SWE210 Software Security Week 3

These flashcards cover key terms and concepts related to memory management and various forms of security attacks, including examples and definitions.

Memory Management

The function of an operating system to control and coordinate computer memory.

Process

An instance of a program being executed, including its current state and memory allocation.

Memory Segments

Different parts of memory allocated for a process, such as code, data, heap, and stack.

Text Segment

Also known as the code segment, it contains executable instructions.

Data Segment

Stores global and static variables initialized by the program.

Stack

A segment of memory that stores temporary variables and function call information in a last-in-first-out manner.

Heap

Area of memory used for dynamic allocation at runtime.

Memory Injection Attack

A method where an attacker injects malicious code into the memory of a running process.

Array Indexing

Accessing elements of an array using an index.

Pointer Subterfuge

Overwriting a pointer so it refers to unexpected data.

ARC Injection

Overwriting a function pointer to change which function gets executed.

Stack

An abstract data type for the ordered storage of data elements, supporting operations push and pop.

Last-In-First-Out (LIFO)

A method of accessing data where the last element added is the first one to be removed.

Activation Records

Data structures on the call stack that contain information about a function call.

Stack Overflow

Occurs when too much memory is used on the call stack, potentially leading to program crashes.

Stack Smashing

Exploitation of a buffer overrun vulnerability in the stack.

Heap Smashing

Overwriting a buffer on the heap which can lead to arbitrary code execution.

Dynamic Memory Allocation

The process of allocating memory during runtime for managing data structures.

Memory Control Block (MCB)

Data structure associated with a memory chunk that contains its size and status.

Buffer Overflow

When data exceeds the allocated space in a buffer, leading to potential security vulnerabilities.

Mitigation Techniques

Methods used to enhance security and protect against memory attacks.

Bounds Checking

Validation of input to ensure it doesn’t exceed the limits of an array.

Local Variables

Variables that are declared within a function and can only be used within that function.

Global Variables

Variables that are declared outside all functions and can be accessed throughout the program.

Function Pointer

A pointer that points to the address of a function, allowing for dynamic function calls.

Recursive Function

A function that calls itself to solve a smaller instance of the same problem.

Return Address

The memory address to which control is returned after a function call.

Null Termination

A technique for indicating the end of a string in memory.

Safe Copying

Techniques employed to ensure data is copied without exceeding allocated memory.

Input Validation

The process of ensuring that user input is correct before it is processed.

Security Vulnerability

A weakness in a system that can be exploited by attackers to gain unauthorized access.

Kernel Space

Part of system memory where the kernel executes and provides its services.

User Space

Memory area where user processes execute.

Malicious Code

Self-replicating or harmful scripts intended to damage or disrupt systems.

Static Allocation

Memory allocation that occurs at compile-time, where size is fixed.

Dynamic Allocation

Memory allocation that occurs at runtime, allowing size to change.