Paper Info
Title
Mitigating Use-after-Free Attack Using Library Considering Size and Number of Freed Memory
Abstract
Use-after-free (UAF) vulnerabilities, are abused by exploiting a dangling pointer that refers to a freed memory, location and then executing arbitrary code. Vulnerabilities are caused by bugs in software programs, particularly large scale programs such as browsers. We had previously proposed HeapRevolver, which prohibits freed memory area from being reused for a certain period. HeapRevolver on Windows uses the number of freed memory areas that are prohibited for reuse as a trigger to release the freed memory area. Alternatively, HeapRevolver uses the number of the freed memory areas as a threshold for releasing freed memory. However, when the size of individual freed memory area is large, HeapRevolver on Windows increases the memory overhead. In this paper, we propose an improved HeapRevolver for Windows considering the size and number of the freed memory areas. The improved HeapRevolver prohibits the reuse of a certain number of freed memory areas at a given time by considering the size and number of freed memory areas as thresholds. Evaluation results demonstrate that the improved HeapRevolver can prevent attacks that exploit UAF vulnerabilities. Particularly, when the size of individual freed memory area is small in a program, HeapRevolver is effective in decreasing the attack success rate.
Year
DOI
Venue
2018
10.1109/CANDARW.2018.00080
2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)
Keywords
Field
DocType
Security,Use-After-Free,dangling pointer,memory allocation
Reuse,Computer science,Computer network,Exploit,Dangling pointer,Memory management,Software
Conference
ISBN
Citations 
PageRank 
978-1-5386-9185-4
0
0.34
References 
Authors
5
2
Name
Order
Citations
PageRank
Yuya Ban110.73
Toshihiro Yamauchi2179.39