SECURE CODING IN C

SECURE CODING IN C

(By team 5: 733007,13,14,40,45,62,63)

ABSTRACT:

C is a high level language developed in early 1970’s.It is a imperative system implementation language and is most popular language of all time. C has more effective concepts such as arrays , structures and pointers. It has formed basis for many other languages like C++, Java and C#. Even though C is used for developing system software, it cannot be used for real time and web applications due to lack of security.

Why do we need secure coding?

Writing a secure code is a big deal despite lot of viruses in world .Most probable solution is to use safer language like java, which runs in protected environment.But for higher performance i.e,coding in C we need to be aware of writing an unexploitable code.

Major obstacles contributing to insecure coding are:

1) Buffer overflow-smashing stack,

2) Double free attack.

A buffer overflow occurs when user tries to enter more data beyond program requirement, thereby allowing arbitrary modifications to memory. Due to the way the stack is setup, an attacker can write arbitrary code into memory.

When functions are called, both the memory to store the variables declared in the function and the memory to store the arguments to the function are pushed onto the stack as part of a "stack frame". This leads to buffer overflow.

Another more sophisticated attack, is the double free attack that affects some implementations of malloc.

The attack can happen when you call free on a pointer that has already been freed before you have reinitialized the pointer with a new memory address.

Other shortcomings encountered are

1)Structure initialization in C,

2)Random number between two integers,

3)Large arrays in C,

4)De-Begging Code before check-in,

5)and security issues in strings .

In this assignment, we deal about the above mentioned problems and how to tackle them in secure way.