SECURITY IN COMPUTING FIETH EDITION Chapter 3: Programs and Programming 授课教师:高海波 可南中医药大学 信息管理与信息系统教研室 From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
SECURITY IN COMPUTING, FIFTH EDITION Chapter 3: Programs and Programming From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 1 授课教师:高海波 河南中医药大学 信息管理与信息系统教研室
2 Objectives for Chapter 3 Learn about memory organization, buffer overflows and relevant countermeasures Common programming bugs, such as off-by-one errors, race conditions, and incomplete mediation Survey of past malware and malware capabilities Virus detection Tips for programmers on writing code for security From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Objectives for Chapter 3 • Learn about memory organization, buffer overflows, and relevant countermeasures • Common programming bugs, such as off-by-one errors, race conditions, and incomplete mediation • Survey of past malware and malware capabilities • Virus detection • Tips for programmers on writing code for security 2 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
3 Memory Allocation High addresses Stack Heap Static data Code Low addresses From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Memory Allocation 3 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Data vs Instructions Store sum =7178 XIC0A Execute instruction Jump forward 10 bytes” Me From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Data vs. Instructions 4 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
5 Memory Organization esses Stack Heap Local Data rogram Code System Data System Code ow addresses From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Memory Organization 5 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved