redteamexercisegroup5.docVIP

Red Team Exercise: Group 5 Russell Clarke, David Dorwin, Jason Fisher, Robert Nash, Daryl Sterling This report outlines the “buffer overflow” attack exercise completed by Red Team 5 and discusses that exercise’s implications for cyber and homeland security. Part I of the report describes, in layman’s terms, the vulnerabilities, exploitation techniques, and possible defenses associated with the type of attack mounted by Red Team 5. Part II discusses the value of the damage that attacks, such as the one Red Team 5 carried out, could cause to private home computers, corporate computers, and computers relating to securities exchanges. Part III analyzes the value terrorist organizations may derive from similar attacks, focusing, in particular on the scalability of such attacks, how feasible it is for terrorists to conduct such attacks, and whether such cyber attacks would aid terrorists in achieving their aims. Part IV of the report evaluates the cost of defending against buffer overflow attacks, examining the cost-effectiveness of, incentives for using, and policy options for promoting possible defenses. I. Red Team 5 mounted a stack-based buffer overflow attack, a form of indirect cyber attack that takes advantage of implementation and management errors by exploiting a buffer overflow vulnerability on a host at the University of California, San Diego (UCSD). The Team did so in order to gain “root privilege” that would allow it to execute any command and access any file on that host. The vulnerability exploited was a design flaw in the operating system that assumes that when a program executes it will be deterministically loaded at a specific address on each step of execution. Team 5 exploited the vulnerability by feeding a program on the host (“target1”) a specifically crafted input content (generated by stacksmash.c) designed to overflow the allocated data storage buffer and change the data that follows the buffer in memory. In other words, the Team used st