TY - GEN
T1 - Mitigating use-after-free attack using library considering size and number of freed memory
AU - Ban, Yuya
AU - Yamauchi, Toshihiro
PY - 2018/12/26
Y1 - 2018/12/26
N2 - Use-after-free (UAF) vulnerabilities, are abused by exploiting a dangling pointer that refers to a freed memory, location and then executing arbitrary code. Vulnerabilities are caused by bugs in software programs, particularly large scale programs such as browsers. We had previously proposed HeapRevolver, which prohibits freed memory area from being reused for a certain period. HeapRevolver on Windows uses the number of freed memory areas that are prohibited for reuse as a trigger to release the freed memory area. Alternatively, HeapRevolver uses the number of the freed memory areas as a threshold for releasing freed memory. However, when the size of individual freed memory area is large, HeapRevolver on Windows increases the memory overhead. In this paper, we propose an improved HeapRevolver for Windows considering the size and number of the freed memory areas. The improved HeapRevolver prohibits the reuse of a certain number of freed memory areas at a given time by considering the size and number of freed memory areas as thresholds. Evaluation results demonstrate that the improved HeapRevolver can prevent attacks that exploit UAF vulnerabilities. Particularly, when the size of individual freed memory area is small in a program, HeapRevolver is effective in decreasing the attack success rate.
AB - Use-after-free (UAF) vulnerabilities, are abused by exploiting a dangling pointer that refers to a freed memory, location and then executing arbitrary code. Vulnerabilities are caused by bugs in software programs, particularly large scale programs such as browsers. We had previously proposed HeapRevolver, which prohibits freed memory area from being reused for a certain period. HeapRevolver on Windows uses the number of freed memory areas that are prohibited for reuse as a trigger to release the freed memory area. Alternatively, HeapRevolver uses the number of the freed memory areas as a threshold for releasing freed memory. However, when the size of individual freed memory area is large, HeapRevolver on Windows increases the memory overhead. In this paper, we propose an improved HeapRevolver for Windows considering the size and number of the freed memory areas. The improved HeapRevolver prohibits the reuse of a certain number of freed memory areas at a given time by considering the size and number of freed memory areas as thresholds. Evaluation results demonstrate that the improved HeapRevolver can prevent attacks that exploit UAF vulnerabilities. Particularly, when the size of individual freed memory area is small in a program, HeapRevolver is effective in decreasing the attack success rate.
KW - Dangling pointer
KW - Memory allocation
KW - Security
KW - Use-After-Free
UR - http://www.scopus.com/inward/record.url?scp=85061448830&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85061448830&partnerID=8YFLogxK
U2 - 10.1109/CANDARW.2018.00080
DO - 10.1109/CANDARW.2018.00080
M3 - Conference contribution
AN - SCOPUS:85061448830
T3 - Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018
SP - 398
EP - 404
BT - Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 6th International Symposium on Computing and Networking Workshops, CANDARW 2018
Y2 - 27 November 2018 through 30 November 2018
ER -