A Framework for Effective Defense against Use-after-Free Vulnerabilities in Software

Abstract

System software and applications written in C/C++ are notoriously prone to memory corruptions. With significant research efforts de"voted to this area of study, the security threats posed by previously popular vulnerabilities like stack and heap overflows are not"" as serious as before. However, we have seen the meteoric rise of attacks exploiting use-after-free (UaF) vulnerabilities in recent"" years, which root in pointers pointing to freed memory (i.e., dangling pointers). Although various approaches have been proposed t""o harden software against UaF, none of them can achieve robustness and efficiency at the same time. Moreover, UaF vulnerabilities t""riggered in production runs are quite difficult to debug. In this project, we propose a novel defense framework that guarantees pro"tection against UaF exploits with trivial overhead and pinpoints the root-causes of UaF vulnerabilities at the cost of one safe crash.The key feature of our framework is to proactively neutralize all dangling pointers via concurrent threads. To accomplish this f"eature, we first introduce the concept of shadow heap that can efficiently track pointer locations and point-to relationships, and t"hen propose concurrent pointer neutralization that guarantees the correctness of our framework and validate its effectiveness and efficiency to be deployed in real scenarios. We expect the results of this software beyond traditional detection and prevention techniques. Our proposed techniques will be disseminated to industry and academia through open-source tools and high-quality publications.

Document Details

Document Type

DoD Grant Award

Publication Date

May 05, 2017

Source ID

N000141712485

Entities

Tags