Description
As computing evolves and libraries are produced for developers to create efficientsoftware at a faster rate, the security of a modern program is an area of great concern
because complex software breeds vulnerabilities. Due to the criticality of computer
systems security, cybersecurity education must maintain pace with the rapidly evolving
technology industry.
An example of growth in cybersecurity education can be seen in Pwn.college – a
publicly available resource composed of modules that teach computer systems security.
In reaction to the demand for the expansion of cybersecurity education, the pwn.college
developers designed a new set of modules for a course at Arizona State University and
offered the same modules for public use. One of these modules, the “babyfile” module,
was intended to focus on the exploitation of FILE structures in the C programming
language. FILE structures allow for fast and efficient file operations. Unfortunately, FILE
structures have severe vulnerabilities which can be exploited to attain elevated privileges
for reading data, writing data, and executing instructions.
By researching the applications of FILE structure vulnerabilities, the babyfile
module was designed with twenty challenges that teach pwn.college users how to exploit
programs by misusing FILE structures. These challenges are sorted by increasing
difficulty and the intended solutions utilize all the vulnerabilities discussed in this paper.
In addition to introducing users to exploits against FILE structures, babyfile also
showcases a novel attack against the virtual function table, which is located at the end of
a FILE structure.
Details
Title
- Preparing an Educational Module on File Pointer Exploitation in C
Contributors
- Ratliff, Derek Michael (Author)
- Shoshitaishvili, Yan (Thesis advisor)
- Wang, Fish (Committee member)
- Bao, Tiffany (Committee member)
- Arizona State University (Publisher)
Date Created
The date the item was original created (prior to any relationship with the ASU Digital Repositories.)
2023
Resource Type
Collections this item is in
Note
- Partial requirement for: M.S., Arizona State University, 2023
- Field of study: Computer Science