a must but try your best."  When I get to that, I'm going to try to touch on all the major developments.

[Quik]

Be sure to include references to existing exploits for many distros. There are quite alot of them, some don't even require existing ssh user accounts

[rabbit]

It's not MLA format.  You're not supposed to use first or second person in formal essays/reports.

Page 9, line 3, "programs" should be "program's".
Page 13, line 11, two spaces between "does" and "nicely".
Page 13, line 11, period missing at end of sentence.

[iago]

It's not MLA format.  You're not supposed to use first or second person in formal essays/reports.

Page 9, line 3, "programs" should be "program's".
Page 13, line 11, two spaces between "does" and "nicely".
Page 13, line 11, period missing at end of sentence.

I am mimicing the style of the papers I'm basing this on.  I'll talk to my prof about whether I should stay in third person.  When I revised parts, I changed a lot of instances of you / me to "programmer" and "attacker". 

Also, the spelling and grammar aren't a major concern right now, since I plan to go back and proof read it to death.  But thanks, I'll make those changes

[iago]

Well, I asked, and she was pretty unclear about the requirements.  So, to be on the safe side, I changed it all to third person.  I also completed the section on "format string vulnerabilities" which I hope y'all enjoy because it took me all damn day

She also said that grammar wouldn't be worth marks since we have many foreign students, and the prof herself isn't natively English.  So poor grammar is forgiven.

The link is the same (http://www.javaop.com/~iago/Paper.pdf).  Let me know what you think!

[deadly7]

It confused me is all I can say.

[iago]

It confused me is all I can say.

Hmm, damn.  I tried to write it in such a way that anybody could read it and gain _something_.

Where did you get lost?

[Quik]

Seems pretty straightforward to me. The code probably confused him, or where it started talking about Linux. Keep in mind, he's not a Linux user, so it won't make sense to him. The general concepts are easy to grasp from the language, however. I think it's a quality paper, and sounds like you had fun writing it :p

[iago]

having*

There's more to do.

And yeah, the code probably doesn't totally make sense, but the code isn't 100% necessary to understand the concepts, I hope.

[deadly7]

Seems pretty straightforward to me. The code probably confused him, or where it started talking about Linux. Keep in mind, he's not a Linux user, so it won't make sense to him. The general concepts are easy to grasp from the language, however. I think it's a quality paper, and sounds like you had fun writing it :p

I'm working on it!

@iago:

page 5/19 - line 2: DISCUSSES should be DISCUSSED

like I said on AIM.
The code confused me a bit, and since you had some paragraphs talking about that, I got lost there. Mainly in the Stack Overflow part, page 8/19.. I didn't get that part. Just the first code there. The second I understood (rbowes@tank :-$ StackVuln `perl -e 'print "HELLOx200"'` I understood)
Just to clarify: UID is User ID, right?

[iago]

Yes, UID is User ID

[rabbit]

I don't use Linux, but I found it easy to read, but that's probably because I understand x86 and C