From the course: Threat Modeling: Denial of Service and Elevation of Privilege
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Memory safety as a defensive tool
From the course: Threat Modeling: Denial of Service and Elevation of Privilege
Memory safety as a defensive tool
- [Instructor] Memory safety is a useful tool for defenders. Many attacks that elevate privileges do that by gaining control of the flow of execution. Attackers can do that by putting JavaScript into your context, injecting SQL commands wherever your code expects data, by breaking up shell commands, or by writing directly into the processor stack. These attacks take advantage of a problem called code data confusion, but preventing it is only a subset of what memory safety gives you. The C language is notorious for how easy it is to shoot yourself in the foot. There's all sorts of things that modern languages take care of, but in C, you as the developer have to manage them all. These include the physical size of variables and their arrangement in memory. There's a whole skill of exploit development, but what I want to make sure you understand is simply that if an attacker can unexpectedly control a single bit of memory…
Contents
-
-
-
-
-
-
-
-
Ways to defend against EOP1m 10s
-
Validation to defend against elevation1m 32s
-
Validate for purpose to prevent elevations1m 56s
-
Validation not sanitization for defense1m 13s
-
Attenuation in defense2m 14s
-
Memory safety as a defensive tool2m 1s
-
Stack canaries to protect your code2m 20s
-
Sandboxes and isolation protect your environment2m 8s
-
Bolt-on or built-in defenses1m 26s
-
-