Presenting Students with Buffer Overflow Vulnerability
The goal of this project is to analyze how students can apply and adapt low level computer science principles, specifically in exploiting buffer overflows in Linux operating system. Students are given an executable file with a known buffer overflow vulnerability, and a source code file with a known vulnerability. Each student must examine the memory addresses of their executable in order to calculate a payload, which will overwrite the return address in stack and will jump in a “secret” function. Each student is provided with a compiled binary executable file with a minor change of the displayed message. Once students have successfully demonstrated the buffer overflow exploit, they will need to find a protection mechanism against the buffer overflow attack they just developed. The way that students approach the problem of attacking software, as well as their strategies regarding to protect against buffer overflow attacks, will be studied in order to evaluate students’ active learning skills.