A Framework for Effective Defense against Use-after-Free Vulnerabilities in Software

Abstract

System software and applications written in C/C++ are notoriously prone to memory corruptions. With significant research efforts devoted to this area of study, the security threats posed by previously popular vulnerabilities like stack and heap overflows are not as serious as before. However, we have seen the meteoric rise of attacks exploiting use-after-free (UaF) vulnerabilities in recent years, which root in pointers pointing to freed memory (i.e., danglingpointers). Although various approaches have been proposed to harden software against UaF, none of them can achieve robustness and efficiency at the same time. Moreover, UaF vulnerabilities triggered in production runs are quite difficult to debug. In this project, we propose a novel defense framework that guarantees protection against UaF exploits with trivial overhead and pinpoints the root-causes of UaF vulnerabilities at the cost of one safe crash. The key feature of our framework is to proactively neutralize all dangling pointers via concurrent threads. To accomplish this feature, we first introduce the concept of shadow heap that can efficiently track pointer locations and point-to relationships, and then propose concurrent pointer neutralization that guarantees the correctness of our framework while avoiding stalling application threads. Pointer neutralization also enables efficient object lineage tracking, which can help to pinpoint the root-causes of UaF vulnerabilities. We will implement a prototype of our framework and validate its effectiveness and efficiency to be deployed in real scenarios. We expect the results of this project to enable transformative rethinking of the current memory vulnerability issues in software beyond traditional detection and prevention techniques. Our proposed techniques will be disseminated to industry and academia through open-source tools and high-quality publications.

Document Details

Document Type
DoD Grant Award
Publication Date
Mar 11, 2020
Source ID
N000142012153

Entities

People

  • Haining Wang

Organizations

  • Office of Naval Research
  • United States Navy
  • Virginia Tech

Tags

Fields of Study

  • Computer science

Readers

  • Distributed Systems and Data Platform Development
  • Marksmanship and Weaponry.
  • Parallel and Distributed Computing.