CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

A New Class of Buffer Overflow Attacks

Ashish Kundu

Ashish Kundu - IBM

Nov 28, 2012

Size: 316.8MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

Abstract

In this talk, we focus on a class of buffer overflow vulnerabilities that occur due to the "placement new" expression in C++. "Placement new" facilitates placement of an object/array at a specific memory location. When appropriate bounds checking is not in place, object overflows may occur. Such overflows can lead to stack as well as heap/data/bss overflows, which can be exploited by attackers in order to carry out the entire range of attacks associated with buffer overflow. Unfortunately, buffer overflows due to "placement new" have neither been studied in the literature nor been incorporated in any tool designed to detect and/or address buffer overflows. We would describe how the "placement new" expression in C++ can be used to carry out buffer overflow attacks -- on the stack as well as heap/data/bss. We show that overflowing objects and arrays can also be used to carry out virtual table pointer subterfuge, as well as function and variable pointer subterfuge. Moreover, we show how "placement new" can be used to leak sensitive information, and how denial of service attacks can be carried out via memory leakage.

About the Speaker

Ashish Kundu is a Research Staff Member IBM T J Watson Research Center. He works in the area of security and privacy with current focus on cloud security, and a long term vision of "end-to-end holistic security woven into the systems". Dr. Kundu was awarded the CERIAS Diamond Award in 2011. In 2010, he graduated from Purdue with Ph.D.. His doctoral thesis addressed the problem of "How to Authenticate Trees and Graphs Without Leaking". Ashish has received Best Student Paper at the IEEE Enterprise Computing conference in 2006, and three Best Research Poster awards at CERIAS symposia during 2006-2008. He has been an (co-)inventor in about twenty patents. He has also been awarded with the IBM Bravo award as well as three IBM Plateau awards for his contributions. This talk is based on the paper co-authored with his advisor Elisa Bertino and presented at ICDCS 2011.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.