Prompt for "Smashing the Stack for Fun and Profit"

Due on Wednesday, October 27 by 11:59pm

Write a technical paper review, and in your discussion, please address the following questions.

  1. What security guarantees does this attack violate? Start by thinking about what guarantees a programming language might provide.
  2. The paper shows example1.c’s assembly output for making a call to function on an x86 instruction set architecture. In this class, we will be using Raspberry Pi Zero computers which use the ARMv6 instruction set architecture. Follow Aleph One’s example and produce assembly output for example1.c on your Raspberry Pi. Can you find the equivalent ARM instructions that call function? Refer to the ARM instruction summary to find the meaning of ARM instruction mnemonics, and the ARM calling standard for register names.
  3. This attack concerns itself with stack-based buffer overflows. Do you think that overflowing heap-allocated buffers can lead to the same results? Why or why not?

Turn-in instructions: commit your response to your reading responses Github repository. Please use the LaTeX template supplied in your repository. Be sure to turn in both your source .tex file and a compiled .pdf file.

You can generate a PDF from the template with the command:
$ pdflatex reading05.tex
_Please_ be sure to name your generated PDF `reading05.pdf`. You will need to install TeXLive on your personal computer to build LaTeX documents: macOS, Windows, Linux. CS Lab machines already have TeXLive installed.
  • CSCI 331: Introduction to Computer Security, Fall 2021

CS 331 course website

Powered by Bootstrap 4 Github Pages