CS 240 Lab 10

Learning Goals & Reflection

CS 240 Lab 10

• Lab slides
• Lab notebook

Learning Goals

Core Goals

Students can:

1. Explain how assembly code creates a “stack frame” for each function call:
   1. Identify which instructions are used for saving and restoring both caller-saved and callee-saved registers.
   2. Explain the purpose of subtracting from or adding to %rsp.
   3. Based on a function’s assembly code and a memory dump of the stack, identify which instructions & memory addresses are used to:
      1. Store callee-saved registers.
      2. Store caller-saved registers.
      3. Store local variables of the function.
      4. Align the stack pointer before a function call.
      5. Restore the stack pointer and caller-saved registers before returning from the function.
      6. Restore callee-saved registers after returning from a function call.
2. Explain how a buffer overflow attack works:
   1. Explain what “buffer” means in this context.
   2. Identify one or more C standard library functions which can lead to buffer overflow vulnerabilities.
   3. Explain what it means to “overflow” a buffer.
   4. Explain why overflowing a stack-allocated buffer can allow an attacker to seize partial control of a program even if the stack is not executable.
   5. Explain how a buffer overflow can give full control to an attacker if they are allowed to execute code written on the stack.

Stretch goals

1. Explain how a buffer overflow attack works:
   1. Explain why address space randomization and stack protection help mitigate the possible damage from a buffer overflow attack.

Reflection

Fill out the CS 240 Lab 10 Reflection form to complete today’s lab reflection.