Proceedings Article10.1145/3243734.3243826
A Robust and Efficient Defense against Use-after-Free Exploits via Concurrent Pointer Sweeping
Daiping Liu,Mingwei Zhang,Haining Wang +2 more
- 15 Oct 2018
- pp 1635-1648
TL;DR: A novel defense called pSweeper is presented to robustly protect against UaF exploits with low overhead, and pinpoint the root-causes of UAF vulnerabilities with one safe crash.
read more
Abstract: Applications in C/C++ are notoriously prone to memory corruptions With significant research efforts devoted to this area of study, the security threats posed by previously popular vulnerabilities, such as stack and heap overflows, are not as serious as before Instead, we have seen the meteoric rise of attacks exploiting use-after-free (UaF) vulnerabilities in recent years, which root in pointers pointing to freed memory (ie, dangling pointers) Although various approaches have been proposed to harden software against UaF, none of them can achieve robustness and efficiency at the same time In this paper, we present a novel defense called pSweeper to robustly protect against UaF exploits with low overhead, and pinpoint the root-causes of UaF vulnerabilities with one safe crash The success of pSweeper lies in its two unique and innovative design ideas, concurrent pointer sweeping (CPW) and object origin tracking (OOT) CPW exploits the increasingly available multi-cores on modern PCs and outsources the heavyweight security checks and enforcement to dedicated threads that can run on spare cores Specifically, CPW iteratively sweeps all live pointers in a concurrent thread to find dangling pointers This design is quite different from previous work that requires to track every pointer propagation to maintain accurate point-to relationship between pointers and objects OOT can help to pinpoint the root-causes of UaF by informing developers of how a dangling pointer is created, ie, how the problematic object is allocated and freed We implement a prototype of pSweeper and validate its efficacy in real scenarios Our experimental results show that pSweeper is effective in defeating real-world UaF exploits and efficient when deployed in production runs
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
UAFSan: an object-identifier-based dynamic approach for detecting use-after-free vulnerabilities
Binfa Gui,Wei Song,Jeff Huang +2 more
- 11 Jul 2021
TL;DR: UAFSan as discussed by the authors assigns a unique identifier to each newly-allocated object and its pointers, and when a pointer dereferences a memory object, it determines whether a UAF occurs by checking the consistency of their identifiers.
10
Fat Pointers for Temporal Memory Safety of C
TL;DR: This paper extends Checked C, a spatially-safe extension to C, with temporally-safe pointers by combining two techniques: fat pointers and dynamic key-lock checks, and shows that the fat-pointer solution significantly improves running time and memory overhead compared to the disjoint-metadata approach that provides the same level of protection.
Tightly Seal Your Sensitive Pointers with PACTight
Mohannad Ismail,Andrew Sieunguyen Quach,Christopher Jelesnianski,Yeongjin Jang,Changwoo Min +4 more
- 28 Mar 2022
TL;DR: This paper utilizes Pointer Authentication (PA) to build a novel scheme to completely prevent any misuse of security-sensitive pointers and proposes PACT IGHT to tightly seal these pointers.
7
Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers
TL;DR: A dynamic defense system is proposed against use-after-free exploits by introducing an approach based on multi-level pointers that insert intermediate pointers between a heap object and its related pointers and the defense capability is proved by protecting against two exploits to a real-world program.
•Proceedings Article
Preventing Use-After-Free Attacks with Fast Forward Allocation
Brian Wickman,Hong Hu,Insu Yun,Daehee Jang,Jungwon Lim,Sanidhya Kashyap,Taesoo Kim +6 more
- 01 Jan 2021
References
LLVM: a compilation framework for lifelong program analysis & transformation
Chris Lattner,Vikram Adve +1 more
- 20 Mar 2004
TL;DR: The design of the LLVM representation and compiler framework is evaluated in three ways: the size and effectiveness of the representation, including the type information it provides; compiler performance for several interprocedural problems; and illustrative examples of the benefits LLVM provides for several challenging compiler problems.
The PARSEC benchmark suite: characterization and architectural implications
Christian Bienia,Sanjeev Kumar,Jaswinder Pal Singh,Kai Li +3 more
- 25 Oct 2008
TL;DR: This paper presents and characterizes the Princeton Application Repository for Shared-Memory Computers (PARSEC), a benchmark suite for studies of Chip-Multiprocessors (CMPs), and shows that the benchmark suite covers a wide spectrum of working sets, locality, data sharing, synchronization and off-chip traffic.
Valgrind: a framework for heavyweight dynamic binary instrumentation
Nicholas Nethercote,Julian Seward +1 more
- 10 Jun 2007
TL;DR: Valgrind is described, a DBI framework designed for building heavyweight DBA tools that can be used to build more interesting, heavyweight tools that are difficult or impossible to build with other DBI frameworks such as Pin and DynamoRIO.
•Proceedings Article
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
Crispin Cowan,Calton Pu,Dave Maier,Heather Hintony,Jonathan Walpole,Peat Bakke,Steve Beattie,Aaron Grier,Perry Wagle,Qian Zhang +9 more
- 26 Jan 1998
TL;DR: StackGuard is described: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties, and a set of variations on the technique that trade-off between penetration resistance and performance.
•Proceedings Article
AddressSanitizer: a fast address sanity checker
Konstantin Serebryany,Derek Bruening,Alexander Potapenko,Dmitriy Vyukov +3 more
- 13 Jun 2012
TL;DR: The paper presents AddressSanitizer, a new memory error detector that achieves efficiency without sacrificing comprehensiveness, and has found over 300 previously unknown bugs in the Chromium browser and many bugs in other software.