CSE127, Computer Security - Control Flow Vulnerabilities and Buffer Overflows

These flashcards cover key terms and concepts from the CSE127 lecture on computer security, specifically focusing on control flow vulnerabilities and buffer overflows.

Control Flow Integrity

A security property that ensures the control flow of a program is not deviated from its intended path.

Buffer Overflow

An anomaly that occurs when a program writes data beyond the boundary of a buffer, potentially leading to arbitrary code execution.

Weird Machine

A term for unintended functionality that arises when software reacts to unexpected input, often exploited by attackers.

Stack Pointer (ESP)

A special CPU register that points to the top of the stack, used during function calls and local variable storage.

Return Address

The address in memory where the execution of a program should resume after a function call is completed.

Unsafe String Functions

Functions like strcpy() and gets() in C that do not perform bounds checking and can lead to buffer overflows.

Shellcode

A small piece of code used as the payload in the exploitation of a software vulnerability, typically to spawn a shell.

Arbitrary Code Execution

A vulnerability that allows an attacker to execute arbitrary commands on a host machine.

Function Call Stack

A data structure that tracks active function calls in a program, managing their local variables and return addresses.

Control Data

Information in a program that directs the flow of control and can become a target for attacks that exploit buffer overflows.