TY - GEN
T1 - Heaprevolver
T2 - 10th International Conference on Network and System Security, NSS 2016
AU - Yamauchi, Toshihiro
AU - Ikegami, Yuta
N1 - Funding Information:
This research was partially supported by Grant-in-Aid for Scientific Research 16H02829.
Publisher Copyright:
© Springer International Publishing AG 2016.
PY - 2016
Y1 - 2016
N2 - Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited using a dangling pointer that refers to a freed memory. Various methods to prevent UAF attacks have been proposed. However, only a few methods can effectively prevent UAF attacks during runtime with low overhead. In this paper, we propose HeapRevolver, which is a novel UAF attack-prevention method that delays and randomizes the timing of release of freed memory area by using a memory-reuse-prohibited library, which prohibits a freed memory area from being reused for a certain period. In this paper, we describe the design and implementation of HeapRevolver in Linux and Windows, and report its evaluation results. The results show that HeapRevolver can prevent attacks that exploit existing UAF vulnerabilities. In addition, the overhead is small.
AB - Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited using a dangling pointer that refers to a freed memory. Various methods to prevent UAF attacks have been proposed. However, only a few methods can effectively prevent UAF attacks during runtime with low overhead. In this paper, we propose HeapRevolver, which is a novel UAF attack-prevention method that delays and randomizes the timing of release of freed memory area by using a memory-reuse-prohibited library, which prohibits a freed memory area from being reused for a certain period. In this paper, we describe the design and implementation of HeapRevolver in Linux and Windows, and report its evaluation results. The results show that HeapRevolver can prevent attacks that exploit existing UAF vulnerabilities. In addition, the overhead is small.
KW - Memory-reuse-prohibited library
KW - System security
KW - UAF attackprevention
KW - Use-after-free (UAF) vulnerabilities
UR - http://www.scopus.com/inward/record.url?scp=84989931385&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84989931385&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-46298-1_15
DO - 10.1007/978-3-319-46298-1_15
M3 - Conference contribution
AN - SCOPUS:84989931385
SN - 9783319462974
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 219
EP - 234
BT - Network and System Security - 10th International Conference, NSS 2016, Proceedings
A2 - Yung, Moti
A2 - Chen, Jiageng
A2 - Su, Chunhua
A2 - Piuri, Vincenzo
PB - Springer Verlag
Y2 - 28 September 2016 through 30 September 2016
ER -