.pf{position:relative;background-color:#fff;overflow:hidden;margin:0;border:0}.pc{position:absolute;border:0;padding:0;margin:0;top:0;left:0;width:100%;height:100%;overflow:hidden;display:block;transform-origin:0 0;-ms-transform-origin:0 0;-webkit-transform-origin:0 0}.bi{position:absolute;border:0;margin:0}.c{position:absolute;border:0;padding:0;margin:0;overflow:hidden;display:block}.t{position:absolute;white-space:pre;font-size:1px;transform-origin:0 100%;-ms-transform-origin:0 100%;-webkit-transform-origin:0 100%;unicode-bidi:bidi-override;-moz-font-feature-settings:"liga" 0}.t:after{content:''}.t:before{content:'';display:inline-block}.t span{position:relative;unicode-bidi:bidi-override}._{display:inline-block;color:transparent;z-index:-1}.pi{display:none}.d{position:absolute;transform-origin:0 100%;-ms-transform-origin:0 100%;-webkit-transform-origin:0 100%}@media screen{.pf{margin:13px auto;box-shadow:1px 1px 3px 1px #333;border-collapse:separate}}.ff1{font-family:ff1;line-height:1.432;font-style:normal;font-weight:400;visibility:visible}.ff2{font-family:ff2;line-height:1.432;font-style:normal;font-weight:400;visibility:visible}.ff3{font-family:ff3;line-height:.941406;font-style:normal;font-weight:400;visibility:visible}.ff4{font-family:ff4;line-height:1.41;font-style:normal;font-weight:400;visibility:visible}.m0{transform:matrix(.320260,0,0,.320260,0,0);-ms-transform:matrix(.320260,0,0,.320260,0,0);-webkit-transform:matrix(.320260,0,0,.320260,0,0)}.m1{transform:matrix(1.281042,0,0,1.281042,0,0);-ms-transform:matrix(1.281042,0,0,1.281042,0,0);-webkit-transform:matrix(1.281042,0,0,1.281042,0,0)}.ls4{letter-spacing:-.1748px}.ls3{letter-spacing:-.072800px}.ls2{letter-spacing:0}.ls1{letter-spacing:.203520px}.ls0{letter-spacing:.65472px}.sc0{text-shadow:-.015em 0 transparent,0 .015em transparent,.015em 0 transparent,0 -.015em transparent}@media screen and (-webkit-min-device-pixel-ratio:0){.sc0{-webkit-text-stroke:.015em transparent;text-shadow:none}}.ws0{word-spacing:-12.27648px}.ws1{word-spacing:-12.203680px}.ws2{word-spacing:-12.101680px}.ws3{word-spacing:0}._0{margin-left:-1.23648px}._3{width:1.090880px}._1{width:45.002240px}._2{width:131.707520px}.fc1{color:#15c}.fc0{color:#000}.fs0{font-size:44.16px}.y1{bottom:0}.y2c{bottom:126.392685px}.y2b{bottom:144.988284px}.y0{bottom:160.770716px}.y2a{bottom:163.589008px}.y29{bottom:182.189731px}.y28{bottom:200.94418px}.y27{bottom:219.544903px}.y26{bottom:238.145627px}.y25{bottom:256.746351px}.y24{bottom:275.53923px}.y23{bottom:294.139954px}.y22{bottom:312.740677px}.y21{bottom:331.341401px}.y20{bottom:349.942124px}.y1f{bottom:368.696573px}.y1e{bottom:387.297296px}.y1d{bottom:405.898020px}.y1c{bottom:424.498743px}.y1b{bottom:443.253192px}.y1a{bottom:461.853916px}.y19{bottom:480.480260px}.y18{bottom:499.080983px}.y17{bottom:517.681707px}.y16{bottom:536.436155px}.y15{bottom:555.036879px}.y14{bottom:573.637602px}.y13{bottom:592.238326px}.y12{bottom:610.839050px}.y11{bottom:629.593498px}.y10{bottom:648.194222px}.yf{bottom:666.794945px}.ye{bottom:685.395669px}.yd{bottom:704.188548px}.yc{bottom:722.789272px}.yb{bottom:741.389995px}.ya{bottom:759.990719px}.y9{bottom:778.591443px}.y8{bottom:797.345891px}.y7{bottom:815.946615px}.y6{bottom:834.547338px}.y5{bottom:853.148062px}.y4{bottom:871.902510px}.y3{bottom:890.503234px}.y2{bottom:909.129578px}.h2{height:50.69568px}.h1{height:336.913932px}.h0{height:1014.58492px}.w1{width:185.751027px}.w2{width:783.997426px}.w0{width:783.997438px}.x1{left:.000012px}.x2{left:92.265726px}.x3{left:115.324474px}.x0{left:495.763086px}

CSE 127 Lecture Notes - Lecture 3: Undefined Behavior, C String Handling, Morris Worm

It does exactly what it does - no more, no less. Lets attack run the code of their choosing on your computer. Complex systems almost always contain unintended functionality. Exploit: mechanism by which an attacker triggers unintended functionality in the system. Security requires understanding both intended and unintended functionality. A bug in a software program that allows an unprivileged user capabilities that should be denied to them. Classic and important ones violate control flow integrity . Victim code is handling input that comes from across a security boundary. Simplest example: buffer overflow: anomaly that occurs when a program writes data beyond the boundary of a buffer. Basic core concept that enables a broad range of possible attacks. Many c stdlib functions make it easy to go pasy array bounds. Ex: string manipulation functions write to dest buffer until they encounter \0".

United States

Introduction to Computer Security

Computer Science and Engineering

Savage, Stefan

University of California - San Diego

Organismic and Evolutionary Biology

Computer Networks

Database Systems Applications

Introduction to Modern Cryptography

Programming Languages: Principles and Paradigms

Introduction to Artificial Intelligence: Search and Reasoning

Online Database Analytics Applications

Database System Principles

Principles of Computer Operating Systems

Introduction to Computer Architecture

Topics in Computer Science and Engineering

Computer Graphics

Rome, Christianity, and the Middle Ages

Renaissance, Reformation, and Early Modern Europe

Language, Culture, and Education

Networked Services

Software Engineering

Web Client Languages

COMP 206 Lecture Notes - Lecture 20: A.Out, C Standard Library, Environment Variable

ISM 3004 Lecture Notes - Lecture 13: Scavenger Hunt, Ransomware, Keystroke Logging

ITM 100 Lecture Notes - Lecture 10: Arp Spoofing, Packet Analyzer, Buffer Overflow

CSE 127 Lecture Notes - Lecture 3: Undefined Behavior, C String Handling, Morris Worm

Document Summary

Get access

Related Documents

COMP 206 Lecture Notes - Lecture 20: A.Out, C Standard Library, Environment Variable

ISM 3004 Lecture Notes - Lecture 13: Scavenger Hunt, Ransomware, Keystroke Logging

ITM 100 Lecture Notes - Lecture 10: Arp Spoofing, Packet Analyzer, Buffer Overflow