CSIT 460 Computer Security Flashcards6

Flashcards based on Computer Security lecture notes focusing on memory management, buffer overflows, and attack vectors.

What is a Buffer Overflow?

When a program accepts more input than it expects, causing it to overwrite memory, allowing attackers to run their own code with high privileges.

What is a Format String Attack?

When user input is directly used as a format string in functions like printf(), potentially allowing attackers to read or write memory or crash the program.

What is an Operating System (OS)?

Acts as an intermediary between users and computer hardware, managing hardware resources and coordinating software activities.

What are the main functions of an OS?

Device and resource management, program execution and multitasking, memory allocation and protection, handling interrupts, offering core services, and providing user interfaces.

What are the key OS components?

Kernel, process management, memory management, device management, file system, and user interface.

What is the Kernel?

Core part of the OS controlling hardware and system processes.

What are CPU Registers?

Fastest, smallest memory component used for buffering.

What is Main Memory (RAM)?

Volatile memory used for load/store operations, faster than disk storage.

What is Disk Storage (SSD/HDD)?

Non-volatile, slow, and cheap storage used for archiving.

What is a Buffer in the context of memory hierarchy?

Temporary data holder, such as a disk or I/O buffer.

What is a Process?

An active instance of a program being executed by the operating system, with its own memory space.

What triggers a Process Creation Request?

A system call, user action, or system event.

What happens after a Process Creation Request is triggered?

The OS allocates resources, assigns a PID, creates a PCB, allocates memory space, loads the program, and adds it to scheduling queues.

What is a Memory Address Space?

Each process has its own virtual address space.

What are the different parts of Memory Address Space?

Code Segment, Heap, Data Segment, Stack, Shared Libraries.

What is Kernel Space?

Reserved area for operating system code and data, inaccessible to user programs.

What is the Stack used for?

Stores local variables and function call information, growing and shrinking with function calls.

What is the Heap used for?

Used for dynamic memory allocation at runtime via malloc in C.

What is the BSS Segment?

Holds uninitialized global and static variables, initialized to zero by the OS.

What does the Data Segment contain?

Contains initialized global and static variables.

What does the Text Segment store?

Stores the executable program code (machine instructions).

What does PUSH do?

Adds data to the stack.

What does POP do?

Removes data from the stack.

What does CALL do?

Pushes return address and jumps to function.

What does RET do?

Pops return address and resumes execution.

How is dynamic memory allocated in Heap?

Uses malloc(), free(), new, delete, managed by the OS and memory allocator.

What happens during an Overflow?

Wraps around to the smallest value.

What happens during an Underflow?

Wraps around to the largest value.

What is one of the most common OS bugs related to buffer overflow?

The developer fails to include code that checks whether an input string fits into its buffer array.

What is the effect of a buffer overflow?

The process can operate on malicious data or execute malicious code passed in by the attacker.

What is Stack Smashing?

Overwriting the program’s call stack, often the return address, to redirect execution.

What is Heap Smashing?

Corrupting dynamic memory (heap) structures to alter program behavior or gain control.

By carefully crafting the overflow data, what can an attacker do?

An attacker can inject shellcode to spawn a shell, listen for remote connections, add unauthorized user accounts, or download and execute malware.