このエントリーをはてなブックマークに追加
ID 60838
FullText URL
nss2016.pdf 324 KB
Author
Yamauchi, Toshihiro Graduate School of Natural Science and Technology, Okayama University ORCID Kaken ID publons researchmap
Ikegami, Yuta Graduate School of Natural Science and Technology, Okayama University
Abstract
Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited using a dangling pointer that refers to a freed memory. Various methods to prevent UAF attacks have been proposed. However, only a few methods can effectively prevent UAF attacks during runtime with low overhead. In this paper, we propose HeapRevolver, which is a novel UAF attack-prevention method that delays and randomizes the timing of release of freed memory area by using a memory-reuse-prohibited library, which prohibits a freed memory area from being reused for a certain period. In this paper, we describe the design and implementation of HeapRevolver in Linux and Windows, and report its evaluation results. The results show that HeapRevolver can prevent attacks that exploit existing UAF vulnerabilities. In addition, the overhead is small.
Keywords
Use-after-free (UAF) vulnerabilities
UAF attack-prevention
Memory-reuse-prohibited library
System security
Note
Part of the Lecture Notes in Computer Sciencebook series (LNCS, volume 9955)
Published Date
2016-09-21
Publication Title
Network and System Security(NSS)
Volume
volume2016
Publisher
Springer
Start Page
219
End Page
234
ISBN
978-3-319-46297-4
Content Type
Conference Paper
Related Url
isVersionOf https://doi.org/10.1007/978-3-319-46298-1_15
language
英語
File Version
author
DOI
Web of Science KeyUT