Mitigating use-after-free attack using library considering size and number of freed memory

TY - GEN

T1 - Mitigating use-after-free attack using library considering size and number of freed memory

AU - Ban, Yuya

AU - Yamauchi, Toshihiro

PY - 2018/12/26

Y1 - 2018/12/26

N2 - Use-after-free (UAF) vulnerabilities, are abused by exploiting a dangling pointer that refers to a freed memory, location and then executing arbitrary code. Vulnerabilities are caused by bugs in software programs, particularly large scale programs such as browsers. We had previously proposed HeapRevolver, which prohibits freed memory area from being reused for a certain period. HeapRevolver on Windows uses the number of freed memory areas that are prohibited for reuse as a trigger to release the freed memory area. Alternatively, HeapRevolver uses the number of the freed memory areas as a threshold for releasing freed memory. However, when the size of individual freed memory area is large, HeapRevolver on Windows increases the memory overhead. In this paper, we propose an improved HeapRevolver for Windows considering the size and number of the freed memory areas. The improved HeapRevolver prohibits the reuse of a certain number of freed memory areas at a given time by considering the size and number of freed memory areas as thresholds. Evaluation results demonstrate that the improved HeapRevolver can prevent attacks that exploit UAF vulnerabilities. Particularly, when the size of individual freed memory area is small in a program, HeapRevolver is effective in decreasing the attack success rate.

AB - Use-after-free (UAF) vulnerabilities, are abused by exploiting a dangling pointer that refers to a freed memory, location and then executing arbitrary code. Vulnerabilities are caused by bugs in software programs, particularly large scale programs such as browsers. We had previously proposed HeapRevolver, which prohibits freed memory area from being reused for a certain period. HeapRevolver on Windows uses the number of freed memory areas that are prohibited for reuse as a trigger to release the freed memory area. Alternatively, HeapRevolver uses the number of the freed memory areas as a threshold for releasing freed memory. However, when the size of individual freed memory area is large, HeapRevolver on Windows increases the memory overhead. In this paper, we propose an improved HeapRevolver for Windows considering the size and number of the freed memory areas. The improved HeapRevolver prohibits the reuse of a certain number of freed memory areas at a given time by considering the size and number of freed memory areas as thresholds. Evaluation results demonstrate that the improved HeapRevolver can prevent attacks that exploit UAF vulnerabilities. Particularly, when the size of individual freed memory area is small in a program, HeapRevolver is effective in decreasing the attack success rate.

KW - Dangling pointer

KW - Memory allocation

KW - Security

KW - Use-After-Free

UR - http://www.scopus.com/inward/record.url?scp=85061448830&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85061448830&partnerID=8YFLogxK

U2 - 10.1109/CANDARW.2018.00080

DO - 10.1109/CANDARW.2018.00080

M3 - Conference contribution

AN - SCOPUS:85061448830

T3 - Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018

SP - 398

EP - 404

BT - Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018

PB - Institute of Electrical and Electronics Engineers Inc.

ER -