Heaprevolver: Delaying and randomizing timing of release of freed memory area to prevent use-after-free attacks

Toshihiro Yamauchi, Yuta Ikegami

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited using a dangling pointer that refers to a freed memory. Various methods to prevent UAF attacks have been proposed. However, only a few methods can effectively prevent UAF attacks during runtime with low overhead. In this paper, we propose HeapRevolver, which is a novel UAF attack-prevention method that delays and randomizes the timing of release of freed memory area by using a memory-reuse-prohibited library, which prohibits a freed memory area from being reused for a certain period. In this paper, we describe the design and implementation of HeapRevolver in Linux and Windows, and report its evaluation results. The results show that HeapRevolver can prevent attacks that exploit existing UAF vulnerabilities. In addition, the overhead is small.

Original languageEnglish
Title of host publicationNetwork and System Security - 10th International Conference, NSS 2016, Proceedings
PublisherSpringer Verlag
Pages219-234
Number of pages16
Volume9955 LNCS
ISBN (Print)9783319462974
DOIs
Publication statusPublished - 2016
Event10th International Conference on Network and System Security, NSS 2016 - Taipei, Taiwan, Province of China
Duration: Sep 28 2016Sep 30 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9955 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other10th International Conference on Network and System Security, NSS 2016
CountryTaiwan, Province of China
CityTaipei
Period9/28/169/30/16

Keywords

  • Memory-reuse-prohibited library
  • System security
  • UAF attackprevention
  • Use-after-free (UAF) vulnerabilities

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Heaprevolver: Delaying and randomizing timing of release of freed memory area to prevent use-after-free attacks'. Together they form a unique fingerprint.

  • Cite this

    Yamauchi, T., & Ikegami, Y. (2016). Heaprevolver: Delaying and randomizing timing of release of freed memory area to prevent use-after-free attacks. In Network and System Security - 10th International Conference, NSS 2016, Proceedings (Vol. 9955 LNCS, pp. 219-234). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9955 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-46298-1_15